Page MenuHomePhabricator

FrankieRayRobertson
User

Projects

User does not belong to any projects.

Today

  • Clear sailing ahead.

Tomorrow

  • Clear sailing ahead.

Wednesday

  • Clear sailing ahead.

User Details

User Since
Mar 16 2015, 6:12 PM (264 w, 1 h)
Availability
Available
LDAP User
Unknown
MediaWiki User
FrankieRayRobertson [ Global Accounts ]

Recent Activity

Mar 17 2015

FrankieRayRobertson added a comment to T62835: Enable cross-domain API requests in API's JSON responses.

Another point to make here is that JSONP is less secure since then anyone with control over the Mediawiki site can make my users on my site execute arbitrary Javascript.

Mar 17 2015, 10:09 AM · MW-1.28-release-notes, MW-1.28-release (WMF-deploy-2016-07-12_(1.28.0-wmf.10)), Patch-For-Review, Security-Team, Wikimedia-Site-requests

Mar 16 2015

FrankieRayRobertson added a comment to T62835: Enable cross-domain API requests in API's JSON responses.

I've run into this today. I inferred from the documentation on MediaWiki I would get Access-Control-Allow-Origin: <value of origin header> since allowing all domains seems like a reasonably sensible option when doing GET queries, but, as discussed here I didn't. If we are really at the stage of not trusting the browsers to implement the standard correctly (as far as I know they all do), it would be possible to reject requests with the Cookie header sent.

Mar 16 2015, 6:41 PM · MW-1.28-release-notes, MW-1.28-release (WMF-deploy-2016-07-12_(1.28.0-wmf.10)), Patch-For-Review, Security-Team, Wikimedia-Site-requests