users@jersey.java.net

[Jersey] Re: Access-Control-Allow-Origin

From: Gili <cowwoc_at_bbs.darktech.org>
Date: Fri, 25 Feb 2011 07:03:26 -0800 (PST)

Pavel,

CORS is a superset of JSONP's capabilities. It works with any media-type, as
well as with any HTTP method. JSONP is limited to JSON and HTTP GET.

JSONP requires you to make modifications on both server and client-side
code. CORS only requires minimal changes on the server and absolutely no
changes on the client (no more ugly <script> hacks).

What I'm expecting from Jersey: At minimum we'd need to be able to do HTTP
OPTIONS "mixing" (there is already an open JAX-RS issue against this). CORS
requires us to read the input headers, evaluate the user's authorization and
reply with headers that indicate his/her permissions.

Gili


Pavel Bucek-2 wrote:
>
> Hello Gili,
>
> I don't think so. Do you have some interesting scenario/usecase which
> would be possible with Jersey? We do support jsonp, as you most likely
> already know..
>
> Regards,
> Pavel
>
> On 02/24/2011 04:24 PM, Gili wrote:
>> Hi,
>>
>> Does Jersey (or JAX-RS) provide (or plan on providing) official support
>> for
>> CORS?
>>
>> Please see
>>
>> http://en.wikipedia.org/wiki/Cross-Origin_Resource_Sharing
>> http://hacks.mozilla.org/2009/07/cross-site-xmlhttprequest-with-cors/
>>
>> for some background.
>>
>> Thank you,
>> Gili
>>
>
>
>

-- 
View this message in context: http://jersey.576304.n2.nabble.com/Access-Control-Allow-Origin-tp6060693p6064758.html
Sent from the Jersey mailing list archive at Nabble.com.