Page MenuHomePhabricator

Fetching ORES API from en.wikipedia.org blocked in debug mode
Closed, ResolvedPublic

Description

This affects RTRC among other gadgets.

Access to XMLHttpRequest at 'https://ores.wikimedia.org/scores/enwiki/' from origin 'https://en.wikipedia.org' has been blocked by CORS policy: Request header field x-wikimedia-debug is not allowed by Access-Control-Allow-Headers in preflight response.

EDIT: I initially thought this affected all users, but this is limited to when using X-Wikimedia-Debug.

Event Timeline

Krinkle changed the visibility from "Custom Policy" to "Public (No Login Required)".

It's because of CORS blocking cross origin requests that have unknown headers (in this case x-wikimedia-debug). I can fix this.

Change 479715 had a related patch set uploaded (by Ladsgroup; owner: Ladsgroup):
[operations/puppet@production] ores: Allow cross origin requests if 'X-Wikimedia-Debug' header is sent

https://gerrit.wikimedia.org/r/479715

Change 479715 merged by Alexandros Kosiaris:
[operations/puppet@production] ores: Allow cross origin requests if 'X-Wikimedia-Debug' header is sent

https://gerrit.wikimedia.org/r/479715