Support Cross-Origin Resource Sharing for resources

[GoogleCodeExporter]

Developers trying to use XML emitted from the WattDepot REST API in JavaScript 
face a problem, 
the same-origin policy:

http://en.wikipedia.org/wiki/Same_origin_policy

This prevents JavaScript code loaded from one site (like a Google gadget hosted 
at Google) from 
reading data on another site (like the WattDepot public server). The bogosity 
of the situation is 
described well here:

http://www.somebits.com/weblog/tech/bad/same-origin-policy-vs-jsonp.html

One solution is to support the Cross-Origin Resource Sharing W3C draft defined 
here:

http://www.w3.org/TR/cors/

Firefox 3.5 supports Cross-Origin Resource Sharing, and has a nice page 
explaining how it 
works:

https://developer.mozilla.org/En/HTTP_access_control

Since at the moment WattDepot contains only public data, there is no reason to 
restrict request 
to the same origin. Therefore a first cut at providing support would be to add 
the "Access-
Control-Allow-Origin: *" header to all resource requests. Later, this should be 
fixed to only 
apply to GET requests and only to public Sources.

This only solves the problem for browsers that support Cross-Origin Resource 
Sharing 
(supposedly Firefox 3.5 and Safari 4), so we'll still need to do JSONP for 
broader support.

Original issue reported on code.google.com by rbre...@gmail.com on 13 Apr 2010 at 3:52

[GoogleCodeExporter]

r295 provides the first cut of support as discussed above.

Original comment by rbre...@gmail.com on 13 Apr 2010 at 3:55

[GoogleCodeExporter]

Original comment by rbre...@gmail.com on 10 Jan 2012 at 8:37

• Added labels: Priority-High
• Removed labels: Priority-Critical

[GoogleCodeExporter]

Original comment by rbre...@gmail.com on 10 Jan 2012 at 9:35

• Added labels: Priority-Medium
• Removed labels: Priority-High