Closed TobiasWooldridge closed 10 years ago
For now I'm simply using a HTTP proxy which intercepts all OPTIONS requests and sets the following headers, though I don't think this is an effective long-term solution
response.setHeader("Access-Control-Allow-Origin", "*");
response.setHeader("Access-Control-Allow-Methods", "GET,HEAD,POST,OPTIONS,TRACE");
response.setHeader("Access-Control-Allow-Headers", "Authorization");
Regarding JSONP, I would use a GET query parameter called jsonp
not callback
, because it is more self-documenting.
In the example given, the GET request should not include a Content-Type
header, because it has no content. The HTTP server should simply detect the jsonp
parameter and change its response Content Type from application/json
to application/javascript
and enclose the JSON content in the function call as JSONP mandates.
I can see that either JSONP or CORS is needed, but not both. CORS is documented as superior to JSONP because it is more general and is not vulnerable to cross site request forgery, which might be an issue for fetching decrypted payloads.
Isn't a static file server going to be needed in either case?
Added support for OPTIONS verb and Origin header for cross site scripting from local servers. 31cf3a6
To implement a web interface for serval-dna, one of the three following needs to be implemented
For the implementation of CORS, it may suffice to have a fixed OPTIONS response of the following form
And a header of the form
For the implementation of JSONP, a GET parameter must be accepted, the application/javascript content type must be accepted, and the JSON response body must be wrapped in a JS call to the function named by this argument; e.g.
Would return a response with the body
JSONP and CORS are likely the easiest methods to implement server-side. CORS is simplest to implement client-side (Cross-origin AJAX requests can be treated as though they were on the origin host)
I don't know how to implement the file server or JSONP, but implementing CORS doesn't seem too tough and I could at least hack that together. Any suggestions?