https://bugzilla.wikimedia.org/show_bug.cgi?id=43399
Web browser: ---
Bug ID: 43399
Summary: Firefox OS app should not use PHP proxy
Product: Wikipedia App
Version: Unspecified
Hardware: All
OS: All
Status: NEW
Severity: normal
Priority: Unprioritized
Component: Generic
Assignee: [email protected]
Reporter: [email protected]
CC: [email protected], [email protected]
Classification: Unclassified
Mobile Platform: Firefox OS
The Firefox OS app uses a PHP proxy script to communicate with the Wikipedia
API endpoint.
This is a bit sloppy, requires PHP on the hosting server, and may cause
requests to go over an insecure channel if the app is not hosted on HTTPS.
Looks like there's a few potential ways around this:
* use JSONP for Wikipedia API hits -- should be enough for unauthenticated
(should be easy, changes only to the app)
* change API's CORS headers to allow unauthenticated hits from anywhere (not
sure how hard this would be or if it requires security review)
* switch from a hosted app to a packaged app and use 'system XHR' which allows
cross-site unauthenticated requests (may make the app harder to test)
--
You are receiving this mail because:
You are the assignee for the bug.
You are watching all bug changes.
_______________________________________________
Wikibugs-l mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
