Topic on Talk:Core Platform Team/Initiative/Core REST API in MediaWiki/Epics, User Stories, and Requirements

Access-Control-Allow-Origin

3 comments • 00:10, 6 September 2019 4 years ago
3
DBarratt (WMF) (talkcontribs)

I think a requirement should be that the Access-Control-Allow-Origin header is given a default value of * for wikis that are not on an intranet (i.e. behind a firewall). It is completely safe to set this as the default value. MediaWiki should allow this behavior to be disabled if you are running MediaWiki on an intranet.

Doing this will provide for a much better developer experience as developers will be able to use the API from another origin automatically.

See related task T210790.

Reply 13:33, 23 August 2019 4 years ago
EProdromou (WMF) (talkcontribs)

David, I'm angry at you for making me think about CORS.

As far as I can tell, you're right and this makes sense for the new Core REST API, especially if we don't allow session cookie authorization.

Do you want to add a ticket as a child of T229661 or should I?

Reply 19:42, 5 September 2019 4 years ago
DBarratt (WMF) (talkcontribs)
Reply 00:10, 6 September 2019 4 years ago
Reply to "Access-Control-Allow-Origin"
Retrieved from "https://www.mediawiki.org/wiki/Topic:V5y8azvepfpwyfdx"