dpatrick added a comment. This task may be rendered moot if "Access-Control-Allow-Origin: *" is implemented, re. https://phabricator.wikimedia.org/T62835. Absent that, I think it would be safe to allow read-only access from labs by adding the domain(s) to the whitelist (`$wgCrossSiteAJAXdomains`) and setting "Access-Control-Allow-Credentials: false" on pre-flight and primary responses.
TASK DETAIL https://phabricator.wikimedia.org/T65808 EMAIL PREFERENCES https://phabricator.wikimedia.org/settings/panel/emailpreferences/ To: dpatrick Cc: Aklapper, csteipp, Matanya, Jdlrobson, Krenair, hoo, JanZerebecki, He7d3r, Petrb, Magnus, Snowolf, wikibugs-l-list, jeremyb, Ltrlg, Dereckson, JohnLewis, dpatrick, Luke081515, Wikidata-bugs, aude, Bawolff, Mbch331, Legoktm _______________________________________________ Wikidata-bugs mailing list Wikidata-bugs@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikidata-bugs