How can I POST data to datastore cross-domain? I have my webapp running on 127.0.0.1/app.html and Pintura is running on 127.0.0.1:8080. I can authenticate and get pintura-session cookie but I can't get POST to work. I have tried to put Client-Id with pintura-session string but no luck, I'm still getting 405 error.
So basically what this means is that it will be really hard to do a public JSONP API with Pintura if you can't accept authentication tokens cross-domain? Could I implement OAuth somehow on top of Pintura without actually writing the whole thing from scratch? :) That would solve the problem and offer a secure way to do cross-domain and still use the whole facet security paradigm.
The suggestion of putting login credentials to URL is highly insecure if you think about people using public wifis etc. to access the app. This is why Twitter changed their API auth model a while back.
By the way, it works with ?http-authorization but I really don't want to send user:pass over every request :/
Perhaps adding Access-Control-Allow-Credentials would be an option...