Topic on Talk:Core Platform Team/Initiative/Core REST API in MediaWiki/Epics, User Stories, and Requirements

Jump to navigation Jump to search
DBarratt (WMF) (talkcontribs)

I think a requirement should be that the Access-Control-Allow-Origin header is given a default value of * for wikis that are not on an intranet (i.e. behind a firewall). It is completely safe to set this as the default value. MediaWiki should allow this behavior to be disabled if you are running MediaWiki on an intranet.

Doing this will provide for a much better developer experience as developers will be able to use the API from another origin automatically.

See related task T210790.

EProdromou (WMF) (talkcontribs)

David, I'm angry at you for making me think about CORS.

As far as I can tell, you're right and this makes sense for the new Core REST API, especially if we don't allow session cookie authorization.

Do you want to add a ticket as a child of T229661 or should I?

DBarratt (WMF) (talkcontribs)
Reply to "Access-Control-Allow-Origin"