Page MenuHomePhabricator
Create Task
Maniphest T231356

Access to 'https://tools.wmflabs.org' blocked by CORS on 'https://test.wikipedia.org' (Header x-wikimedia-debug not allowed)
Closed, ResolvedPublic
Actions

Description

Access to XMLHttpRequest at 'https://tools.wmflabs.org/intuition/api.php?…' from origin 'https://test.wikipedia.org' has been blocked by CORS policy: Request header field x-wikimedia-debug is not allowed by Access-Control-Allow-Headers in preflight response.

Things are fine without debug mode, but this should probably be whitelisted somewhere. I think on the Toolforge/proxy side, but not entirely sure.

See also: T211511: Fetching ORES API from en.wikipedia.org blocked in debug mode

Related Objects

Event Timeline

Krinkle created this task.Aug 27 2019, 4:46 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptAug 27 2019, 4:46 PM
zhuyifei1999 subscribed.Aug 27 2019, 6:31 PM

https://github.com/Krinkle/intuition-web/blob/master/public_html/api.php#L41 ?

Krinkle closed this task as Resolved.EditedAug 28 2019, 10:41 PM
Krinkle claimed this task.

@zhuyifei1999 Aha, thank you! Fixed now with https://github.com/Krinkle/intuition-web/commit/40ea977b7ae2.

Confirmed it no longer gets blocked with XWD on test.wikipedia.org.

I wrongly assumed it was caught by a stricter CSP rule on test.wikipedia.org compared to other wikis. But that was not the case.

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL