Closed mrroach9 closed 12 years ago
We cannot add JSONP support for now. Without careful design, it would lead to security vulnerabilities.
After you have logged in, any site could get your information using jsonp. We need other methods to prevent this from happening.
I'm not sure if current design is vulnerable to CSRF attacks. We should disable cross-site requests for the moment.
We are not using cookies, so are there still security problems?
Oh I forgot that we were not using cookies. I think we can allow jsonp, then.
Hooray! So can either of you add this recently? Thanks so much!
OK, let's do it. Now nearly all the results are returned by svc.writedata(), so it should be easy to implement this.
This is implemented. jsonp=function and jsoncallback=function both work. Initial CORS support is also implemented. That's a modern alternative to jsonp.
It works perfectly well. Thanks so much!
The current pybbs interface will simply ignore jsoncallback arg, this will make cross-domain ajax request using jQuery invalid.