Translations:Manual:CORS/28/en

For anonymous requests you can use the JSONP format instead. This is simpler but slightly less secure (it fetches and executes arbitrary Javascript code from the wiki so an attacker who took over the MediaWiki site has an XSS vector against the remote site).