Last modified: 2012-12-25 17:24:16 UTC
The Firefox OS app uses a PHP proxy script to communicate with the Wikipedia API endpoint. This is a bit sloppy, requires PHP on the hosting server, and may cause requests to go over an insecure channel if the app is not hosted on HTTPS. Looks like there's a few potential ways around this: * use JSONP for Wikipedia API hits -- should be enough for unauthenticated (should be easy, changes only to the app) * change API's CORS headers to allow unauthenticated hits from anywhere (not sure how hard this would be or if it requires security review) * switch from a hosted app to a packaged app and use 'system XHR' which allows cross-site unauthenticated requests (may make the app harder to test)
[jsonp 46b63f0] * (bug 43399) Remove dependency on PHP proxy for Firefox OS