Page MenuHomePhabricator
Create Task
Maniphest T390373

Web2Cit-patched Citoid extension failing because Web2Cit server does not allow api-user-agent header
Closed, ResolvedPublicBUG REPORT
Actions

Description

I've tried citing https://hrcak.srce.hr/100360 and https://hrcak.srce.hr/252765, as well as https://slobodnadalmacija.hr/mozaik/spiza/slatko/sirnice-po-stoljetnoj-komiskoj-riceti-danima-ostaju-mekane-klaudija-nam-je-otkrila-kako-ih-je-radila-njena-nona-nina-1464756

Those two sites used to work.

With Web2Cit enabled, the reference generation returns almost immediately, saying "We couldn't make a citation for you. Try another source or create one manually."

When I disable Web2Cit, at least the Citoid reference is retuned. Does that mean that any error in Web2Cit also blocks Citoid ref generation?

That's not good, especially on Wikipedias (like hrwiki) where Web2Cit is enabled for all users by default.

Related Objects

Event Timeline

Ponor created this task.Mar 29 2025, 1:03 PM
diegodlh changed the task status from Open to In Progress.Apr 1 2025, 8:00 PM
diegodlh claimed this task.
diegodlh triaged this task as Unbreak Now! priority.
diegodlh edited projects, added Web2Cit-Server; removed Web2Cit.
diegodlh added subscribers: AgusDamanik, Kerry_Raymond, diegodlh.

Thanks for reporting this.

The problem seems to be with Web2Cit user script (Web2Cit-Gadget), not affecting Web2Cit-Server.

Apparently the cause is a MediaWiki update that lets developers of gadgets and user scripts set an api-user-agent header for their outgoing requests, to identify where requests are coming from. This has been given a default MediaWiki-JS/<version> value. See T373874, https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1112339 for the details.

As a result, when the Citoid extension sends a request (either to the Citoid service or to the Web2Cit server, if patched by Web2Cit-Gadget), a preflight request is made first with Access-Control-Request-Headers header set to api-user-agent. However, because Web2Cit-Server is not expecting this, it does not respond with a corresponding access-control-allow-headers header, and the whole request fails with a "CORS missing allow header" error.

The solution seems to be updating the Web2Cit server to respond with the appropriate `access-control-allow-headers" header. I will try to implement this as soon as possible.

Note that, as mentioned in https://meta.wikimedia.org/wiki/Tech/News/2025/13, the idea would be that requests originating from user scripts or gadgets set their own api-user-agent. However, because of the way how Web2Cit-Gadget patches the Citoid extension, doing this may not be as straightforward. After all, it is still the Citoid extension, although patched, which is making the request in the end, not the user script. A separate task may be created for this.

diegodlh renamed this task from Is Web2Cit working? to Web2Cit-patched Citoid extension failing because Web2Cit server does not allow api-user-agent header.Apr 1 2025, 8:02 PM
diegodlh closed this task as Resolved.Apr 1 2025, 9:34 PM

Fixed with https://gitlab.wikimedia.org/diegodlh/w2c-server/-/commit/1d92b7b6a17cca4dae646c13410a29440ddd8d5a

Should be working now. Sorry for the delay in noticing this and thanks for reporting.

diegodlh added a comment.Apr 1 2025, 9:48 PM

the idea would be that requests originating from user scripts or gadgets set their own api-user-agent. However, because of the way how Web2Cit-Gadget patches the Citoid extension, doing this may not be as straightforward.

Created a separate task: T390791

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits