[developers] RESTful ERG parsing

Ned Letcher ned at nedned.net
Thu Apr 21 09:09:11 CEST 2016


I too have been learning more about all this and agree with everything Mike
said about CORS/JSONP. There's certainly no need from JSON-P from my
perspective if CORS is enabled on the server.

Ned

On Wed, 20 Apr 2016 at 07:32 Michael Wayne Goodman <
goodmami at u.washington.edu> wrote:

> On Tue, Apr 19, 2016 at 1:04 PM Stephan Oepen <oe at ifi.uio.no> wrote:
>
>> [...] mike and ned, does the above sound about right to you?  if so, i
>> think
>
>
>> i could provide CORS support immediately.  if that were available, do
>> you see additional value in also supporting JSONP?
>>
>
> Your summary looks about right. In my previous message, I thought CORS
> required a more complicated server configuration, but if it's just a header
> then it does seem pretty simple. If there's no benefit, then, to using
> JSON-P besides supporting older IE browsers, we probably don't need it.
>
> I'm also becoming less fond of JSON-P because it is just a clever use of a
> cross-site-scripting hack. The client sends the request by dynamically
> altering their document with a new <script> element whose URL is the
> request, and it then executes whatever javascript the server sends back. As
> long as you trust the server, it's fine, but it's still a hack (although it
> is used by some major services, such as GitHub, Google, etc.).
>
>
>> On Tue, Apr 19, 2016 at 3:30 PM, Ned Letcher <ned at nedned.net> wrote:
>>
> > [...] My understanding is that, currently, my code would have to be
>> hosted off
>
> > delph-in.net in order for it to make a successful ajax request to the
>> API.
>>
>
> Actually I think it would have to be hosted at the same sub-domain, i.e.
> erg.delph-in.net. Subdirectories are ok, though, so
> erg.delph-in.net/some_application would be able to access it, but that
> means the owner of the subdomain needs to manage all apps that use the API.
> If the API is meant to be consumed by external apps, CORS or JSON-P is the
> way to do it.
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.delph-in.net/archives/developers/attachments/20160421/b2870e8d/attachment.html>


More information about the developers mailing list