Does Wikipedia API support CORS or only JSONP available?

Question

This question related to another question, which was asked year ago. Author asked how to make cros-origin request using JavaScript and Wikipedia API and one comment was:

Answer 1

To make JavaScript Fetch/XHR requests to Wikipedia, add origin=* to the URL query params.

So the base of the URL in the question should be like this:

https://en.wikipedia.org/w/api.php?origin=*&action=query…

See the CORS-related docs for the Wikipedia backend:

For anonymous requests, origin query string parameter can be set to * which will allow requests from anywhere.

---

2016-05-09 original answer

See “Enable cross-domain API requests in API's JSON responses”, an open bug for Wikimedia sites that indicates that they currently only support CORS requests from different Wikimedia sites themselves to other Wikimedia sites—but they do not support CORS requests from external sites.

See in particular https://phabricator.wikimedia.org/T62835#2191138 (from Apr 8, 2016) which is a summary that indicates they are considering to make a change to allow CORS request from external sites, but they have not yet enabled it.

2016-07-12 update

It seems they will be deploying CORS support today:

unauthenticated cross-domain API requests are now possible. This should be deployed to WMF wikis with 1.128.0-wmf.10, see https://www.mediawiki.org/wiki/MediaWiki_1.28/Roadmap for the schedule

https://www.mediawiki.org/wiki/MediaWiki_1.28/Roadmap indicates the 1.128.0-wmf.10 deployment dates are 12 July 2016 to 14 July 2016.

2016-08-05 update

As torvin notes in a comment below:

to trigger the new behaviour, you need to specify origin=* in your url params. This is currently buried in the T62835 discussion and is not stated in the documentation yet.