API:クロスサイト リクエスト
 | このページは MediaWiki 操作 API の説明文書の一部です。 |
If an external site needs to make an API call against a MediaWiki site, it must use CORS (preferred) or JSONP (older, less secure).
CORS の使用
If a user script or gadget is used to make an API call against a site within the same wiki family, it must use a MediaWiki module that uses CORS under the hook: mediawiki.ForeignApi.
This is the way to go, for instance, if a script on the English Wikipedia needs to check image information on Commons.
The rest of this section is for developers who cannot use mediawiki.ForeignApi.
The MediaWiki API requires that origin or crossorigin be supplied as a query string parameter.
If the CORS request is authenticated via cookies, the origin value must be the site from which the request originates, which is matched against the Origin header required by the CORS protocol.
Note that these parameters must be included in any pre-flight request, and so should be included in the query string portion of the request URI even for POST requests.
When the origin parameter is supplied and the request does not return a successful CORS response, MediaWiki≥1.30 will return a MediaWiki-CORS-Rejection header with a brief reason for the failure, e.g. in case of mismatched origin or unsupported headers in a Access-Control-Request-Headers request header.
Unauthenticated CORS Requests
Unauthenticated CORS requests may be made from any origin by setting the origin request parameter to *.
In this case MediaWiki will include the Access-Control-Allow-Credentials: false header in the response and will process the request as if logged out.
例
GET リクエスト
サンプル JavaScript コード
var apiEndpoint = "https://commons.wikimedia.org/w/api.php";
var params = "action=query&list=allimages&ailimit=3&format=json";
/**
* Send the request to get the images
*/
fetch(apiEndpoint + "?" + params + "&origin=*")
.then(function(response){return response.json();})
.then(function(response) {
var allimages = response.query.allimages; // Process the output to get the image names
Object.keys(allimages).forEach(function(key) {
console.log(allimages[key].name);
});
});
レスポンス
!!!!!_Mdina_Fortifications,_Ditch,_Bridge_and_Main_Gate.jpg
!!!!_Mdina_buildings_!!!!.jpg
!!!!_Palazzo_Dorell_ancillary_building.jpg
Authenticated CORS Requests using cookies
To make an authenticated CORS request using cookies, the remote wiki's $wgCrossSiteAJAXdomains setting must be set to allow the origin site, and the origin parameter must be set to the origin site in the request URL.
If the CORS origin check passes, MediaWiki will include the Access-Control-Allow-Credentials: true header in the response, so authentication cookies may be sent.
Authenticated CORS requests using OAuth
| MediaWiki バージョン: | 1.44 Gerrit change 1118583 |
To make an authenticated CORS request using OAuth, obtain an OAuth access token using the normal authorization flow, then make the request with crossorigin= in the request URL (no value necessary) and Authorization: Bearer access token in the request headers.
Manual:CORS では、JavaScript で CORS を呼び出す、より多くの手順と例を記しています。
JSONP の使用
The API's format=json accepts a callback parameter, whose value is a JavaScript function which the JSON result will be wrapped in.
This may be used to call the API on a remote site by dynamically adding <script> tags to the document.
例
GET リクエスト
サンプル JavaScript コード
var apiEndpoint = "https://en.wikipedia.org/w/api.php";
var params = "action=query&list=random&rnlimit=3&format=json";
/**
* The function to wrap the result
*/
window.my_callback = function (response) {
var pages = response.query.random; // Process the output to get the titles
Object.keys(pages).forEach(function(key) {
console.log(pages[key].title);
});
};
var scriptTag = document.createElement("script"); // Dynamically create a "script" tag
scriptTag.src = apiEndpoint + "?" + params + "&callback=my_callback"; // Point to the query string
document.body.appendChild(scriptTag); // Add the script tag to the document
レスポンス
Kache Aye Shoi
Talk:Sarbka, Wągrowiec County
Category:Nakhon Ratchasima Province