I was hoping that the response from a GET request to Wikipedia's API[1] would include a CORS "Access-Control-Allow-Origin: *" header, so that it could be accessed by a client-side script running on any domain.
I ended up using the JSONP response as a workaround, but this is less secure than cross-origin JSON, and shouldn't really be necessary now that browsers support CORS headers.
Would it be possible to add an "Access-Control-Allow-Origin: *" header to the API's JSON responses?
Version: unspecified
Severity: enhancement