Headers
While hacking on a script[1][2] for cross-wiki watchlists using CORS, I noticed the following problem:
1. Open Google Chrome 36 (on Linux Mint 17)
2. Clear the cache and cookies (shortcut: CTRL+SHIFT+delete)
3. Access https://pt.wikipedia.org/wiki/Special:UserLogin?uselang=en&useskin=vector
4. Log in
5. Open the console (shortcut: CTRL+SHIFT+J)
6. Execute an API request to Wiktionary:
------------------------------------------------------------------------
$.ajax( {
url: 'https://pt.wiktionary.org/w/api.php',
xhrFields: { withCredentials: true },
data: {
action: 'query',
format: 'json',
list: 'watchlist',
origin: 'https://pt.wikipedia.org'
},
dataType: 'json'
} )
.done( function( data ) {
if ( data.error ) {
console.warn( data.error.code + ': ' + data.error.info );
} else {
console.warn( 'ok' );
}
} );
------------------------------------------------------------------------
This results in "wlnotloggedin: You must be logged-in to have a watchlist".
Notes:
* If I execute the same steps on Firefox 31, I get "ok".
* If I access
https://pt.wiktionary.org/w/api.php?action=query&format=json&list=watchlist
directly in the browser, I get the data, without any error.
* If I open https://pt.wiktionary.org/wiki/Special:Watchlist, I see the pages I'm watching, without any error.
* If I replace "pt.wikipedia.org" by "en.wikipedia.org" on steps 3 and 6, the same error apears.
* If I also replace "pt.wiktionary.org" by "en.wiktionary.org", then I get "ok".
* If I use another account on pt.wikipedia.org, and reset my preferences before doing the request, I still get the error.
[1] https://github.com/legoktm/xwiki-watchlist/blob/master/xwikiwatchlist.js
[2] https://pt.wikibooks.org/wiki/User:Helder.wiki/Tools/Cross-Wiki_Watchlist.js
--------------------------
**Version**: unspecified
**Severity**: normal
**Attached**: {F14244}