aplatti at yahoo.com
Tue Apr 4 12:48:32 EDT 2006
Doug has actually updated the spec to allow for GET and POST. Originally the POST requirement was intended to simiplify the API.
----- Original Message ----
From: Bob Ippolito <bob at redivi.com>
To: dojo dev. <dojo-contributors at dojotoolkit.org>
Sent: Wednesday, March 29, 2006 6:44:13 PM
Subject: Re: [dojo-contributors] JSONRequest
On Mar 28, 2006, at 10:37 AM, Adam Platti wrote:
> So there are a number of things to protect against unintentional
> access to legacy data:
> All requests will be POST. (No GETs)
> All requests will not have cookies (and cookies added to the
> response will be ignored).
> All requests will have MIME type "application/json", which is brand
> All responses from the server must have mime type "application/
> json" or they will be rejected. (ie. "text/json" won't work)
> That should resonably protect against almost any legacy service.
> Also, JSONRequest includes a header with the domain from which the
> request originates. This could be used to decide whether the
> sever wants to respond to the request the same way that
> crossdomain.xml does.
That sounds reasonably sufficient, but the first one seems
superfluous. Why force POST?
dojo-contributors mailing list
dojo-contributors at dojotoolkit.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the dojo-contributors