Question

122

Wikipedia API + Cross-origin requests

rated 0 times [ 129] [ 7] / answers: 1 / hits: 22605 / 10 Years ago, fri, may 30, 2014, 12:00:00

I'm trying to access Wikipedia using JavaScript and CORS.

As far as I know, Wikipedia should support CORS: http://www.mediawiki.org/wiki/API:Cross-site_requests

I tried the following script: create a XMLHttpRequest+credential/XDomainRequest, add some HTTP headers ("Access-Control-Allow-Credentials", etc.) and send the query.

http://jsfiddle.net/lindenb/Vr7RS/

var WikipediaCORS=

    {

        setMessage:function(msg)

        {

            var span=document.getElementById("id1");

            span.appendChild(document.createTextNode(msg));

        },

        // Create the XHR object.

        createCORSRequest:function(url)

        {

            var xhr = new XMLHttpRequest();



            if ("withCredentials" in xhr)

            {

                xhr.open("GET", url, true);

            }

            else if (typeof XDomainRequest != "undefined")

            {

                xhr = new XDomainRequest();

                xhr.open(method, url);

            }

            else

            {

                return null;

            }

            xhr.setRequestHeader("Access-Control-Allow-Credentials", "true");

            xhr.setRequestHeader("Access-Control-Allow-Origin", "*");

            return xhr;

        },

        init:function()

        {

            var _this = this;

            var url = 'http://en.wikipedia.org/w/api.php?action=opensearch&search=Javascript&format=json';

            var xhr = this.createCORSRequest(url);

            if (!xhr)

            {

                this.setMessage('CORS not supported');

                return;

            }



            xhr.onload = function()

            {

                _this.setMessage(xhr.responseText);

            };

            xhr.onerror = function()

            {

                _this.setMessage('Woops, there was an error making the request.');

            };

            xhr.send();

        }

    };

But my script fails ('xhr.onerror' is called). How can I fix it?

Answers

Only authorized users can answer the question. Please sign in first, or register a free account.

johnnyblaynes

Add To Favorites

Follow

Total Points: 667

Total Questions: 121

Total Answers: 102

Location: Anguilla

Member since Sat, Jan 23, 2021

3 Years ago

johnnyblaynes questions

1 Error: Cannot find module 'C:\Users\rodri\nodejs_paypal\src\index.js'

Mon, Jul 18, 22, 00:00, 2 Years ago

1 React.js: Fetching Data from API with Bearer Token

Tue, Feb 22, 22, 00:00, 2 Years ago

1 How can I navigate to a nested Route in React Router Dom V6

Fri, Nov 12, 21, 00:00, 3 Years ago

1 How to programatically reduce PDF Size in Node/Javascript

Tue, May 19, 20, 00:00, 4 Years ago

1 How to set Focus on Input using Tab Key Press in Next Table Cell

Mon, Apr 20, 20, 00:00, 4 Years ago

View All

answered 10 Years ago nathalieg · Accepted Answer

CORS headers are sent to allow a requesting script to access the contents.

Wikipedia is sending the CORS, not you.

According to the comments:

Wikipedia is an exception to general rule, by requiring you to append an origin parameter to the URL you are requesting.

I think the reason behind this is related to caching. I don't know what kind of mechanism they are using, but it probably makes it easier and better for them to store a cache object and build variations that way.

More on CORS from MediaWiki API documentation:

The MediaWiki API also requires that the origin be supplied as a
request parameter, appropriately named "origin", which is matched
against the Origin header required by the CORS protocol. Note that
this header must be included in any pre-flight request, and so should
be included in the query string portion of the request URI even for
POST requests.

If the CORS origin check passes, MediaWiki will include the
Access-Control-Allow-Credentials: true header in the response, so
authentication cookies may be sent.

This means you have to send an Origin header to tell Wikipedia where you are coming from. Wikipedia is managing the access, not you.

Send this origin header:

xhr.setRequestHeader("Origin", "http://www.yourpage.com");

Access-Control-Allow-* headers are response headers, not request headers.

Wikipedia additionally requires content type json:

xhr.setRequestHeader("Content-Type", "application/json; charset=UTF-8");