Page MenuHomePhabricator

Cross domain api requests mobile beta
Closed, ResolvedPublicBUG REPORT

Description

Cross-Origin Read Blocking (CORB) blocked cross-origin response

window.mw.config.get('wbRepo') is "https://wikidata.beta.wmflabs.org" while document.location.origin is "https://m.wikidata.beta.wmflabs.org"

This came up in product testing and can be worked around by using the non-mobile domain and the useformat parameter.

Would solving this require the use of the origin interceptor in production too, or can this be overcome through configuration on mediawiki's part?

Event Timeline

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptApr 15 2019, 3:08 PM
Pablo-WMDE updated the task description. (Show Details)Apr 15 2019, 3:11 PM
Pablo-WMDE updated the task description. (Show Details)Apr 15 2019, 3:44 PM
Pablo-WMDE removed a subscriber: Aklapper.
Tarrow claimed this task.Apr 17 2019, 10:24 AM
Tarrow moved this task from To Do to Doing on the Wikidata-Termbox-Iteration-13 board.

From the screenshot and my testing looks like the request is blocked by CORS and then the the response is blocked by CORB.

As far as I can read I would expect that maybe the problem will be solved if we sort out the CORS issue. The CORB one seems like it might be an artefact of the CORS blocking given that the response has content-type application/json and this is the first of our requestted content types.

I'm hopeful fixing the CORS is all that's needed. I believe this probably needs to be done with the interceptor.

Leaving breadcrumbs:
Looks like the MobileFront end team have been poking this area not too long ago: https://gerrit.wikimedia.org/r/c/mediawiki/extensions/MobileFrontend/+/482233

Change 505768 had a related patch set uploaded (by Tarrow; owner: Tarrow):
[wikibase/termbox@master] Remove repoUrl from base url

https://gerrit.wikimedia.org/r/505768

Looks like using relative origin may be the best solution for this mimics what is being done by MobileFrontend. However this breaks the mock-entry dev setup. Perhaps the solution to this is to have the mock server proxy requests to the right place. Alternative we might end up with custom host code in the prod client that is only needed for the dev setup.

Change 505768 merged by jenkins-bot:
[wikibase/termbox@master] Remove repoUrl from base url

https://gerrit.wikimedia.org/r/505768

Lea_WMDE closed this task as Resolved.May 6 2019, 11:13 AM