[Cloud] [Cloud-announce] openstack upgrades Thursday, 2024-08-22

I will be upgrading the cloud-vps openstack install on Thursday, beginning around 16:00 UTC. Here's what to expect: - Intermittent Horizon and API downtime (maybe an hour or two total) - Inability to schedule new VMs (also for an hour or two) Toolforge users will be unaffected by this outage.

[Cloud] Re: Cloud Digest, Vol 152, Issue 18

Hello Cloud list admins, Can you please consider increasing the size of digest_size_threshold for this list (cloud)? I've received 7 digest emails today so far containing 2-3 emails each, and I'd prefer to receive 1 digest email per day with 20+ emails inside of it. Less emails = better for fol

[Cloud] Re: javascript tooling?

Okay that makes a lot of sense then. I bet for some endpoints you want to include OAuth credentials to act on behalf of a user. -Travis On Sun, Aug 18, 2024 at 1:01 PM Aoyan Sarkar wrote: > The browser does not allow you to pass in credentials (via cookies or > Authenticafion header) when origi

[Cloud] Re: javascript tooling?

The browser does not allow you to pass in credentials (via cookies or Authenticafion header) when origin=*. >From MDN: > For requests without credentials, the literal value "*" can be specified as a wildcard; the value tells browsers to allow requesting code from any origin to access the resource

[Cloud] Re: javascript tooling?

And honestly, the more I consider this setup (which I hadn't heard about until now), the more I wonder why MW isn't just set up to send a wildcard origin always, since any site on any domain could trivially request this. -Travis On Sun, Aug 18, 2024 at 12:58 PM Travis Briggs wrote: > CORS is un

[Cloud] Re: javascript tooling?

CORS is unrelated to authentication. It has nothing to do with what cookies you do or do not have. While a website could look at cookies when deciding whether to send the Access-Control-Allow-Origin header, that would be unusual. origin=* should be all you ever need, because otherwise you're just

[Cloud] Re: javascript tooling?

You can use window.location.origin to dynamically get the origin, and this will work for whatever origin you actually have. Meaning that if you deploy the same app to two different websites, it’ll provide the correct origin all the time. - Aoyan Sarkar On Sun, Aug 18, 2024 at 3:52 PM Roy Smith

[Cloud] Re: javascript tooling?

OK, I'm reading along at https://www.mediawiki.org/wiki/API:Cross-site_requests and this is starting to make sense. I see that origin=* forces anonymous mode. This is enough to get me started. At some point I'll certainly need to be authenticated, but I'll tackle that when I get to it. > On

[Cloud] Re: javascript tooling?

Access-Control-Allow-Origin (and other related headers) is standard. `origin=*` is specific to the Action API, which requests MW to add the ACAO header. `origin=localhost:5173` IIRC makes MW check the origin against a whitelist of sites that can use credentials, but origin=* is special in that M

[Cloud] Re: javascript tooling?

OK, that worked, thanks. Surprisingly origin=localhost:5173 doesn't work, but I can live with that. Is this a standard part of the CORS protocol, or something specific to the Action API? > On Aug 18, 2024, at 1:45 PM, Siddharth VP wrote: > > Add origin=* in the API request query params. Thi

[Cloud] Re: javascript tooling?

CORS needs the API that you're calling (en.wikipedia.org) to whitelist the origin you're accessing it from (localhost:5173). MW API supports using a query string parameter (`origin`) in order to request that an origin (e.g. localhost:5173) is whitelisted through the ACAO (

[Cloud] Re: javascript tooling?

Add origin=* in the API request query params. This tells the API to include Access-Control-Allow-Origin: * in the response headers. Don't put mode: no-cors. On Sun, 18 Aug 2024 at 22:29, Roy Smith wrote: > So, after beating my head against this for a couple of days, I've come to > the conclusion

[Cloud] Re: javascript tooling?

So, after beating my head against this for a couple of days, I've come to the conclusion that I just don't understand how CORS works. If I get the following URL: https://en.wikipedia.org/w/api.php?action=query&format=json&meta=userinfo&formatversion=2&uiprop=rights from a browser, I get what I