On Wed, 29 Aug 2012 12:03:05 -0700, Mark Holmquist
<mtraceur(a)member.fsf.org> wrote:
Has there been
any discussion of CORS support in Mediawiki / WMF sites
anywhere?
There was some talk of it in bug 32890 [0] in UploadWizard, and I tried
to throw together code for it in a patchset [1], but I didn't spend much
time on it (the effort was mostly to put the code into a workable
patchset rather than just a snippet in a bug).
bawolff also commented on the patchset and linked to bug 20814 [2],
which is further discussion of the topic in broader strokes.
[0]
https://bugzilla.wikimedia.org/show_bug.cgi?id=32890
[1]
https://gerrit.wikimedia.org/r/#/c/9718/
[2]
https://bugzilla.wikimedia.org/show_bug.cgi?id=20814
CORS will definitely be something we want to implement when
OAuth/SomethingLikeIt comes around.
JSONP is a horrid concept and we shouldn't encourage it's use.
And it's impossible to do write actions or proper OAuth over JSONP. So
CORS will be necessary for any pure-JS OAuth apps.
eg: 3rd party anti-spam web apps that let you open them up in your
browser, type in a wiki's url, connect with OAuth, and then make batch
cleanups, patrolling, etc...
--
~Daniel Friesen (Dantman, Nadir-Seen-Fire) [
http://daniel.friesen.name]