- From: Gregory Williams <greg@evilfunhouse.com>
- Date: Tue, 21 Dec 2010 11:56:47 -0800
- To: Sandro Hawke <sandro@w3.org>
- Cc: SPARQL Working Group <public-rdf-dawg@w3.org>
On Dec 21, 2010, at 11:46 AM, Sandro Hawke wrote: > I'm not an expert in this, but as I understand it, JSONP will be > obsolete when CORS is adopted by enough browsers. I guess I lean toward > including it, but with some words about the security problems is raises > and its expected obsolescence. As I understand it, the big problem with > JSONP is that you go from merely trusting that the endpoint is giving > you the data you want, to trusting it completely (within the sandbox of > the app itself). Since there are lots of apps that don't really care > if they are subverted, and the alternatives are difficult or not yet > available, JSONP is quite useful. Sandro, Thanks for the response. The security stuff is interesting. I'm not all that familiar with CORS; is there an status overview somewhere of expected timelines and/or browser support? thanks, .greg
Received on Tuesday, 21 December 2010 19:57:18 UTC