CORS to JSONP - sgml/signature GitHub Wiki

Test URLs

| REST API          | Description                                                                                  | Documentation Link                                                                                                   |
|-------------------|----------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------|
| Wikipedia API     | Supports JSONP callbacks, allowing you to fetch data from Wikipedia and wrap it in a callback function. | [Wikipedia API Documentation](https://www.mediawiki.org/wiki/API:Main_page)                                          |
| GitHub API        | Supports JSONP for cross-origin requests by sending a `callback` parameter with GET calls.     | [GitHub API Documentation](https://docs.github.com/en/[email protected]/rest/using-the-rest-api/using-cors-and-jsonp-to-make-cross-origin-requests)   |
| dotCMS API        | Supports JSONP for cross-domain calls by adding a `callback` parameter to the RESTful URL request. | [dotCMS API Documentation](https://docs.dotcms.com/docs/latest/docs/latest/content-api-jsonp)                        |

Security Testing Projects

Mediawiki

var apiEndpoint = "https://commons.wikimedia.org/w/api.php";
var params = "action=query&list=allimages&ailimit=3&format=json&callback=foo";
var script = document.createElement('script');
script.src = apiEndpoint + "?" + params;
document.body.appendChild(script);
script.onload = function() {
  document.body.removeChild(script);
};
script.onerror = function(error) {
  console.error('Error fetching data:', error);
  document.body.removeChild(script);
};

References

Troubleshooting

CORS

Github Issues

  1. Same-origin policy and Cross-origin resource sharing (CORS) #80 - ajhsu/blog

  2. Disable same origin policy #566 - responsively-org/responsively-app

  3. [css-images] image-orientation:none violates same-origin policy #5165 - w3c/csswg-drafts

CSRF