qqueue
commented
11 years ago - CORS is superior to JSONP for making cross-domain requests.
- moot probably doesn't want domains other than boards.4chan.org to be able to consume the API (which pretty much makes the API for his native script and userscripts only).
- JSONP doesn't have fine-grained access control.
I personally think there would be very little abuse if moot changed the CORS accepted orgins to "*", since board scrapers and non-browser software can already ignore cross-origin problems, and "just copying the site functionality" is already against the TOS. However, I don't pay for the servers or have access to the analytics.
If anything, we should get CORS headers on images.4chan.org: https://github.com/4chan/4chan-JS/issues/34
fluxa
It'd be nice to have JSONP support for cross-domain ajax requests.