Last modified: 2014-04-15 14:26:03 UTC
Please enable CORS headers on wikidata to all other MW servers. Would be a good way to allow for NavPopups to work on langlinks, etc.
A minor detail, this must be done on Wikipedia and it depends on some normalization of the domain names (that is subdomains) used at Wikidata.
Requesting data from wikidata.org already works so this wont break wikibase deployment. Changing product as this is no Wikibase problem but a MediaWiki configuration one.
http://en.wikipedia.org/wiki/Cross-origin_resource_sharing
Hmm, maybe "shell" instead of "ops", seeing $wmgUseCORS in https://noc.wikimedia.org/conf/CommonSettings.php.txt ?
[replacing wikidata keyword by adding CC - see bug 56417]
Please also allow wmflabs.org servers. Also, the cached entities should be available from all servers, e.g.: https://www.wikidata.org/wiki/Special:EntityData/Q12345.json This should actually reduce load to the wikidata servers, a many tools could then use the cached data instead of the API.
(In reply to Magnus Manske from comment #6) > Also, the cached entities should be available from all servers, e.g.: > https://www.wikidata.org/wiki/Special:EntityData/Q12345.json Note that the canonical URL of this would be https://www.wikidata.org/entity/Q12345.json, which triggers a chain of redirects to get you to the URL above. Note sure how CORS handles this.
"Please also allow wmflabs.org servers." That doesn't seem safe to me.... Anything that requires production level access should be on a production domain, not on a wmflabs domain.
Oh and actually exposing resources for CORS (the json blobs) should be a separate bug request, it requires software changes.
Closing this bug as it looks solved to me (please reopen with more details if I overlooked something). (In reply to Magnus Manske from comment #6) > Please also allow wmflabs.org servers. This is not going to happen because wmflabs.org has a bazillion XSS security flaws which could then be used to perform CRSF attacks against Wikidata etc. This is not open for discussion. (In reply to Derk-Jan Hartman from comment #9) > Oh and actually exposing resources for CORS (the json blobs) should be a > separate bug request, it requires software changes. Yes, making the special page usable with JS from remote sites would require extra changes (this should go into a separate bug). (In reply to Magnus Manske from comment #6) > [...] > This should actually reduce load to the wikidata servers, a many tools could > then use the cached data instead of the API. I can't remember any huge caching / performance differences between the two approaches offhand (except that SpecialEntityData sucks with XML). If there are such, open a bug for that.
