The API is pretty much unusable now, as there is no CORS on it. It is therefore impossible to create a client in the browser (without owning your domain), since the Ajax same-origin policy breaks it. Obviously, you could just proxy the requests through another server, but that would break your sessions (since they seem to be tied to IPs), and IP banning... need I say more?
It only takes one HTTP header to enable it. I don't have any JSP/Tomcat/whatever experience, but it should be very easy to implement.
The API is pretty much unusable now, as there is no CORS on it. It is therefore impossible to create a client in the browser (without owning your domain), since the Ajax same-origin policy breaks it. Obviously, you could just proxy the requests through another server, but that would break your sessions (since they seem to be tied to IPs), and IP banning... need I say more?
It only takes one HTTP header to enable it. I don't have any JSP/Tomcat/whatever experience, but it should be very easy to implement.