Page MenuHomePhabricator
People FrankieRayRobertson

FrankieRayRobertson
User

Projects

User does not belong to any projects.

Calendar

Today

  • Clear sailing ahead.

Tomorrow

  • Clear sailing ahead.

Sunday

  • Clear sailing ahead.

User Details

User Since
Mar 16 2015, 6:12 PM (474 w, 3 d)
Availability
Available
LDAP User
Unknown
MediaWiki User
FrankieRayRobertson [ Global Accounts ]

Recent Activity
View All

Mar 17 2015

FrankieRayRobertson added a comment to T62835: Enable cross-domain API requests in API's JSON responses.

Another point to make here is that JSONP is less secure since then anyone with control over the Mediawiki site can make my users on my site execute arbitrary Javascript.

Mar 17 2015, 10:09 AM · MW-1.28-release-notes, MW-1.28-release (WMF-deploy-2016-07-12_(1.28.0-wmf.10)), Security-Team, Wikimedia-Site-requests

Mar 16 2015

FrankieRayRobertson added a comment to T62835: Enable cross-domain API requests in API's JSON responses.

I've run into this today. I inferred from the documentation on MediaWiki I would get Access-Control-Allow-Origin: <value of origin header> since allowing all domains seems like a reasonably sensible option when doing GET queries, but, as discussed here I didn't. If we are really at the stage of not trusting the browsers to implement the standard correctly (as far as I know they all do), it would be possible to reject requests with the Cookie header sent.

Mar 16 2015, 6:41 PM · MW-1.28-release-notes, MW-1.28-release (WMF-deploy-2016-07-12_(1.28.0-wmf.10)), Security-Team, Wikimedia-Site-requests
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL