Juliusz Gonera wrote: >We've been having a hard time making photo uploads work in >MobileFrontend because of CentralAuth's third party cookies problem (we >upload them from Wikipedia web site to Commons API). Apart from the >newest Firefox [1,2], mobile Safari also doesn't accept third party >cookies unless the domain has been visited and it already has at least >one cookie set. > >Even though we have probably found a solution for now, it's a very shaky >and not elegant workaround which might stop working any time (if some >detail of default browser cookie policy changes again) [3]. > >I came up with another idea of how this could be solved. The problem we >have right now is that Commons is on a completely different domain than >Wikipedia, so they can't share the login token cookie. However, we could >set up alternative domains for Commons, such as commons.wikipedia.org, >and then the cookie could be shared. > >The only issue I see with this solution is that we would have to >prevent messing up SEO (having multiple URLs pointing to the same >resource). This, however, could be avoided by redirecting every >non-API request to the main domain (commons.wikimedia.org) and only >allowing API requests on alternative domains (which is what we use for >photo uploads on mobile). > >This obviously doesn't solve the broader problem of CentralAuth's common >login being broken, but at least would allow easy communication between >Commons and other projects. In my opinion this is the biggest problem >right now. Users can probably live without being automatically logged in >to other projects, but photo uploads on mobile are just broken when we >can't use Commons API. > >Please let me know what you think. Are there any other possible >drawbacks of this solution that I missed? > >[1] http://webpolicy.org/2013/02/22/the-new-firefox-cookie-policy/ >[2] >https://developer.mozilla.org/en-US/docs/Site_Compatibility_for_Firefox_22 >[3] https://gerrit.wikimedia.org/r/#/c/54813/
Hi Juliusz, Please draft an RFC at <https://www.mediawiki.org/wiki/RFC>. :-) commons.wikipedia.org already redirects to commons.wikimedia.org (for historical reasons, maybe), so that has to be considered. I think what you're proposing is also kind of confusing and I'm wondering if there aren't better ways to approach the problem. A good RFC will lay out the underlying components in a "Background" section, the problem you're attempting to solve in a "Problem" section, and then offer possible solutions in a "Proposals" section. Variants on this also usually work. MZMcBride _______________________________________________ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l