Page MenuHomePhabricator
Create Task
Maniphest T32802

Enable CORS on unauthenticated API requests
Closed, ResolvedPublic
Actions

Description

CORS support has been requested in previous related bugzilla bugs including bug 20814, bug 28700 and bug 20298.

The MediaWiki API could be used by third-party JavaScript tools a lot easier if it could return data cross-domain to Ajax users without them having to run proxies or use Flash/crossdomain.xml hacks and other such things.

The solution is simple: for HTTP GET-based, non-authenticated API requests, add the following header to the response.

Access-Control-Allow-Origin: *

More details about CORS:
http://enable-cors.org/
http://www.html5rocks.com/en/tutorials/file/xhr2/
http://www.w3.org/TR/cors/

Version: unspecified
Severity: enhancement

Details

Reference
bz30802

Event Timeline

bzimport raised the priority of this task from to Needs Triage.Nov 21 2014, 11:49 PM
bzimport added a project: MediaWiki-Action-API.
bzimport set Reference to bz30802.
bzimport added a subscriber: Unknown Object (MLST).
tommorris created this task.Sep 7 2011, 4:01 PM
Catrope added a comment.Sep 7 2011, 4:40 PM

This is exactly what bug 20814 is about. Marking as duplicate.

  • This bug has been marked as a duplicate of bug 20814 ***
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits