Google folks in the past mentioned this as the most likely way to accomplish this task. But it's a real bummer that we need to engage in such hackery... It's like buying a car - then having a lively discussion on a forum - "I have a great idea how to stop it. How 'bout you cut a hole in the floor, and this way, when you need to stop, you can stick your foot on the ground and drag it to a stop..." And then the consensus opinion is "This would work - as long as you bought shoes with thick soles..."
On Oct 6, 10:14 am, Erem <[email protected]> wrote: > I wanted your opinions on an SSL workaround I'm planning for my > medical app. > > Let's say my medical app iswww.mymedical.com. > > The front-end is written in GWT and served from AppEngine via HTTP > fromwww.mymedical.com. It does not even use the datastore. > > The back-end is a JSON data API at mymedical.appspot.com. It has all > the important stuff: db of users, their medical data, etc. It only > responds to HTTPS. > > Question: How do we make secure requests for sensitive data without > the loss of branding that occurs when mymedical.appspot.com appears on > the address bar? > > Answer: Serve all pages fromwww.mymedical.com, and have those pages > execute asynchronous API calls to mymedical.appspot.com. Retrieve > responses by having the server output JSONP (http://bob.pythonmac.org/ > archives/2005/12/05/remote-json-jsonp/) rather than plain JSON. > > Do any of you guys currently do this? How does it work for you? > > Erem --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google App Engine" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en -~----------~----~----~----~------~----~------~--~---
