I confirm that using the Authorization
header doesn't work. It is as if it was only expecting to use Cookies
.
My Dokuwiki version (obtained in last step of the incognito window example below):
<?xml version="1.0"?>
<methodResponse>
<params>
<param>
<value>
<string>Release 2020-07-29 "Hogfather"</string>
</value>
</param>
</params>
</methodResponse>
Simple steps to recreate:
- Open Chrome incognito window
- Navigate to
https://wiki.domain.ltd
(to your wiki; to avoid cross-site network errors) without logging in, and open JS Console
- Copy jQuery from source
- Paste to jQuery to the JS Console
- Edit the script below (adapted from https://www.dokuwiki.org/devel:xmlrpc:clients), Sample jQuery Client section) and change
user
, pass
and url
variables to test based on your dokuwiki site
- Paste the modified script to the JS Console: you get an Error
401
(with no reply)
- Now, login with your
api-user
in the same tab you did the test and retry the script. In this case it works.
var user='api-user';
var pass='api-user-pass';
var url='https://wiki.domain.tld/lib/exe/xmlrpc.php';
var query=`
<?xml version="1.0"?>
<methodCall>
<methodName>dokuwiki.getVersion</methodName>
<params>
</params>
</methodCall>
`;
$.ajax({
url: url,
data: query,
contentType:"text/xml",
type:"post",
beforeSend: function (xhr) {
xhr.setRequestHeader ("Authorization", "Basic " + btoa(user + ":" + pass));
},
});
Addendum
Curiously, when using Talend API Tester Chrome Extension with these Headers:
Authorization: Basic base64(api-user:api-user-pass)
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
sec-ch-ua: "Google Chrome";v="89", "Chromium";v="89", ";Not A Brand";v="99"
Content-Type: text/xml
Accept: */*
Origin: chrome-extension://some_extension_id
Sec-Fetch-Site: none
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Accept-Encoding: gzip, deflate, br
Accept-Language: en-NZ,en;q=0.9,en-GB;q=0.8,en-US;q=0.7,es;q=0.6,ca;q=0.5
Cookie: DokuWiki=somedata; SomeMoreData
- ^ note that it adds the
Cookie
(if I login using the dokuwiki.login
method name using the same API client, then requests work... because it uses the Cookie)
... I get a 403
Error code with the following reply:
<?xml version="1.0"?>
<methodResponse>
<fault>
<value>
<struct>
<member>
<name>faultCode</name>
<value><int>-32604</int></value>
</member>
<member>
<name>faultString</name>
<value><string>server error. forbidden to call the method dokuwiki.getVersion</string></value>
</member>
</struct>
</value>
</fault>
</methodResponse>
... which seems more like a satisfactory answer (yet the issue persists).