Skip to content
This repository has been archived by the owner on Mar 3, 2022. It is now read-only.

CORS? #14

Open
inadarei opened this issue Mar 23, 2013 · 2 comments
Open

CORS? #14

inadarei opened this issue Mar 23, 2013 · 2 comments

Comments

@inadarei
Copy link

This is just my personal opinion so please feel free to take with a grain of salt, but I have found many API designers share it, so for whatever it's worth:

You may not need JSONP if you enable CORS Access-Control-Allow-Origin: * (http://en.wikipedia.org/wiki/Cross-origin_resource_sharing) in all your API responses.

Enabling it does not decrease the security of your API wee bit (many would argue JSONP is less secure) and removes a lot of complexity.
@benbunk
Copy link

benbunk commented Mar 23, 2013

+1 for CORS and Access-Control-Allow-Origin: * on read operations. Other operations might require a different CORS rule to restrict access (write operations).

@hay
Copy link

hay commented Mar 28, 2013

Agree 100%. Note that you do need to do a little magic to make CORS work properly in IE8. There's no support at all in IE7 and lower.

For example, you could use this jQuery plugin:

https://github.com/Ovea/cors/blob/master/src/main/resources/com/ovea/cors/jquery.ie.cors.js

@konklone konklone mentioned this issue May 23, 2014
Closed
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@inadarei @hay @benbunk