iandees/xapi-servlet

JSONP support for JSON output

samatjain opened this issue · 1 comments

JSONP is a "standard" to allow cross-origin domain requests for use from JavaScript. It's an alternative to CORS (issue #22) for JavaScript interpreters.

Implementation is fairly simple: support a callback URL parameter ("callback" is an ad-hoc standard, which jQuery supports) in the GET/POST request.

E.g.

http://example.com/xapi/api/0.6/node/1.json?callback=an_arbitrary_name

Should return the otherwise normal JSON output "wrapped" in a function call, to a function named in the callback parameter. E.g. for the above:

E.g.

an_arbitrary_name(<JSON output here>)

A negative about JSONP: it, by itself, has no access control mechanism, so it may be a good idea to let users turn JSONP support off so random Websites on the Internet don't use their XAPI instances.

See branch jsonp for a first attempt. There are some changes in my osmosis fork's json module that need to be brought in for it to compile.