API:Cross-site requests/de-formal
 | This page is part of the MediaWiki Action API documentation. |
If a user script or gadget needs to make an API call against another MediaWiki site (e.g. a script on the English Wikipedia needs to check image information on Commons), it must use JSONP or CORS.
Benutzung von JSONP
The API's format=json accepts a callback parameter, whose value is a JavaScript function which the JSON result will be wrapped in.
This may be used to call the API on a remote site by dynamically adding <script> tags to the document.
Beispiel
GET-Anfrage
Holen Sie sich die Titel von drei zufälligen Seiten aus der englischen Wikipedia.
Beispielcode
var apiEndpoint = "https://en.wikipedia.org/w/api.php";
var params = "action=query&list=random&rnlimit=3&format=json";
/**
* The function to wrap the result
*/
var callback = function (response) {
var pages = response.query.random; // Process the output to get the titles
Object.keys(pages).forEach(function(key) {
console.log(pages[key].title);
});
};
var scriptTag = document.createElement("script"); // Dynamically create a "script" tag
scriptTag.src = apiEndpoint + "?" + params + "&callback=callback"; // Point to the query string
document.body.appendChild(scriptTag); // Add the script tag to the document
Antwort
Kache Aye Shoi
Talk:Sarbka, Wągrowiec County
Category:Nakhon Ratchasima Province
Benutzung von CORS
The MediaWiki API requires that the origin be supplied as a query string parameter, with the value being the site from which the request originates, which is matched against the Origin header required by the CORS protocol.
Note that this parameter must be included in any pre-flight request, and so should be included in the query string portion of the request URI even for POST requests.
When the origin parameter is supplied and the request does not return a successful CORS response, MediaWiki≥1.30 will return a MediaWiki-CORS-Rejection header with a brief reason for the failure, e.g. in case of mismatched origin or unsupported headers in a Access-Control-Request-Headers request header.
Nicht authentifizierte CORS-Anfragen
Unauthenticated CORS requests may be made from any origin by setting the origin request parameter to *. In this case MediaWiki will include the Access-Control-Allow-Credentials: false header in the response and will process the request as if logged out.
Beispiel
GET-Anfrage
Get the names of the first three images from Wikimedia Commons.
Beispielcode
var apiEndpoint = "https://commons.wikimedia.org/w/api.php";
var params = "action=query&list=allimages&ailimit=3&format=json";
/**
* Send the request to get the images
*/
fetch(apiEndpoint + "?" + params + "&origin=*")
.then(function(response){return response.json();})
.then(function(response) {
var allimages = response.query.allimages; // Process the output to get the image names
Object.keys(allimages).forEach(function(key) {
console.log(allimages[key].name);
});
});
Antwort
!!!!!_Mdina_Fortifications,_Ditch,_Bridge_and_Main_Gate.jpg
!!!!_Mdina_buildings_!!!!.jpg
!!!!_Palazzo_Dorell_ancillary_building.jpg
Authentifizierte CORS-Anfragen
To make an authenticated CORS request, the remote wiki's $wgCrossSiteAJAXdomains setting must be set to allow the origin site.
If the CORS origin check passes, MediaWiki will include the Access-Control-Allow-Credentials: true header in the response, so authentication cookies may be sent.
Manual:CORS contains more instructions and examples on how to handle CORS requests in JavaScript.
Zusätzliche Anmerkungen
- Detailed differences between JSONP and CORS are available at CORS vs JSONP.