Page MenuHomePhabricator
Create Task
Maniphest T408441

403 error when using Wikibase REST API to search
Closed, ResolvedPublicBUG REPORT
Actions

Description

What happens?: Apparently the Wikibase REST API is blocking cross-origin access to search endpoints with a 403 error.

Steps to replicate the issue:

I share a snippet of JavaScript code which retrieves the JSON of a search with the REST API:

async function searchTest() {
  const url_test = `https://www.wikidata.org/w/rest.php/wikibase/v0/search/items?q=searchterm&language=en&limit=10&type=item`;
  const response_test = await fetch(url_test, {
    headers: {
      Accept: "application/json",
      "User-Agent": "PaulinaApp/0.9 (https://gitlab.wikimedia.org/toolforge-repos/paulina)"
    },
  });
  console.log(await response_test.text());
}

The response to this code is:

{"error":"rest-cross-origin-anon-write", "httpCode":403, "httpReason":"Forbidden"}

The same API call works fine when it is called from my local web browser, and also when it is called from my web application using the Python requests module. But when it is called with JavaScript, it responds with the 403 error.

What should have happened instead?:

As this is not a write request, Wikibase REST API should declare that it doesn't need write access, so the request can succeed without the 403 error.

Other information:

A very similar bug was reported 2 years ago for the MediaWiki REST API: T347721

My guess is that the REST API thinks that this is a write request, when in fact it is a read-only request.

Details

Related Changes in Gerrit:
SubjectRepoBranchLines +/-
Search: Implement needsWriteAccess method in route handlersmediawiki/extensions/Wikibasemaster+41 -0
Search: Refactor test setupmediawiki/extensions/Wikibasemaster+23 -16
Customize query in gerrit

Related Objects

Event Timeline

Pepe_piton created this task.Oct 27 2025, 7:38 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptOct 27 2025, 7:38 PM
Pepe_piton updated the task description. (Show Details)Oct 27 2025, 9:18 PM
Pepe_piton updated the task description. (Show Details)
Pepe_piton mentioned this in T407558: Proof of concept: add work form, with autocomplete.Oct 27 2025, 11:05 PM
Ifrahkhanyaree_WMDE subscribed.Wed, Nov 19, 9:22 AM

Hi @Pepe_piton apologies for only looking at this now! I assume the problem still persists? We can check it on our end then

Ifrahkhanyaree_WMDE added a project: Wikibase Reuse Team.Wed, Nov 19, 9:22 AM
Ifrahkhanyaree_WMDE moved this task from Incoming tickets outside WPP to Ready for planning on the Wikibase Reuse Team board.Wed, Nov 19, 9:43 AM
ItamarWMDE claimed this task.Mon, Nov 24, 12:37 PM
Restricted Application added a project: User-ItamarWMDE. · View Herald TranscriptMon, Nov 24, 12:37 PM
ItamarWMDE moved this task from Ready for planning to Sprint 57 on the Wikibase Reuse Team board.Mon, Nov 24, 12:37 PM
ItamarWMDE edited projects, added Wikibase Reuse Team (Sprint 57); removed Wikibase Reuse Team.
ItamarWMDE moved this task from To Do to Doing on the Wikibase Reuse Team (Sprint 57) board.
gerritbot added a comment.Tue, Nov 25, 8:32 AM

Change #1211003 had a related patch set uploaded (by Itamar Givon; author: Itamar Givon):

[mediawiki/extensions/Wikibase@master] Search: Refactor test setup

https://gerrit.wikimedia.org/r/1211003

gerritbot added a project: Patch-For-Review.Tue, Nov 25, 8:32 AM

Change #1211004 had a related patch set uploaded (by Itamar Givon; author: Itamar Givon):

[mediawiki/extensions/Wikibase@master] Search: Implement needsWriteAccess method in route handlers

https://gerrit.wikimedia.org/r/1211004

ItamarWMDE moved this task from Doing to Peer Review on the Wikibase Reuse Team (Sprint 57) board.Tue, Nov 25, 8:38 AM
Ifrahkhanyaree_WMDE edited projects, added Wikibase Reuse Team (Sprint 58); removed Wikibase Reuse Team (Sprint 57).Tue, Nov 25, 9:45 AM
Ifrahkhanyaree_WMDE moved this task from To Do to Peer Review on the Wikibase Reuse Team (Sprint 58) board.
gerritbot added a comment.Fri, Nov 28, 11:28 AM

Change #1211003 merged by jenkins-bot:

[mediawiki/extensions/Wikibase@master] Search: Refactor test setup

https://gerrit.wikimedia.org/r/1211003

gerritbot added a comment.Fri, Nov 28, 11:29 AM

Change #1211004 merged by jenkins-bot:

[mediawiki/extensions/Wikibase@master] Search: Implement needsWriteAccess method in route handlers

https://gerrit.wikimedia.org/r/1211004

Maintenance_bot removed a project: Patch-For-Review.Fri, Nov 28, 11:30 AM
ReleaseTaggerBot added a project: MW-1.46-notes (1.46.0-wmf.5; 2025-12-02).Fri, Nov 28, 12:00 PM
Jakob_WMDE moved this task from Peer Review to Done on the Wikibase Reuse Team (Sprint 58) board.Mon, Dec 1, 10:03 AM
Ifrahkhanyaree_WMDE moved this task from Backlog to Happening now on the Wikibase REST API (WPP) board.Tue, Dec 2, 3:14 PM
Silvan_WMDE closed this task as Resolved.Tue, Dec 9, 10:30 AM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits