Page MenuHomePhabricator
Create Task
Maniphest T122488

Using data sets from another wiki for the Graph extension
Closed, ResolvedPublic
Actions

Description

See https://hu.wikipedia.org/wiki/Szerkeszt%C5%91:Tgr/graph_teszt for an attempt. This fails to CORS violations. It would be nice if there was a way to reuse datasets without copying them over.

Details

SubjectRepoBranchLines +/-
Fixed CORS issue with MW api callsmediawiki/extensions/Graphwmf/1.27.0-wmf.9+13 -8
Fixed CORS issue with MW api callsmediawiki/extensions/Graphmaster+13 -8
Customize query in gerrit

Related Objects

Event Timeline

Tgr created this task.Dec 27 2015, 9:47 PM
Tgr raised the priority of this task from to Needs Triage.
Tgr updated the task description. (Show Details)
Tgr added a project: MediaWiki-extensions-Graph.
Tgr subscribed.
Restricted Application added subscribers: StudiesWorld, Aklapper. · View Herald TranscriptDec 27 2015, 9:47 PM
Yurik subscribed.Dec 27 2015, 10:03 PM

Agreed 144% - apparently there is a CORS bug somewhere, I will check with Security.

Tgr added a comment.Dec 27 2015, 10:11 PM

Some options:

  • T91162: RFC: Shadow namespaces would be the nice solution, but it's probably not happening anytime soon.
  • just add Allow-Origin headers to action=raw requests coming from a $wgCrossSiteAJAXdomains domain. As long as authenticated CORS is not allowed, that does not seem scary.
  • CORS is already enabled for the API, meaning that the page content can be fetched by a revisions API request. That works if the data format is JSON as Vega allows specifying a path in the returned JSON object. There doesn't seem to be any way to tell Vega that something is a CSV etc. wrapped in JSON, though.
Tgr added a comment.Dec 27 2015, 10:14 PM

I don't think it's a bug per se, CORS is simply not enabled for anything other than the API (and images). For authenticated CORS, this is probably for the better (at the very least, access to Special:UserLogin should be forbidden) but basic CORS would be harmless as far as I can see.

Yurik added a comment.EditedDec 27 2015, 10:19 PM

@Tgr, it should work, but it doesn't. The "raw" can be replaced with wikiraw://www.mediawiki.org/Extension:Graph/data/us-10m-json -- the wikiraw: protocol uses API, but it doesn't yet work on server side graphoid, but it works for graph preview and interactive. Yet it still fails CORs. On the other hand, page views graph works fine, even though it makes a request to another domain: https://wikimedia.org/api/rest_v1/metrics/pageviews/per-article/en.wikipedia/all-access/user/Main_Page/daily/2015121722/2015122722

Yurik mentioned this in T98313: Graphs can leak tokens, leading to CSRF.Dec 27 2015, 10:22 PM
gerritbot subscribed.Dec 28 2015, 12:37 AM

Change 261169 had a related patch set uploaded (by Yurik):
Fixed CORS issue with MW api calls

https://gerrit.wikimedia.org/r/261169

gerritbot added a project: Patch-For-Review.Dec 28 2015, 12:37 AM
gerritbot added a comment.Dec 28 2015, 4:35 PM

Change 261200 had a related patch set uploaded (by Yurik):
Fixed CORS issue with MW api calls

https://gerrit.wikimedia.org/r/261200

gerritbot added a comment.Dec 28 2015, 4:35 PM

Change 261169 merged by jenkins-bot:
Fixed CORS issue with MW api calls

https://gerrit.wikimedia.org/r/261169

ReleaseTaggerBot added a project: MW-1.27-release (WMF-deploy-2016-01-12_(1.27.0-wmf.10)).Dec 28 2015, 5:00 PM
gerritbot added a comment.Dec 28 2015, 8:29 PM

Change 261200 merged by jenkins-bot:
Fixed CORS issue with MW api calls

https://gerrit.wikimedia.org/r/261200

Yurik added a comment.Dec 28 2015, 8:45 PM

@Tgr, i deployed a fix and updated your example. Now it does not show the graph until you click the "play' button, but than it works. I won't close this ticket until i update Graphoid to support wikiraw:// and other protocols.

ReleaseTaggerBot added a project: MW-1.27-release (WMF-deploy-2015-12-15_(1.27.0-wmf.9)).Dec 28 2015, 9:00 PM
Tgr added a comment.Dec 28 2015, 9:47 PM

Awesome, thanks!

Yurik closed this task as Resolved.Feb 22 2016, 5:06 AM

See https://www.mediawiki.org/wiki/Extension:Graph/Guide#External_Data

eranroz subscribed.Mar 18 2016, 8:11 AM

I'm unable to use dataset (JSON) from another wikipedia. (it works, but only using interactive mode)

Simple example - which is a copy of copy https://www.mediawiki.org/wiki/Extension:Graph/Demo/Map to hewiki (or other wiki, not dewiki):

  1. "url": "wikiraw://de.wikipedia.org/Modul:Graph//WorldMap-iso2.json" - FAIL
  2. "url": "wikiraw://www.mediawiki.org/Extension:Graph/Demo/RawData:WorldMap-iso2-json" - WORKS
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL