the subtle intricacies of a CORS request are hard to grasp. The fact that jQuery prevents them by default is a "sane" standard: you're basically sending out what identifies you (cookies) to another server entirely, and that poses a security threat. Moreover, you need to tune "manually" your server to accept a CORS request (the preflight headers and so on)
Until now, components (LOAD and web2py_component) were meant to load fragments of your app within the same app or to share different fragments among web2py apps, that usually are mounted at the same domain. I don't think that by default web2py_component should work with CORS, given the security issues involved, but feel free to suggest a "secure by default" behaviour/patch that will allow CORS to work within web2py_component, making sure that newbies won't code an insecure app. -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
