+ops
On Thu, Mar 21, 2013 at 8:20 AM, Juliusz Gonera <[email protected]>wrote: > We've been having a hard time making photo uploads work in > MobileFrontend because of CentralAuth's third party cookies problem (we > upload them from Wikipedia web site to Commons API). Apart from the > newest Firefox [1,2], mobile Safari also doesn't accept third party > cookies unless the domain has been visited and it already has at least > one cookie set. > > Even though we have probably found a solution for now, it's a very shaky > and not elegant workaround which might stop working any time (if some > detail of default browser cookie policy changes again) [3]. > > I came up with another idea of how this could be solved. The problem we > have right now is that Commons is on a completely different domain than > Wikipedia, so they can't share the login token cookie. However, we could > set up alternative domains for Commons, such as commons.wikipedia.org, > and then the cookie could be shared. > > The only issue I see with this solution is that we would have to > prevent messing up SEO (having multiple URLs pointing to the same > resource). This, however, could be avoided by redirecting every > non-API request to the main domain (commons.wikimedia.org) and only > allowing API requests on alternative domains (which is what we use for > photo uploads on mobile). > > This obviously doesn't solve the broader problem of CentralAuth's common > login being broken, but at least would allow easy communication between > Commons and other projects. In my opinion this is the biggest problem > right now. Users can probably live without being automatically logged in > to other projects, but photo uploads on mobile are just broken when we > can't use Commons API. > > Please let me know what you think. Are there any other possible > drawbacks of this solution that I missed? > > [1] > http://webpolicy.org/2013/02/**22/the-new-firefox-cookie-**policy/<http://webpolicy.org/2013/02/22/the-new-firefox-cookie-policy/> > [2] https://developer.mozilla.org/**en-US/docs/Site_Compatibility_** > for_Firefox_22<https://developer.mozilla.org/en-US/docs/Site_Compatibility_for_Firefox_22> > [3] > https://gerrit.wikimedia.org/**r/#/c/54813/<https://gerrit.wikimedia.org/r/#/c/54813/> > > -- > Juliusz > > ______________________________**_________________ > Wikitech-l mailing list > [email protected] > https://lists.wikimedia.org/**mailman/listinfo/wikitech-l<https://lists.wikimedia.org/mailman/listinfo/wikitech-l> -- Arthur Richards Software Engineer, Mobile [[User:Awjrichards]] IRC: awjr +1-415-839-6885 x6687 _______________________________________________ Wikitech-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikitech-l
