JSONP has been used for years - for example Solr has supported it since 2008 (and possibly earlier). CORS matches the Openstack APIs better though.
Redirects are unrelated to the problem as far as I can see. I think that toolmakers trying to build Javascript tools that connect to multiple service providers is a completely valid use case. It is supported for pretty much any other language, why not Javascript? On Apr 25, 2012 12:33 PM, "Jan Drake" <[email protected]> wrote: > So, why such a focus on this? IMO both JSONP and CORS are way too early > stage to adopt and the security risks outweigh the rewards. Usually, I see > people doing this to enable mashups across separate providers. > > Just curious why the focus/need is perceived in the community? If this is > really because of redirects then we probably have a broken model and/or > improper distribution of responsibilities. > > Love to know if I'm missing a real use case. Can help fix model if it is > broken. Have much experience in this area. > > IMO no solution should trick the browser. > > > Jan > > > > On Apr 24, 2012, at 7:05 PM, Luis Gervaso <[email protected]> wrote: > > The solution until the webservice deliver that headers is: > > Solution 1: > > 1. Put the webservice behind a remote or local proxy > 2. Apply some a filter (decorator) for each response with the CORS headers > (in the proxy) in order to trick the browser > > Solution 2: > > Some time ago I tested it with Chrome (disabling security) and it worked > for me > > Solution 3 (really dirty, but works): > > Embedded Flash Proxy > > > On Wed, Apr 25, 2012 at 3:09 AM, Nick Lothian <[email protected]>wrote: > >> Yes, this will work if I know in advance what server I will be connecting >> too. >> >> However, it does remove the ability to support any cloud without >> intervention on the serverside. >> On Apr 25, 2012 2:46 AM, "Joel Semar" <[email protected]> wrote: >> >>> Nick, >>> >>> I know you said 'serverless clients' but you have to be serving the js >>> from somewhere right? >>> >>> If you are using nginx it can be as simple as: >>> >>> location /nova/ { >>> proxy_pass: http://nova-api.trystack.org; >>> } >>> >>> then you can POST to yourserver/nova/v.02/. from the browser >>> >>> etc. >>> (it's just about as simple on apache but you'd have to look it up) >>> >>> >>> But then i guess this won't work for you if you are writing >>> some distributable component/plugin/library. >>> >>> (sorry if you've already dismissed this option but i thought it worth a >>> shot since it has worked flawlessly for me in the past) >>> >>> >>> >>> On Tue, Apr 24, 2012 at 9:49 AM, Sandy Walsh >>> <[email protected]>wrote: >>> >>>> >>>> >>>> On 04/24/2012 11:19 AM, Nick Lothian wrote: >>>> > JSONP is great, but won't work with POST requests. >>>> >>>> Hmm, good point. >>>> >>>> > I don't quite understand what "Due to the redirect nature of the auth >>>> > system" means, though. >>>> > >>>> > If I use a custom Webkit browser & allow cross domain XMLHttpRequests >>>> it >>>> > works fine - I do a POST to /v2.0/tokens, get the token and then use >>>> > that. What am I missing? >>>> >>>> The Auth system will give you a token and then a new "management" url >>>> where the actual commands are issued (the real Nova API endpoint). These >>>> are often two different systems (domains), so cross-site requests are >>>> mandatory. >>>> >>>> -S >>>> >>>> >>>> >>>> > Nick >>>> > >>>> > On Tue, Apr 24, 2012 at 8:57 PM, Sandy Walsh < >>>> [email protected] >>>> > <mailto:[email protected]>> wrote: >>>> > >>>> > Due to the redirect nature of the auth system we may need JSONP >>>> support >>>> > for this to work. >>>> > >>>> > >>>> > >>>> > _______________________________________________ >>>> > Mailing list: https://launchpad.net/~openstack >>>> > Post to : [email protected] >>>> > <mailto:[email protected]> >>>> > Unsubscribe : https://launchpad.net/~openstack >>>> > More help : https://help.launchpad.net/ListHelp >>>> > >>>> > >>>> > >>>> > >>>> > _______________________________________________ >>>> > Mailing list: https://launchpad.net/~openstack >>>> > Post to : [email protected] >>>> > Unsubscribe : https://launchpad.net/~openstack >>>> > More help : https://help.launchpad.net/ListHelp >>>> >>>> _______________________________________________ >>>> Mailing list: https://launchpad.net/~openstack >>>> Post to : [email protected] >>>> Unsubscribe : https://launchpad.net/~openstack >>>> More help : https://help.launchpad.net/ListHelp >>>> >>> >>> >>> >>> -- >>> Cheers, >>> >>> Joel >>> >>> >>> _______________________________________________ >>> Mailing list: https://launchpad.net/~openstack >>> Post to : [email protected] >>> Unsubscribe : https://launchpad.net/~openstack >>> More help : https://help.launchpad.net/ListHelp >>> >>> >> _______________________________________________ >> Mailing list: https://launchpad.net/~openstack >> Post to : [email protected] >> Unsubscribe : https://launchpad.net/~openstack >> More help : https://help.launchpad.net/ListHelp >> >> > > > -- > ------------------------------------------- > Luis Alberto Gervaso Martin > Woorea Solutions, S.L > CEO & CTO > mobile: (+34) 627983344 > luis@ <[email protected]>woorea.es > > _______________________________________________ > Mailing list: https://launchpad.net/~openstack > Post to : [email protected] > Unsubscribe : https://launchpad.net/~openstack > More help : https://help.launchpad.net/ListHelp > >
_______________________________________________ Mailing list: https://launchpad.net/~openstack Post to : [email protected] Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
