On Wed, 29 Aug 2012 12:03:05 -0700, Mark Holmquist mtraceur@member.fsf.org wrote:
Has there been any discussion of CORS support in Mediawiki / WMF sites anywhere?
There was some talk of it in bug 32890 [0] in UploadWizard, and I tried to throw together code for it in a patchset [1], but I didn't spend much time on it (the effort was mostly to put the code into a workable patchset rather than just a snippet in a bug).
bawolff also commented on the patchset and linked to bug 20814 [2], which is further discussion of the topic in broader strokes.
[0] https://bugzilla.wikimedia.org/show_bug.cgi?id=32890 [1] https://gerrit.wikimedia.org/r/#/c/9718/ [2] https://bugzilla.wikimedia.org/show_bug.cgi?id=20814
CORS will definitely be something we want to implement when OAuth/SomethingLikeIt comes around. JSONP is a horrid concept and we shouldn't encourage it's use. And it's impossible to do write actions or proper OAuth over JSONP. So CORS will be necessary for any pure-JS OAuth apps. eg: 3rd party anti-spam web apps that let you open them up in your browser, type in a wiki's url, connect with OAuth, and then make batch cleanups, patrolling, etc...