JSONP and the Auth Mechanism

14 views
Skip to first unread message

Pat Meenan

unread,
May 5, 2011, 9:13:32 PM5/5/11
to web-testin...@googlegroups.com
First, sorry - yes, I'm WAY behind on making progress on the docs - I'll
carve some time out to get the testing proposal finished next week.

There was a comment about the standard request/response format and why
the result codes were in the payload and not the transport layer and
that got me thinking about the JSONP support. If we moved the result
codes out of the payload then JSONP code would not be able to operate on
failed requests. I don't know if that's a big deal but I kind of liked
that we were going to enable cross-doman javascript support for the API.

More importantly, that got me thinking about the auth mechanism. JSONP
isn't going to have access to modify the headers - it effectively has
the same needs as a curl API. At a minimum I think I'm going to want to
add support for a query param-based key/signature (potentially in
addition to the header-based auth support). I'd love to get opinions on
it before getting to drastic though. How do people feel about the JSONP
support? Is it worth keeping or should we basically require server-side
code if people are going to be making cross domain requests?

Thanks,

-Pat

Paul Irish

unread,
May 5, 2011, 9:31:10 PM5/5/11
to web-testin...@googlegroups.com
Would it be sufficient to allow CORS-based cross-domain XHRs?

Sergey Chernyshev

unread,
May 6, 2011, 1:01:14 PM5/6/11
to web-testin...@googlegroups.com
I think having client side option is a good idea - shouldn't be a requirement though, especially if it will require for security to be moved out of headers.

         Sergey
Reply all
Reply to author
Forward
0 new messages