Keep in mind that you should be careful about when and where you enable generic views. The reason they are not always enabled by default is that they can allow private data to be leaked -- you may pass extra data to an HTML view that does not get rendered by the view (e.g., data used only to evaluate conditions in the view, or extra columns in a database select that are not actually displayed), but an attacker can simply add a .json or .xml extension to the URL and then get the generic.json or generic.xml view to render even the private data. So, you should only enable the generic views in controlled conditions when you know exactly what data are going to those views.
Anthony On Friday, December 28, 2012 11:47:55 PM UTC-5, Alec Taylor wrote: > > Thanks, that did the trick. > > Strange that it had different results locally though… > > On Sat, Dec 29, 2012 at 3:42 PM, Bruno Rocha > <[email protected]<javascript:>> > wrote: > > add > > > > response.generic_patterns = ["*.json"] to your models or even to your > > controller > > > > > > [appname/controllers/api.py] > > > > response.generic_patterns = ['*.json'] > > > > @service.json > > def v1(): > > return dict(version=0.5) > > > > > > On Sat, Dec 29, 2012 at 2:34 AM, Alec Taylor > > <[email protected]<javascript:>> > wrote: > >> > >> [appname/controllers/api.py] > >> @service.json > >> def v1(): > >> return dict(version=0.5) > >> > >> curl -X GET http://localhost/api/v1.json > >> {"version": 0.5} > >> > >> curl -X GET http://appname.herokuapp.com/api/v1.json > >> <html><body><h1>invalid view (api/v1.json)</h1></body></html><!-- > >> > >> > xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx > > > >> //--> > >> > >> ---------- > >> > >> The application itself is identical; to be specific I created a hard > >> link from my heroku app to my local web2py folder. > >> > >> How do I get JSON services working remotely? > >> > >> Thanks for all suggestions, > >> > >> Alec Taylor > >> > >> -- > >> > >> > >> > > > > -- > > > > > > > --
