https://bugzilla.wikimedia.org/show_bug.cgi?id=20814
--- Comment #31 from Krinkle <krinklem...@gmail.com> 2012-09-16 16:29:36 UTC --- (In reply to comment #27) > Sorry to be so clueless here and not noticing the original comment about > this--but what is the harm in providing some read-only access to other > domains? > JSONP is already exposed, so why is this not being exposed openly? For read-only access, use JSONP. JSONP works across any domain and is not affected by the same-origin policy because it doesn't use XHR requests, but regular script requests (through a callback parameter). The API automatically puts itself in read-only anonymous user mode when accessing it through JSONP. For pure JSON, the origin has to be trusted and write-access is allowed. For that kind of access the origin must be trusted. -- Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. You are on the CC list for the bug. _______________________________________________ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
