Re: Call for issues and comment on JSON result format

On Dec 21, 2010, at 11:46 AM, Sandro Hawke wrote:

> I'm not an expert in this, but as I understand it, JSONP will be
> obsolete when CORS is adopted by enough browsers.  I guess I lean toward
> including it, but with some words about the security problems is raises
> and its expected obsolescence.  As I understand it, the big problem with
> JSONP is that you go from merely trusting that the endpoint is giving
> you the data you want, to trusting it completely (within the sandbox of
> the app itself).   Since there are lots of apps that don't really care
> if they are subverted, and the alternatives are difficult or not yet
> available, JSONP is quite useful.


Thanks for the response. The security stuff is interesting. I'm not all that familiar with CORS; is there an status overview somewhere of expected timelines and/or browser support?


Received on Tuesday, 21 December 2010 19:57:18 UTC