- From: Mark S. Miller <erights@google.com>
- Date: Thu, 8 Dec 2011 16:51:11 -0800
The argument I was making is that there's no reason to carve out a special
case for JSON, as opposed to all text that parses as JavaScript. Since
then, Jonas made a sensible counterargument. At least for now, I withdraw
the suggestion.
On Thursday, December 8, 2011, Yehuda Katz wrote:
>
> Yehuda Katz
> (ph) 718.877.1325
>
>
> On Thu, Dec 8, 2011 at 4:31 PM, Mark S. Miller <erights at google.com> wrote:
>
>> On Thursday, December 8, 2011, Yehuda Katz wrote:
>>
>>>
>>> I'm probably still misunderstanding, but the current security
>>> infrastructure of the web supports cross-origin XHR only with a new kind of
>>> explicit server opt-in that most APIs do not support.
>>>
>>
>>
>> In that case you are understanding correctly. My point was that *except
>> for the lack of this header*, the rest of this JSONP API is just a one
>> liner.
>>
>
> Yes, but how does that help us?
>
>
>>
>>
>> --
>> Cheers,
>> --MarkM
>>
>
>
--
Cheers,
--MarkM
Received on Thursday, 8 December 2011 16:51:11 UTC