Page MenuHomePhabricator
Create Task
Maniphest T65381

interwiki forwarding doesn't work for importScript()
Closed, DeclinedPublic
Actions

Description

For example, here's a transcript from Firefox 24's Web Console on [[s:en:Help:Introduction]]:

[13:03:11.991] importScript('w:en:User:Jackmcbarn/advancedtemplatesandbox.js')
[13:03:12.029] [object HTMLScriptElement]
[13:03:12.225] GET https://en.wikisource.org/w/index.php?title=w:en:User:Jackmcbarn/advancedtemplatesandbox.js&action=raw&ctype=text/javascript [HTTP/1.1 301 Moved Permanently 156ms]
[13:03:12.728] GET https://en.wikipedia.org/wiki/en:User:Jackmcbarn/advancedtemplatesandbox.js?action=raw&ctype=text%2Fjavascript [HTTP/1.1 403 Forbidden 203ms]

In English, what happened is:

  1. I ran "importScript('w:en:User:Jackmcbarn/advancedtemplatesandbox.js')"
  2. importScript() (correctly) tried to load the script from the URL https://en.wikisource.org/w/index.php?title=w:en:User:Jackmcbarn/advancedtemplatesandbox.js&action=raw&ctype=text/javascript
  3. en.wikisource.org tried to forward that to https://en.wikipedia.org/wiki/en:User:Jackmcbarn/advancedtemplatesandbox.js?action=raw&ctype=text%2Fjavascript
  4. en.wikipedia.org rejected the resulting request, reportedly because of something bad IE does with such URLs

If en.wikisource.org would forward to https://en.wikipedia.org/w/index.php?title=User:Jackmcbarn/advancedtemplatesandbox.js&action=raw&ctype=text/javascript instead, this whole thing would actually work.

Version: unspecified
Severity: normal

Details

Reference
bz63381

Event Timeline

bzimport raised the priority of this task from to Medium.Nov 22 2014, 3:05 AM
bzimport added a project: MediaWiki-General.
bzimport set Reference to bz63381.
bzimport added a subscriber: Unknown Object (MLST).
SamB created this task.Apr 1 2014, 6:04 PM
SamB added a comment.Apr 2 2014, 12:32 AM

Oh, I forgot to mention the motivation for this to work, which is that this syntax would be more convenient to add to ~/common.js than the calls to mw.loader.load() with gigantic URLs that we have to use now.

TheDJ added a project: JavaScript.May 13 2017, 1:24 PM
TheDJ removed a subscriber: wikibugs-l-list.
Incnis_Mrsi subscribed.Dec 1 2018, 8:05 PM

Found this crap myself trying to feed an interwiki prefix to importScript – see https://commons.wikimedia.org/wiki/File:Cross-site_importScript_resulted_in_HTTP_403.png

Documented it because deemed that something broke down, but now found on MediaWiki.org that it’s not a bug but a security feature. It would be nice to see some developers (of both core and the importScript wrapper) at last.

Krinkle closed this task as Declined.Aug 5 2022, 11:02 PM
Krinkle edited projects, added MediaWiki-ResourceLoader; removed MediaWiki-General.
Krinkle subscribed.

importScript() is only for local pages. This is by design and how it has always been. To reference scripts or gadget from other wikis, use mw.loader.load() with the full canonical title=...&action=..&ctype=... URL.

Restricted Application added a project: Performance-Team. · View Herald TranscriptAug 5 2022, 11:02 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL