JsonpResponse subclass of HttpResponse helps easily create JSONP-encoded responses.
85 views
Skip to first unread message
brigh...@gmail.com
Apr 15, 2016, 10:06:04 PM4/15/16
to Django developers (Contributions to Django itself)
Django 1.7 realease JsonResponse subclass of HttpResponse helps easily create JSON-encoded responses.
As discussed in https://code.djangoproject.com/ticket/17942#comment:6
- Trying to support JSONP callbacks would require to somehow allow Cross-origin resource sharing. I would say it's not needed for most use cases.
JsonpResponse isn't needed for most use cases. But is needed for some use cases.
What do you think about adding JsonpResponse subclass of HttpResponse.
Yoong Kang Lim
Apr 15, 2016, 10:09:27 PM4/15/16
to django-d...@googlegroups.com
Would it be better to add an optional parameter to the constructor of JsonResponse instead of a new subclass?
--
You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-develop...@googlegroups.com.
To post to this group, send email to django-d...@googlegroups.com.
Visit this group at https://groups.google.com/group/django-developers.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/00730c97-df1c-4dc9-9594-506f01988240%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Florian Apolloner
Apr 16, 2016, 7:46:52 AM4/16/16
to Django developers (Contributions to Django itself)
On Saturday, April 16, 2016 at 4:06:04 AM UTC+2, brigh...@gmail.com wrote:
JsonpResponse isn't needed for most use cases. But is needed for some use cases.
Like which? I think this should better live outside of Django.
Tom Christie
Apr 19, 2016, 9:59:38 AM4/19/16
to Django developers (Contributions to Django itself)
JSONP is essentially a browser hack.
There have been security issues raised around it, and we I don't believe we should encourage its usage by including it in Django core.
(If anything we *might?* want to consider CORS for built-in support at some point.)
I'd agree with Florian here - I'd rather see this as either a third party package, a code snippet that's shared on a blog post, or similar.
- Tom
Joey Wilhelm
Apr 19, 2016, 11:24:54 AM4/19/16
to django-d...@googlegroups.com
Agreed on discouraging (or at least not actively encouraging) the use of JSONP. Everything I've read on it has started with big "Do not try this at home!" warnings.
I also very strongly agree on built-in support for CORS, especially elements of DRF getting more tightly integrated into the core. I think CORS is an absolutely essential component if Django is going to claim to be able to support a REST API out of the box, primarily because of the trend of using domain.com for an app, and api.domain.com for the backend.
-Joey
--
You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-develop...@googlegroups.com.
To post to this group, send email to django-d...@googlegroups.com.
Visit this group at https://groups.google.com/group/django-developers.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/37f473d0-8654-4774-82aa-adaf23ea49ab%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages