https://bugzilla.wikimedia.org/show_bug.cgi?id=28700
--- Comment #4 from Roan Kattouw <roan.katt...@gmail.com> 2011-04-26 15:24:54 UTC --- (In reply to comment #3) > I would think this bug would ideally be expanded to allow CORS for the API > page > itself as well--that would allow JavaScript applications to access the API > without the GET limitations of JSONP and also avoids its security problems (a > site can execute arbitrary JavaScript based on JSONP's current lack of a > specific content-type in browsers (its not JSON, nor should it be JavaScript), > not merely the callback requested by the user). > > Besides that, my impression as a web developer is that JSONP is a lesser-known > technique than Ajax, so I think you'd also be promoting the API usage more > widely. The API already supports CORS, see bug 19907. This code is live on Wikimedia wikis already, but it's not configured, so no CORS headers are actually served right now. -- Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. You are on the CC list for the bug. _______________________________________________ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
