API:Cross-site requests/hu
This page is part of the MediaWiki Action API documentation. |
If an external site needs to make an API call against a MediaWiki site, it must use CORS (preferred) or JSONP (older, less secure).
CORS-használat
If a user script or gadget is used to make an API call against a site within the same wiki family , it must use a MediaWiki module that uses CORS under the hood: mediawiki.ForeignApi
.
This is the way to go for instance, if a script on the English Wikipedia needs to check image information on Commons.
The MediaWiki API requires that the origin
be supplied as a query string parameter. If the CORS request is authenticated, its value must be the site from which the request originates, which is matched against the Origin header required by the CORS protocol.
Note that this parameter must be included in any pre-flight request, and so should be included in the query string portion of the request URI even for POST requests.
When the origin
parameter is supplied and the request does not return a successful CORS response, MediaWiki≥1.30 will return a MediaWiki-CORS-Rejection
header with a brief reason for the failure, e.g. in case of mismatched origin or unsupported headers in a Access-Control-Request-Headers
request header.
Unauthenticated CORS Requests
Unauthenticated CORS requests may be made from any origin by setting the origin
request parameter to *
.
In this case MediaWiki will include the Access-Control-Allow-Credentials: false
header in the response and will process the request as if logged out.
Példa
GET kérés
Mintakód
var apiEndpoint = "https://commons.wikimedia.org/w/api.php";
var params = "action=query&list=allimages&ailimit=3&format=json";
/**
* Kérés küldése a képek megszerzésére
*/
fetch(apiEndpoint + "?" + params + "&origin=*")
.then(function(response){return response.json();})
.then(function(response) {
var allimages = response.query.allimages; // Kérés feldolgozása a képek neveinek kiírására
Object.keys(allimages).forEach(function(key) {
console.log(allimages[key].name);
});
});
Válasz
!!!!!_Mdina_Fortifications,_Ditch,_Bridge_and_Main_Gate.jpg
!!!!_Mdina_buildings_!!!!.jpg
!!!!_Palazzo_Dorell_ancillary_building.jpg
Hitelesített CORS-kérések
To make an authenticated CORS request, the remote wiki's $wgCrossSiteAJAXdomains
setting must be set to allow the origin site.
If the CORS origin check passes, MediaWiki will include the Access-Control-Allow-Credentials: true
header in the response, so authentication cookies may be sent.
Manual:CORS contains more instructions and examples on how to handle CORS requests in JavaScript.
JSONP-használat
The API's format=json
accepts a callback
parameter, whose value is a JavaScript function which the JSON result will be wrapped in.
This may be used to call the API on a remote site by dynamically adding <script>
tags to the document.
Példa
GET-kérés
Mintakód
var apiEndpoint = "https://en.wikipedia.org/w/api.php";
var params = "action=query&list=random&rnlimit=3&format=json";
/**
* Az eredményhez használt függvény
*/
window.my_callback = function (response) {
var pages = response.query.random; // Process the output to get the titles
Object.keys(pages).forEach(function(key) {
console.log(pages[key].title);
});
};
var scriptTag = document.createElement("script"); // Dynamically create a "script" tag
scriptTag.src = apiEndpoint + "?" + params + "&callback=my_callback"; // Point to the query string
document.body.appendChild(scriptTag); // Add the script tag to the document
Válasz
Kache Aye Shoi
Talk:Sarbka, Wągrowiec County
Category:Nakhon Ratchasima Province