Skip to content
This repository has been archived by the owner on Mar 3, 2022. It is now read-only.

CORS? #14

Open
inadarei opened this issue Mar 23, 2013 · 2 comments
Open

CORS? #14

inadarei opened this issue Mar 23, 2013 · 2 comments

Comments

@inadarei
Copy link

This is just my personal opinion so please feel free to take with a grain of salt, but I have found many API designers share it, so for whatever it's worth:

You may not need JSONP if you enable CORS Access-Control-Allow-Origin: * (http://en.wikipedia.org/wiki/Cross-origin_resource_sharing) in all your API responses.

Enabling it does not decrease the security of your API wee bit (many would argue JSONP is less secure) and removes a lot of complexity.

@benbunk
Copy link

benbunk commented Mar 23, 2013

+1 for CORS and Access-Control-Allow-Origin: * on read operations. Other operations might require a different CORS rule to restrict access (write operations).

@hay
Copy link

hay commented Mar 28, 2013

Agree 100%. Note that you do need to do a little magic to make CORS work properly in IE8. There's no support at all in IE7 and lower.

For example, you could use this jQuery plugin:

https://github.com/Ovea/cors/blob/master/src/main/resources/com/ovea/cors/jquery.ie.cors.js

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants