Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

'Error: could not get tokens' with browserSession: true #82

Open
fuddl opened this issue Mar 16, 2024 · 3 comments
Open

'Error: could not get tokens' with browserSession: true #82

fuddl opened this issue Mar 16, 2024 · 3 comments
Labels
browser bug

Comments

@fuddl
Copy link

fuddl commented Mar 16, 2024
edited
Loading

I am working on a browser extension and I'm trying to swich to wikibase-edit instead of making edits directly. Since the extension uses the browser session to make edits, I'm using the newly added browserSession: true credential setting.

  • wikibase-edit version: 7.0.2
  • Environment: Firefox 123.0.1 (64-bit)

When I try to make an edit. I get the following error:

Error: could not get tokens

The server does not respond with an error, but the response does not contain tokens but the follwoing warning:

Tokens may not be obtained when the same-origin policy is not applied.

wikibase-edit tries to get the token from

https://playground.wikibase.cloud/w/api.php?action=query&meta=tokens&type=csrf&format=json&origin=*

✅ This is how I got the token before switching to wikibase-edit:

https://playground.wikibase.cloud/w/api.php?action=query&meta=tokens&format=json

When I removed the origin=* parameter in wikibase-edit, it worked just fine.

Edit

The issue might be here.

In the context of a webextension, globalThis.location is a local script. In my case it is moz-extension://0f0a018a-2719-427a-9df6-84e39a92a619/background/index.html. To technically the request is crossorigin.
maxlath added a commit that referenced this issue Mar 22, 2024
@maxlath
requests: remove origin parameter
e71ad04 
as its apparently counter-productive, cf #82
@maxlath
Copy link
Owner

maxlath commented Mar 22, 2024

I removed the origin=* parameter in v7.0.3, can you give it a try?

@fuddl
Copy link
Author

fuddl commented Mar 30, 2024

I'm getting a different error now. But I think it's unrelated to this issue. Thank you!

@fuddl fuddl closed this as completed Mar 30, 2024
@fuddl
Copy link
Author

fuddl commented Mar 30, 2024

Sorry, I'm not sure, what is going on. I prepared a simple webextension for testing.

Clicking the button will yield the following errors in the Multiprocess browser console:

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at ‘https://www.wikidata.org/w/api.php?action=wbgetentities&ids=P1106&format=json&props=info&origin=*’. (Reason: Credential is not supported if the CORS header ‘Access-Control-Allow-Origin’ is ‘*’).

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://www.wikidata.org/w/api.php?action=wbgetentities&ids=P1106&format=json&props=info&origin=*. (Reason: CORS request did not succeed). Status code: (null).

Uncaught (in promise) TypeError: NetworkError when attempting to fetch resource.

The extension uses 7.0.3

@fuddl fuddl reopened this Mar 30, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
browser bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@fuddl @maxlath