[Developers] example mqlwrite using javascript

Jason Douglas jason at metaweb.com
Fri Mar 20 01:58:48 UTC 2009 

Just to be clear, the "real" issue is authentication.  On  
freebase.com, users are issued cookies against that work when passed  
to the mqlwrite API.

Our solution for third-parties wishing to authenticate Freebase users  
in order to do writes to Freebase is OAuth.  You can use an OAuth  
library within your own server, or you can just create an Acre app  
which does all that set up for you automatically (sent separately).   
Once you've figured out how you're going to manage OAuth, it will be  
possible to do ajax-y writes... that's the easy part.  ;-)

-jason


On Mar 19, 2009, at 5:15 PM, Alec Flett wrote:

> Short answer: you can't do it from pages not on freebase.com
>
> Long answer:
>
> Writes are done http POST - but freebase.com actually restricts  
> POSTs to those containing the header "X-Metaweb-Request" The trick  
> there is that the only way to alter headers in a request is to use  
> XMLHttpRequest, and you can't make XMLHttpRequest calls across  
> domain names.
>
> This is one of those unfortunate aspects of the overall browser /  
> domain security architecture. If we didn't require that header, then  
> any arbitrary, malicious web page could do a form POST and it would  
> be done as whoever is logged in... i.e. I could say
>
> <html onload="forms[0].submit()">
>   <form name="foo" method="POST" target="http://www.freebase.com/api/service/mqlwrite 
> ">
>     <input type="hidden" name="queries" value="{"query": {"id": "/en/ 
> david_bowie", "name": {"value": "Bowie Sucks", "connect": "update",  
> "lang": "/lang/en"}">
>   </form>
>
>   Welcome, naive user, I just defaced freebase.com on your behalf!
> </html>
>
> Because of the header restriction, this will fail if you try this  
> today.
>
> Alec
>
> On Mar 18, 2009, at 12:41 PM, Jack Alves wrote:
>
>> Can anyone point me to a javascript example of a mqlwrite. I'm  
>> doing reads with the following jquery call. I can't figure out what  
>> to do for writes.
>>
>>     $.ajax({
>>         url: 'http://www.freebase.com/api/service/mqlread',
>>         dataType: "jsonp",
>>         cache: true,
>>         success: mqlread_cb,
>>         data: { queries: query }
>>     });
>>
>> thanks
>>
>> jack
>> _______________________________________________
>> Developers mailing list
>> Developers at freebase.com
>> http://lists.freebase.com/mailman/listinfo/developers
>
> _______________________________________________
> Developers mailing list
> Developers at freebase.com
> http://lists.freebase.com/mailman/listinfo/developers

More information about the Developers mailing list