[
https://issues.apache.org/jira/browse/STANBOL-49?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Rupert Westenthaler closed STANBOL-49.
--------------------------------------
Resolution: Won't Fix
Assignee: Rupert Westenthaler
see CORS implementation (STANBOL-105)
> Support JSONP (JSON with Padding) for Javascript clients with anti-XSS
> sandboxing
> ---------------------------------------------------------------------------------
>
> Key: STANBOL-49
> URL: https://issues.apache.org/jira/browse/STANBOL-49
> Project: Stanbol
> Issue Type: Improvement
> Components: Enhancer
> Reporter: Fabian Christ
> Assignee: Rupert Westenthaler
> Priority: Minor
>
> Reported by [email protected], Jul 21, 2010
> This makes it possible to access a remote FISE engine (such as
> fise.demo.fise.com) by using JavaScript on a web page / on the client.
> Otherwise a proxy is necessary on the server due to the "same origin policy"
>
> See https://secure.wikimedia.org/wikipedia/en/wiki/JSON#JSONP
> JSONP is a "standardized workaround" for cross-site scripting. It's simply
> not possible to send a cross-site POST request from the browser.
> So JSONP is a GET request with an extra callback parameter. For a FISE
> request that means that all the content has to be packed into the url. This
> might become a problem when the content becomes too long!
> (http://www.boutell.com/newfaq/misc/urllength.html)
> Right now the stateless enhancement endpoint of the FISE engine (/engine)
> only supports POST requests.
> So in order to support JSONP
> - FISE has to support GET requests,
> - an OSGi interceptor/plugin could take care of extending all JSON
> (application/json, application/rdf+json, ...) GET requests with the
> capability of handling JSONP.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
