https://bugzilla.wikimedia.org/show_bug.cgi?id=20814
--- Comment #13 from Roan Kattouw <[email protected]> 2012-06-01 12:56:05 UTC --- (In reply to comment #6) > One possible way to support CORS would be to require that the origin be > specified in a URL parameter. If the URL parameter matches the Origin header, > then the access control header can be sent with Vary: Origin. If it doesn't > match, a 403 can be sent with CC: no-cache. If the URL parameter is missing, > no > Vary header or access control header is sent. This means that caching will > only > be broken to the extent necessary to support the feature. > That's what I ended up doing, and I also fixed the Origin-header-can-contain-spaces issue. The bulk of the changes are in https://gerrit.wikimedia.org/r/9624 . There are three smaller changes leading up to it as well; you can view them all at https://gerrit.wikimedia.org/r/#/q/project:mediawiki/core+branch:master+topic:apicors,n,z If this passes muster, we can enable CORS on the live site once these changes are deployed. -- Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. You are on the CC list for the bug. _______________________________________________ Wikibugs-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
