https://bugzilla.wikimedia.org/show_bug.cgi?id=28700
Brett Zamir <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |[email protected] --- Comment #3 from Brett Zamir <[email protected]> 2011-04-26 01:52:34 UTC --- Specification draft is at http://www.w3.org/TR/cors/ (IE8 works with a different object client-side (not XMLHttpRequest for cross-domain requests), but relies on the same Access-Control-Allow-Origin header: http://msdn.microsoft.com/en-us/library/dd573303(v=vs.85).aspx so even IE8 ought to be workable with it.) I would think this bug would ideally be expanded to allow CORS for the API page itself as well--that would allow JavaScript applications to access the API without the GET limitations of JSONP and also avoids its security problems (a site can execute arbitrary JavaScript based on JSONP's current lack of a specific content-type in browsers (its not JSON, nor should it be JavaScript), not merely the callback requested by the user). Besides that, my impression as a web developer is that JSONP is a lesser-known technique than Ajax, so I think you'd also be promoting the API usage more widely. -- Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. You are on the CC list for the bug. _______________________________________________ Wikibugs-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
