On Thu, Dec 7, 2017 at 11:17 AM, Nikola I. <nikir...@gmail.com> wrote:
> About: xhr.setRequestHeader( 'Api-User-Agent', 'Example/1.0' ); > Your problem here has nothing to do with this header. Also, you'd want to specify something more identifying than "Example/1.0". > Failed to load https://en.wikipedia.org/w/api.php?action=query&prop= > links&format=json&titles=Bulgaria&callback=JSON_CALLBACK: > Response to preflight request doesn't pass access control check: > No 'Access-Control-Allow-Origin' header is present on the requested > resource. > Origin 'https://s.codepen.io' is therefore not allowed access. > The API only responds with CORS headers if the URL contains an "origin" parameter. For accessing from an external site like codepen.io, you'd want to specify "origin=*". And you would not want to use the "callback" parameter in that situation, "callback" is intended for accessing a remote resource by adding a <script> tag to the header, as you might do in an old browser where XMLHttpRequest is not available. When doing a POST, note the "origin" parameter must be in the URL's query string, not the POST body. While it doesn't have an example for raw XMLHttpRequest, see https://www.mediawiki.org/wiki/API:Cross-site_requests and https://www.mediawiki.org/wiki/Manual:CORS for details. -- Brad Jorsch (Anomie) Senior Software Engineer Wikimedia Foundation
_______________________________________________ Mediawiki-api mailing list Mediawiki-api@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-api
