FW: CORS instead of JSONP

Skip to first unread message

Daniel Pepper

Feb 1, 2012, 7:36:29 AM2/1/12
to raxa-jss...@googlegroups.com, raxa-jss-em...@googlegroups.com, raxa-jss-r...@googlegroups.com, laboratory-modu...@googlegroups.com
Apologies for those who receive this twice

------ Forwarded Message
From: Saptarshi Purkayastha <sun...@gmail.com>
Date: Wed, 1 Feb 2012 18:00:38 +0530
To: <raxa-jss-emr...@googlegroups.com>
Subject: CORS instead of JSONP

Dear contributors,

While most of you might be looking at JSONP to make requests to our server at http://raxaemr.jelastic.servint.net/openmrs/ , please use CORS <http://en.wikipedia.org/wiki/Cross-Origin_Resource_Sharing>  instead.
Our target (Webkit-based) browsers support CORS and is an easier and standard way to make REST calls as well as AJAX calls to cross-domain.

During our Stanford hackathon in Oct 2011, I had recommended that using JSONP is a good idea. But as more and more time goes, I see that since all our calls are authenticated, there is no reason for not doing CORS. Infact, in production we will be doing all REST calls over https. This means our domain/server will be verified to be only us and avoids the man-in-the-middle that is a possibility with CORS, when using Access-Control-Allow-Origin: *

I have a blogpost on how this has been configured: http://sunnytalkstech.blogspot.in/2012/01/why-rest-with-jsonp-when-you-can-cors.html 
Also, our test server http://raxaemr.jelastic.servint.net/openmrs/ is CORS enabled. Please test and make suggestions.


My Tech Blog:  http://sunnytalkstech.blogspot.com
You Live by CHOICE, Not by CHANCE

------ End of Forwarded Message
Reply all
Reply to author
0 new messages