On 2013-03-22 5:22 PM, "MZMcBride" <[email protected]> wrote: > > Juliusz Gonera wrote: > >We've been having a hard time making photo uploads work in > >MobileFrontend because of CentralAuth's third party cookies problem (we > >upload them from Wikipedia web site to Commons API). Apart from the > >newest Firefox [1,2], mobile Safari also doesn't accept third party > >cookies unless the domain has been visited and it already has at least > >one cookie set. > > > >Even though we have probably found a solution for now, it's a very shaky > >and not elegant workaround which might stop working any time (if some > >detail of default browser cookie policy changes again) [3]. > > > >I came up with another idea of how this could be solved. The problem we > >have right now is that Commons is on a completely different domain than > >Wikipedia, so they can't share the login token cookie. However, we could > >set up alternative domains for Commons, such as commons.wikipedia.org, > >and then the cookie could be shared. > > > >The only issue I see with this solution is that we would have to > >prevent messing up SEO (having multiple URLs pointing to the same > >resource). This, however, could be avoided by redirecting every > >non-API request to the main domain (commons.wikimedia.org) and only > >allowing API requests on alternative domains (which is what we use for > >photo uploads on mobile). > > > >This obviously doesn't solve the broader problem of CentralAuth's common > >login being broken, but at least would allow easy communication between > >Commons and other projects. In my opinion this is the biggest problem > >right now. Users can probably live without being automatically logged in > >to other projects, but photo uploads on mobile are just broken when we > >can't use Commons API. > > > >Please let me know what you think. Are there any other possible > >drawbacks of this solution that I missed? > > > >[1] http://webpolicy.org/2013/02/22/the-new-firefox-cookie-policy/ > >[2] > > https://developer.mozilla.org/en-US/docs/Site_Compatibility_for_Firefox_22 > >[3] https://gerrit.wikimedia.org/r/#/c/54813/ > > Hi Juliusz, > > Please draft an RFC at <https://www.mediawiki.org/wiki/RFC>. :-) > > commons.wikipedia.org already redirects to commons.wikimedia.org (for > historical reasons, maybe), so that has to be considered. I think what > you're proposing is also kind of confusing and I'm wondering if there > aren't better ways to approach the problem. > > A good RFC will lay out the underlying components in a "Background" > section, the problem you're attempting to solve in a "Problem" section, > and then offer possible solutions in a "Proposals" section. Variants on > this also usually work. > > MZMcBride > > > > _______________________________________________ > Wikitech-l mailing list > [email protected] > https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Imo this sounds like a hacky solution. Also doesnt work for wikis that are not commons. That said I don't have a better solution atm. -bawolff _______________________________________________ Wikitech-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikitech-l
