CORS login error

[v-ji]

Hi everyone! Trying to use Source MetaData results in the following error in the browser console:

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://quickstatements.toolforge.org/api.php?action=is_logged_in. (Reason: CORS header 'Access-Control-Allow-Origin' missing).

The tool always gives the error Not logged in!, because the request is blocked by the browser. Any idea whether QuickStatements could add that header? Has this only changed recently?

[dpriskorn]

I got the same issue. FF 86.0.1 (64-bit)

[lubianat]

Same problem here.

[lubianat]

@magnusmanske , sorry to bother, but was there any progress with this bug? I'd love to use more SourceMD, I am currently defaulting to the old version, which has less features

[WolfgangFahl]

Not logged in!

[HeavyTony2]

Apparently, it's still possible to trigger it by manually adding your username in a fetch.
Ex:
I sent
fetch("https://sourcemd.toolforge.org/?", { "headers": { "accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9", "accept-language": "fr-FR,fr;q=0.9,en-US;q=0.8,en;q=0.7", "cache-control": "max-age=0", "content-type": "application/x-www-form-urlencoded", "sec-ch-ua": "\".Not/A)Brand\";v=\"99\", \"Google Chrome\";v=\"103\", \"Chromium\";v=\"103\"", "sec-ch-ua-mobile": "?0", "sec-ch-ua-platform": "\"Windows\"", "sec-fetch-dest": "document", "sec-fetch-mode": "navigate", "sec-fetch-site": "same-origin", "sec-fetch-user": "?1", "upgrade-insecure-requests": "1" }, "referrer": "https://sourcemd.toolforge.org/?", "referrerPolicy": "strict-origin-when-cross-origin", "body": "thelist=Q74425585&username=QTHCCAN&action=EDIT_PAPER_FOR_ORCID_AUTHOR&batch_name=TestFetch", "method": "POST", "mode": "cors", "credentials": "omit" });

I got an answered that ended like that
<p>Your new batch is <a href='?action=batch&batch=9443'>#9443</a></p></div></div></body></html>