Headers
While hacking on a script[1][2] for cross-wiki watchlists using CORS, I noticed the following problem:
- Open Google Chrome 36 (on Linux Mint 17)
- Clear the cache and cookies (shortcut: CTRL+SHIFT+delete)
- Access https://pt.wikipedia.org/wiki/Special:UserLogin?uselang=en&useskin=vector
- Log in
- Open the console (shortcut: CTRL+SHIFT+J)
- Execute an API request to Wiktionary:
$.ajax( { url: 'https://pt.wiktionary.org/w/api.php', xhrFields: { withCredentials: true }, data: { action: 'query', format: 'json', list: 'watchlist', origin: 'https://pt.wikipedia.org' }, dataType: 'json' } ) .done( function( data ) { if ( data.error ) { console.warn( data.error.code + ': ' + data.error.info ); } else { console.warn( 'ok' ); } } );
This results in "wlnotloggedin: You must be logged-in to have a watchlist".
Notes:
- If I execute the same steps on Firefox 31, I get "ok".
- If I access
https://pt.wiktionary.org/w/api.php?action=query&format=json&list=watchlist
directly in the browser, I get the data, without any error.
- If I open https://pt.wiktionary.org/wiki/Special:Watchlist, I see the pages I'm watching, without any error.
- If I replace "pt.wikipedia.org" by "en.wikipedia.org" on steps 3 and 6, the same error apears.
- If I also replace "pt.wiktionary.org" by "en.wiktionary.org", then I get "ok".
- If I use another account on pt.wikipedia.org, and reset my preferences before doing the request, I still get the error.
[1] https://github.com/legoktm/xwiki-watchlist/blob/master/xwikiwatchlist.js
[2] https://github.com/he7d3r/mw-gadget-CrossWikiWatchlist
Version: unspecified
Severity: normal
Attached: