Aerogear 534 - First try at Pipeline jsonp #8
Conversation
| @@ -8,6 +8,8 @@ | |||
| @param {String} [settings.baseURL] - defines the base URL to use for an endpoint | |||
| @param {String} [settings.endpoint=pipename] - overrides the default naming of the endpoint which uses the pipeName | |||
| @param {String} [settings.recordId="id"] - the name of the field used to uniquely identify a "record" in the data | |||
| @param {Boolean} [settings.jsonp=false] - If true, this pipe will use jsonp, ***Pipe becomes read only*** | |||
There was a problem hiding this comment.
I would not say this has a default of false since you're actually just checking if it is undefined, which is falsey. I would have no default.
|
wrt the jsonp = "jsonp" , using the example below, i could only get it to work when i added the jsonp='jsonp' variable |
|
wrt to the first comment, right, i had the code a little different when i wrote that, forgot to change it |
|
most likely the callback won't be overriden, but if some one is designing both the client and server, they could add a little bit of security by defining the callback on the server, so in that case they would need an override |
|
@lholmquist OK, we should remove the jsonp="jsonp" ... we don't want to program our lib to work with a specific service, i.e. battle.net. some other may just use "callback" or another may use "zippitydoda" For the callback, ok. Leave it in for now. |
|
@kborchers very true, i'm thinking then maybe we should have a settings for jsonp or something like that |
|
I could probably go along with that. Let's see what it looks like and how it works and we'll go from there. |
|
@kborchers not sure what else needs to be added, i actually got rid of the custom callback part, not sure if we need to do anything if they want to use save, since this will change POST to GET |
|
Well, I don't like the idea of changing a POST to a GET when someone tries to save. How about this? Let's add a crossDomain setting which is an object and if included means that all read()'s should use jsonp unless specifically set to false and all save()'s should check for CORS (both client and server via header) unless set to false. That object can contain: Appropriate errors should be thrown for both if something goes wrong and possibly handled internally to make it easier on the developer (if possible). Specifically, for CORS, throw an error if on the client side XMLHttpRequest doesn't have the withCredentials prop (non-IE) or if XDomainRequest doesn't exist (IE) and on the server side, if the server returns an error and/or the Access-Control-Allow-Origin header is missing or doesn't allow * or the current app's domain. If you get all of that, cool. If not, we can set up some time to chat if you want. |
|
Well the change to GET happens by default from jquery. let me digest this book, i mean small paragraph |
|
You'll want to move xdr.js to a subfolder and include the license file https://github.com/jaubourg/ajaxHooks/blob/master/MIT-LICENSE.txt like I just did for UUID |
|
|
||
| //Check for CrossDomain | ||
| if( crossDomain ) { | ||
| if( crossDomain.type === "jsonp" || !AeroGear.hasCORS() ) { |
There was a problem hiding this comment.
Why not assume JSONP unless cors: true is specified as described here #8 (comment)
There was a problem hiding this comment.
Also, we shouldn't default to JSONP if they specify CORS but it's not supported because we have no idea if their server supports JSONP.
This is how I would imagine it working best but am open to other ideas:
if(crossDomain)
if(cors && !hasCORS)
fail the request
else
assume jsonp because they added crossDomain options but not CORS and set dataType and jsonp options
|
closing this since it was already added in another PR |
see dev list for examples