SPIKE: Implications of supporting CORS in addition to JSONP

NuCivic / react-dash

A framework for building data visualization dashboards using react. Docs: http://react-dashboard.readthedocs.io/en/latest/

MIT License

98 stars 22 forks source link

Closed iris-i closed 4 years ago

iris-i commented 6 years ago

Based on a client request. Do we need to enable CORS support in addition to JSONP? Wikipedia results suggest that JSONP is older and more susceptible to XSS attacks (if the source site is compromised) and some other security concerns. https://en.wikipedia.org/wiki/JSONP https://en.wikipedia.org/wiki/Cross-origin_resource_sharing

erogray commented 4 years ago

No longer a current priority for React-dash