This repository has been archived by the owner on Mar 3, 2022. It is now read-only.
CORS? #14
Comments
|
+1 for CORS and Access-Control-Allow-Origin: * on read operations. Other operations might require a different CORS rule to restrict access (write operations). |
|
Agree 100%. Note that you do need to do a little magic to make CORS work properly in IE8. There's no support at all in IE7 and lower. For example, you could use this jQuery plugin: https://github.com/Ovea/cors/blob/master/src/main/resources/com/ovea/cors/jquery.ie.cors.js |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
This is just my personal opinion so please feel free to take with a grain of salt, but I have found many API designers share it, so for whatever it's worth:
You may not need JSONP if you enable CORS Access-Control-Allow-Origin: * (http://en.wikipedia.org/wiki/Cross-origin_resource_sharing) in all your API responses.
Enabling it does not decrease the security of your API wee bit (many would argue JSONP is less secure) and removes a lot of complexity.
The text was updated successfully, but these errors were encountered: