So, why such a focus on this? IMO both JSONP and CORS are way too early stage to adopt and the security risks outweigh the rewards. Usually, I see people doing this to enable mashups across separate providers.
Just curious why the focus/need is perceived in the community? If this is really because of redirects then we probably have a broken model and/or improper distribution of responsibilities. Love to know if I'm missing a real use case. Can help fix model if it is broken. Have much experience in this area. IMO no solution should trick the browser. Jan On Apr 24, 2012, at 7:05 PM, Luis Gervaso <[email protected]> wrote: > The solution until the webservice deliver that headers is: > > Solution 1: > > 1. Put the webservice behind a remote or local proxy > 2. Apply some a filter (decorator) for each response with the CORS headers > (in the proxy) in order to trick the browser > > Solution 2: > > Some time ago I tested it with Chrome (disabling security) and it worked for > me > > Solution 3 (really dirty, but works): > > Embedded Flash Proxy > > > On Wed, Apr 25, 2012 at 3:09 AM, Nick Lothian <[email protected]> wrote: > Yes, this will work if I know in advance what server I will be connecting too. > > However, it does remove the ability to support any cloud without intervention > on the serverside. > > On Apr 25, 2012 2:46 AM, "Joel Semar" <[email protected]> wrote: > Nick, > > I know you said 'serverless clients' but you have to be serving the js from > somewhere right? > > If you are using nginx it can be as simple as: > > location /nova/ { > proxy_pass: http://nova-api.trystack.org; > } > > then you can POST to yourserver/nova/v.02/. from the browser > > etc. > (it's just about as simple on apache but you'd have to look it up) > > > But then i guess this won't work for you if you are writing some > distributable component/plugin/library. > > (sorry if you've already dismissed this option but i thought it worth a shot > since it has worked flawlessly for me in the past) > > > > On Tue, Apr 24, 2012 at 9:49 AM, Sandy Walsh <[email protected]> > wrote: > > > On 04/24/2012 11:19 AM, Nick Lothian wrote: > > JSONP is great, but won't work with POST requests. > > Hmm, good point. > > > I don't quite understand what "Due to the redirect nature of the auth > > system" means, though. > > > > If I use a custom Webkit browser & allow cross domain XMLHttpRequests it > > works fine - I do a POST to /v2.0/tokens, get the token and then use > > that. What am I missing? > > The Auth system will give you a token and then a new "management" url > where the actual commands are issued (the real Nova API endpoint). These > are often two different systems (domains), so cross-site requests are > mandatory. > > -S > > > > > Nick > > > > On Tue, Apr 24, 2012 at 8:57 PM, Sandy Walsh <[email protected] > > <mailto:[email protected]>> wrote: > > > > Due to the redirect nature of the auth system we may need JSONP support > > for this to work. > > > > > > > > _______________________________________________ > > Mailing list: https://launchpad.net/~openstack > > Post to : [email protected] > > <mailto:[email protected]> > > Unsubscribe : https://launchpad.net/~openstack > > More help : https://help.launchpad.net/ListHelp > > > > > > > > > > _______________________________________________ > > Mailing list: https://launchpad.net/~openstack > > Post to : [email protected] > > Unsubscribe : https://launchpad.net/~openstack > > More help : https://help.launchpad.net/ListHelp > > _______________________________________________ > Mailing list: https://launchpad.net/~openstack > Post to : [email protected] > Unsubscribe : https://launchpad.net/~openstack > More help : https://help.launchpad.net/ListHelp > > > > -- > Cheers, > > Joel > > > _______________________________________________ > Mailing list: https://launchpad.net/~openstack > Post to : [email protected] > Unsubscribe : https://launchpad.net/~openstack > More help : https://help.launchpad.net/ListHelp > > > _______________________________________________ > Mailing list: https://launchpad.net/~openstack > Post to : [email protected] > Unsubscribe : https://launchpad.net/~openstack > More help : https://help.launchpad.net/ListHelp > > > > > -- > ------------------------------------------- > Luis Alberto Gervaso Martin > Woorea Solutions, S.L > CEO & CTO > mobile: (+34) 627983344 > [email protected] > > _______________________________________________ > Mailing list: https://launchpad.net/~openstack > Post to : [email protected] > Unsubscribe : https://launchpad.net/~openstack > More help : https://help.launchpad.net/ListHelp
_______________________________________________ Mailing list: https://launchpad.net/~openstack Post to : [email protected] Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
