the subtle intricacies of a CORS request are hard to grasp. The fact that
jQuery prevents them by default is a "sane" standard: you're basically
sending out what identifies you (cookies) to another server entirely, and
that poses a security threat.
Moreover, you need to tune "manually" your serv
At the least, the doc should be updated to reflect that web2py_component
and LOAD won't work under CORS conditions.
On Sunday, December 22, 2013 12:21:22 AM UTC+8, weheh wrote:
>
> @LightDot: Yah, that's the conclusion I've come to and already begun
> implementing. But, something nags at me a li
Yah, that's the conclusion I've come to and already begun implementing.
But, something nags at me a little about all SSL all the time. Seems like
it's overkill under certain circumstances. But maybe that's a good thing in
this day and age.
On Saturday, December 21, 2013 11:33:37 PM UTC+8, Light
You could also programmatically enforce the usage of ssl across the entire
site. Your ajax call would always be https -> https, making CORS
redundant...
Regards
On Saturday, December 21, 2013 3:44:51 PM UTC+1, weheh wrote:
>
> I am dead in the water trying to make an https ajax call from an htt
4 matches
Mail list logo
