FW: CORS instead of JSONP
8 views
Skip to first unread message
Daniel Pepper
Feb 1, 2012, 7:36:29 AM2/1/12
to raxa-jss...@googlegroups.com, raxa-jss-em...@googlegroups.com, raxa-jss-r...@googlegroups.com, laboratory-modu...@googlegroups.com
Apologies for those who receive this twice
------ Forwarded Message
From: Saptarshi Purkayastha <sun...@gmail.com>
Date: Wed, 1 Feb 2012 18:00:38 +0530
To: <raxa-jss-emr...@googlegroups.com>
Subject: CORS instead of JSONP
Dear contributors,
While most of you might be looking at JSONP to make requests to our server at http://raxaemr.jelastic.servint.net/openmrs/ , please use CORS <http://en.wikipedia.org/wiki/Cross-Origin_Resource_Sharing> instead.
Our target (Webkit-based) browsers support CORS and is an easier and standard way to make REST calls as well as AJAX calls to cross-domain.
During our Stanford hackathon in Oct 2011, I had recommended that using JSONP is a good idea. But as more and more time goes, I see that since all our calls are authenticated, there is no reason for not doing CORS. Infact, in production we will be doing all REST calls over https. This means our domain/server will be verified to be only us and avoids the man-in-the-middle that is a possibility with CORS, when using Access-Control-Allow-Origin: *
I have a blogpost on how this has been configured: http://sunnytalkstech.blogspot.in/2012/01/why-rest-with-jsonp-when-you-can-cors.html
Also, our test server http://raxaemr.jelastic.servint.net/openmrs/ is CORS enabled. Please test and make suggestions.
---
Regards,
Saptarshi PURKAYASTHA
My Tech Blog: http://sunnytalkstech.blogspot.com
You Live by CHOICE, Not by CHANCE
------ End of Forwarded Message
------ Forwarded Message
From: Saptarshi Purkayastha <sun...@gmail.com>
Date: Wed, 1 Feb 2012 18:00:38 +0530
To: <raxa-jss-emr...@googlegroups.com>
Subject: CORS instead of JSONP
Dear contributors,
While most of you might be looking at JSONP to make requests to our server at http://raxaemr.jelastic.servint.net/openmrs/ , please use CORS <http://en.wikipedia.org/wiki/Cross-Origin_Resource_Sharing> instead.
Our target (Webkit-based) browsers support CORS and is an easier and standard way to make REST calls as well as AJAX calls to cross-domain.
During our Stanford hackathon in Oct 2011, I had recommended that using JSONP is a good idea. But as more and more time goes, I see that since all our calls are authenticated, there is no reason for not doing CORS. Infact, in production we will be doing all REST calls over https. This means our domain/server will be verified to be only us and avoids the man-in-the-middle that is a possibility with CORS, when using Access-Control-Allow-Origin: *
I have a blogpost on how this has been configured: http://sunnytalkstech.blogspot.in/2012/01/why-rest-with-jsonp-when-you-can-cors.html
Also, our test server http://raxaemr.jelastic.servint.net/openmrs/ is CORS enabled. Please test and make suggestions.
---
Regards,
Saptarshi PURKAYASTHA
My Tech Blog: http://sunnytalkstech.blogspot.com
You Live by CHOICE, Not by CHANCE
------ End of Forwarded Message
Reply all
Reply to author
Forward
0 new messages