On Tue, Jun 17, 2008 at 2:55 PM, Ian Bicking <[EMAIL PROTECTED]> wrote: > Shannon -jj Behrens wrote: >> I'm using the jsonify decorator. It'd be nice if that decorator were >> updated to *automatically* support the jsonp parameter >> <http://bob.pythonmac.org/archives/2005/12/05/remote-json-jsonp/>. >> Hence, if I request a URL like >> <http://localhost:5000/api/service?jsonp=foo>, and jsonify is used, it >> should automatically wrap the JSON in foo(). > > Isn't JSONP a security concern if you aren't exposing something intended > to be public? That is, you can use JSONP to read data using the > browser's credentials, which is sometimes okay and sometimes not. So > optionally turning it on is nice, but always turning it on is dangerous.
I can't comment on that. My service is a public service. Perhaps you can explain what you mean in more detail. Bob talks about security a bit on his blog post: http://bob.pythonmac.org/archives/2005/12/05/remote-json-jsonp/. -jj -- I, for one, welcome our new Facebook overlords! http://jjinux.blogspot.com/ --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "pylons-discuss" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en -~----------~----~----~----~------~----~------~--~---
