CORS policies should allow scripts from query.wikidata.org to edit www.wikidata.org
Closed, DeclinedPublic
Actions

Assigned To

None

Authored By

	• Jonas
	Jun 20 2016, 12:09 PM

Description

I would like to save queries from the query editor (JS) at query.wikidata.org to the query example page which is currently located on mediawiki.org, but could be easily moved to wikidata.org.

When T108101: Isolate wikidata.org cookies and CORS policies was done CORS has been disabled for nearly all sub domains. So this is not possible anymore.

What would be a good solution?

Related Objects

Mentioned In: rWDQGc517e894ce9d: Update patch set 3
rWDQGef7ac4f2458e: Update patch set 1
Mentioned Here: T108101: Isolate wikidata.org cookies and CORS policies

Event Timeline

• Jonas created this task.Jun 20 2016, 12:09 PM

Restricted Application added a project: Discovery-ARCHIVED. · View Herald TranscriptJun 20 2016, 12:09 PM

Restricted Application added subscribers: Zppix, Aklapper. · View Herald Transcript

Gehel subscribed.Jun 20 2016, 1:06 PM

• Jonas triaged this task as Medium priority.Jun 20 2016, 2:04 PM

Is it the policy on query.wikidata.org or on mediawiki.org?

Smalyshev moved this task from Incoming to GUI on the Wikidata-Query-Service board.Jun 21 2016, 8:30 PM

It is this setting https://gerrit.wikimedia.org/r/#/c/230247/2/wmf-config/CommonSettings.php,cm

I don't really understand the use case here, you want to make edits to a wikidata.org page from query.wikidata.org?

The reason is we want to make it possible to save some query from query.wikidata.org to the query example page https://www.wikidata.org/wiki/Wikidata:SPARQL_query_service/queries/examples

Why can't it be edited manually or with copy paste...?

The security loss of opening up XSS attacks seems way larger than the minor benefit you'll get unless I'm misunderstanding something?

Are you serious?
I think it is obvious that editing wikitext is and will not be the future.
We want to enable everybody to provide good examples for our service and it should also be easy to maintain the examples.

If you think the security risk is too big would OAuth be a good alternative?

Now that you mention it, I also think OAuth is probably better as it allows to attribute examples - which is good both to praise people on good ones and to contact them if the example needs some fixing.

I realize it'd probably be a bit more work, but if it's possible I think it'd be much better than anonymous editing.

@Anomie made an OAuth example in the past which may prove enlightening if you're looking to use OAuth for this: https://tools.wmflabs.org/oauth-hello-world/index.php

In T138214#2769672, @Jonas wrote:

Are you serious?

Yes...?

I think it is obvious that editing wikitext is and will not be the future.

So then don't? You can just easily have your JavaScript auto-editor run from wikidata.org as a gadget, but you have to copy/paste the sparql query.

We want to enable everybody to provide good examples for our service and it should also be easy to maintain the examples.

Okay.

If you think the security risk is too big would OAuth be a good alternative?

The security risk is that a security vulnerability in WDQS could be used to attack and takeover MediaWiki accounts. OAuth is a good alternative.

Smalyshev renamed this task from query.wikidata.org CORS policies to CORS policies should allow scripts from query.wikidata.org to edit www.wikidata.org.Mar 30 2017, 1:16 AM

• Jonas closed this task as Declined.May 3 2017, 10:40 AM

Diffusion mentioned this in rWDQGef7ac4f2458e: Update patch set 1.Jun 11 2018, 4:43 AM

Diffusion mentioned this in rWDQGc517e894ce9d: Update patch set 3.

Aklapper removed subscribers: Anomie, • Jonas.Oct 16 2020, 5:28 PM

CORS policies should allow scripts from query.wikidata.org to edit www.wikidata.orgClosed, DeclinedPublicActions

Description

Related Objects

Event Timeline

CORS policies should allow scripts from query.wikidata.org to edit www.wikidata.org
Closed, DeclinedPublic
Actions