CORS support for access to openrefine-wikidata

[jaygray0919]

When embedding query strings, we need to access files that are CORS enabled

For example, when using this service is not natively CORS-enabled: https://es.wikipedia.org/w/api.php?action=query&prop=extracts&exsentences=3&titles=Inform%C3%A1tica&exintro=&format=json

Hay (hay@bykr.org) advised to append 'origin=*' like this: https://es.wikipedia.org/w/api.php?action=query&prop=extracts&exsentences=3&titles=Inform%C3%A1tica&exintro=&format=json&origin=*

Similarly, the openrefine-wikidata site is not CORS enabled: https://tools.wmflabs.org/openrefine-wikidata/en/api?query=https://en.wikipedia.org/wiki/Tom_Hanks

We tried this: https://tools.wmflabs.org/openrefine-wikidata/en/api?query=https://en.wikipedia.org/wiki/Tom_Hanks&origin=*

but it does not act as the metho acts on PHP site

How can we access openrefine-wikidata if our access programs require the target site to be CORS-enabled?

/jay gray

[wetneb]

Feature request duly noted! PRs on this would be very welcome.

[mvolz]

Same issue :). Basically any browser-side script (i.e. gadgets) on Wikidata/Wikipedia won't be able to access the service because it's blocked.

Error is:

No 'Access-Control-Allow-Origin' header is present on the requested resource.

I briefly googled and found a gist of how to enable CORS for Bottle; maybe useful? https://gist.github.com/richard-flosi/3789163

[mvolz]

https://pypi.org/project/bottle-cors/ maybe better

[wetneb]

@mvolz thanks for the pointers. I will try to get this solved today.

[wetneb]

@mvolz @jaygray0919 I have deployed the fix, let me know if there are still issues on your side.

[mvolz]

Works beautifully, thank you so much! :1st_place_medal:

[mvolz]

I do get this error, but it does load :).

load.php?debug=false&lang=en&modules=jquery%2Coojs-ui-core%2Coojs-ui-widgets|mw.config.values.wbSiteDetails|oojs-ui.styles.icons-editing-advanced&skin=vector&version=1w1t5tj:130 [Report Only] Refused to connect to 'https://tools.wmflabs.org/openrefine-wikidata/en/api?query=%7B%22query%22%3A%22PLoS%20Computational%20Biology%22%2C%22limit%22%3A1%2C%22type%22%3Anull%2C%22type_strict%22%3A%22any%22%7D' because it violates the following Content Security Policy directive: "default-src 'self' data: blob: upload.wikimedia.org https://commons.wikimedia.org meta.wikimedia.org .wikimedia.org .wikipedia.org .wikinews.org .wiktionary.org .wikibooks.org .wikiversity.org .wikisource.org wikisource.org .wikiquote.org .wikidata.org .wikivoyage.org *.mediawiki.org wikimedia.org". Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback

[wetneb]

@mvolz interesting… I don't know much about CORS so correct me if I am wrong but it seems that the problem comes from a policy from the source website (mediawiki) rather than from the behaviour of the reconciliation service itself?

[mvolz]

Me neither, who knows! Probably a problem on my end.

[jaygray0919]

we're seeing: XHR status: 200 XHR status text: OK XHR exposed response headers: content-type: application/json

will test with more data later thanks for the progress

[mvolz]

For some reason the access header isn't there for error messages.

Not a big deal as it's not like it's supposed to give you data anyway, but inconsistent I guess.

Example url with error that causes it: https://tools.wmflabs.org/openrefine-wikidata/en/api?query=%2210.1371%2Fjournal.pcbi.1002947%22