Does Wikipedia API support CORS or only JSONP available?

by

To make JavaScript Fetch/XHR requests to Wikipedia, add origin=* to the URL query params.

So the base of the URL in the question should be like this:

https://en.wikipedia.org/w/api.php?origin=*&action=query…

See the CORS-related docs for the Wikipedia backend:

For anonymous requests, origin query string parameter can be set to * which will allow requests from anywhere.

2016-05-09 original answer

See “Enable cross-domain API requests in API’s JSON responses”, an open bug for Wikimedia sites that indicates that they currently only support CORS requests from different Wikimedia sites themselves to other Wikimedia sites—but they do not support CORS requests from external sites.

See in particular https://phabricator.wikimedia.org/T62835#2191138 (from Apr 8, 2016) which is a summary that indicates they are considering to make a change to allow CORS request from external sites, but they have not yet enabled it.

2016-07-12 update

It seems they will be deploying CORS support today:

unauthenticated cross-domain API requests are now possible. This
should be deployed to WMF wikis with 1.128.0-wmf.10, see
https://www.mediawiki.org/wiki/MediaWiki_1.28/Roadmap for the schedule

https://www.mediawiki.org/wiki/MediaWiki_1.28/Roadmap indicates the 1.128.0-wmf.10 deployment dates are 12 July 2016 to 14 July 2016.

2016-08-05 update

As torvin notes in a comment below:

to trigger the new behaviour, you need to specify origin=* in your url params. This is currently buried in the T62835 discussion and is not stated in the documentation yet.

More Related Contents:

  1. “Origin null is not allowed by Access-Control-Allow-Origin” error for request made by application running from a file:// URL
  2. Why does my JavaScript code receive a “No ‘Access-Control-Allow-Origin’ header is present on the requested resource” error, while Postman does not?
  3. AJAX cross domain call
  4. Post data to JsonP
  5. jQuery XML error ‘ No ‘Access-Control-Allow-Origin’ header is present on the requested resource.’
  6. how to bypass Access-Control-Allow-Origin?
  7. No ‘Access-Control-Allow-Origin’ header is present on the requested resource. Origin ‘…’ is therefore not allowed access
  8. CORS – How do ‘preflight’ an httprequest?
  9. No ‘Access-Control-Allow-Origin’ header is present on the requested resource error
  10. A CORS POST request works from plain JavaScript, but why not with jQuery?
  11. Cross-Origin Read Blocking (CORB)
  12. How do I catch jQuery $.getJSON (or $.ajax with datatype set to ‘jsonp’) error when using JSONP?
  13. How do CORS and Access-Control-Allow-Headers work?
  14. Javascript search inside a JSON object
  15. How to make a jsonp POST request that specifies contentType with jQuery?
  16. Use JSONP to load an html page
  17. Error handling in getJSON calls
  18. Cross-origin resource sharing (CORS) concept
  19. CORS not working on Chrome
  20. Changing getJSON to JSONP
  21. Getting Spotify API access token from frontend JavaScript code
  22. AJAX call and clean JSON but Syntax Error: missing ; before statement
  23. Callback function for JSONP with jQuery AJAX
  24. Jquery success function not firing using JSONP
  25. JSON string to JS object
  26. Pushing data to Google spreadsheet through JavaScript running in browser
  27. jQuery JSONP ajax, authentication header not being set
  28. Google’s Places API and JQuery request – Origin http://localhost is not allowed by Access-Control-Allow-Origin
  29. CORS error with jquery
  30. Using JSONP to get JSON data from another server

Leave a Comment