User Details
User Details
- User Since
- Mar 16 2015, 6:12 PM (474 w, 3 d)
- Availability
- Available
- LDAP User
- Unknown
- MediaWiki User
- FrankieRayRobertson [ Global Accounts ]
Mar 17 2015
Mar 17 2015
FrankieRayRobertson added a comment to T62835: Enable cross-domain API requests in API's JSON responses.
Another point to make here is that JSONP is less secure since then anyone with control over the Mediawiki site can make my users on my site execute arbitrary Javascript.
Mar 16 2015
Mar 16 2015
FrankieRayRobertson added a comment to T62835: Enable cross-domain API requests in API's JSON responses.
I've run into this today. I inferred from the documentation on MediaWiki I would get Access-Control-Allow-Origin: <value of origin header> since allowing all domains seems like a reasonably sensible option when doing GET queries, but, as discussed here I didn't. If we are really at the stage of not trusting the browsers to implement the standard correctly (as far as I know they all do), it would be possible to reject requests with the Cookie header sent.