-
Notifications
You must be signed in to change notification settings - Fork 85
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support for CORS (or JSONP?) #5
Comments
what's the main reason for supporting JSONP ? |
@sebastianovide I would say that it's more for implementations where implementers don't have admin privileges on the host. Otherwise, I don't see an obvious reason. |
JSONP or CORS are needed, if you want to access data from a web page and the data is on another host than the webpage. For example, a web-application accessing data from multiple distributed sources. The "same-origin policy" would prevent this. See, for example, https://en.wikipedia.org/wiki/JSONP. |
Discussed during the meeting on 2017-11-28: Simply create awareness for the issue and mention CORS/JSONP as potential approaches. Then wait for implementer feedback whether more is needed. |
Agreed, I think a short best practices paper explaining the issue and how to configure your web server would go a long way. CORS configuration is often outside of the actual WFS server - like in GeoServer with Java you can't set the configuration within the code, you have to update a setting in your tomcat or jetty server. |
Servers should support a mechanism to overcome cross-domain restrictions.
To be consistent with HTTP, it probably should be CORS. Is that only a separate requirement or does it need to be reflected in the OpenAPI definition? The discussion here suggests that it should not be reflected explicitly in the OpenAPI definition.
Is the convenience of JSONP important enough to support it, too, even with its drawbacks?
The text was updated successfully, but these errors were encountered: