[dojo-contributors] JSONRequest

Adam Platti aplatti at yahoo.com
Tue Apr 4 12:48:32 EDT 2006


Doug has actually updated the spec to allow for GET and POST.   Originally the POST requirement was intended to simiplify the API.

http://json.org/JSONRequest.html

Adam

----- Original Message ----
From: Bob Ippolito <bob at redivi.com>
To: dojo dev. <dojo-contributors at dojotoolkit.org>
Sent: Wednesday, March 29, 2006 6:44:13 PM
Subject: Re: [dojo-contributors] JSONRequest


On Mar 28, 2006, at 10:37 AM, Adam Platti wrote:

> Hi,
>
> So there are a number of things to protect against unintentional  
> access to legacy data:
> All requests will be POST.   (No GETs)
> All requests will not have cookies (and cookies added to the  
> response will be ignored).
> All requests will have MIME type "application/json", which is brand  
> new.
> All responses from the server must have mime type "application/ 
> json" or they will be rejected.  (ie. "text/json" won't work)
> That should resonably protect against almost any legacy service.
>
> Also, JSONRequest includes a header with the domain from which the  
> request originates.   This could be used to decide whether the  
> sever wants to respond to the request the same way that  
> crossdomain.xml does.

That sounds reasonably sufficient, but the first one seems  
superfluous.  Why force POST?

-bob

_______________________________________________
dojo-contributors mailing list
dojo-contributors at dojotoolkit.org
http://dojotoolkit.org/mailman/listinfo/dojo-contributors



-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.dojotoolkit.org/pipermail/dojo-contributors/attachments/20060404/88223b4a/attachment.htm 


More information about the dojo-contributors mailing list