Wikipedia talk:User scripts/Guide: Difference between revisions
Content deleted Content added
→Ajax and cross-origin requests: new section |
replying to Diegodlh (Bawl!) |
||
Line 83:
Hi! The documentation says, in the Ajax section, that "AJAX scripts cannot reach a page on a different server (for example, google.ca or en.wikisource.org from en.wikipedia.org". I'm writing a user script that requires making a query to a tool hosted in Toolforge. I thought this would not be possible (given what the documentation says), but I found that `$.ajax` is being able to fetch resources from it, as long as other server includes the appropriate CORS Allow-Origin headers. Am I misinterpreting the documentation? Or has this changed lately? Thanks! [[User:Diegodlh|Diegodlh]] ([[User talk:Diegodlh|talk]]) 16:02, 12 April 2022 (UTC)
:{{ping|Diegodlh}} I'm not sure where I heard about this, but it seems that CORS has not affected us yet; currently it is in logging mode. Furthermore, all Wikimedia domains are allowed. Try going to [[:testwiki:|Test Wikipedia]], and you will see this red error appearing in your browser console:<br />{{small|{{error|1=[Report Only] Refused to load the script '[URL]' because it violates the following Content Security Policy directive: "script-src 'unsafe-eval' blob: 'self' meta.wikimedia.org *.wikimedia.org *.wikipedia.org *.wikinews.org *.wiktionary.org *.wikibooks.org *.wikiversity.org *.wikisource.org wikisource.org *.wikiquote.org *.wikidata.org *.wikivoyage.org *.mediawiki.org 'unsafe-inline'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.}}}} [[User:NguoiDungKhongDinhDanh|<span style="font-family:Monotype Corsiva;background-image:linear-gradient(90deg,red,yellow,cyan);color:transparent;background-clip:text;-webkit-background-clip:text">'''NguoiDungKhongDinhDanh'''</span>]] 16:26, 12 April 2022 (UTC)
| |||