<div dir="ltr">+1, JSONP was an interim hack solution way before CORS was an option.<br></div><br><div class="gmail_quote">On Thu, 19 Mar 2015 at 13:58 Donald Stufft <<a href="mailto:donald@stufft.io">donald@stufft.io</a>> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">For awhile now PyPI has supported JSONP on the /pypi/*/json API to allow people<br>
to access the JSON data in a cross origin request. JSONP is problematic psuedo<br>
standard which has niggly edge cases which make it hard to fully secure.<br>
Browsers have a much better standard through CORS to handle this use case.<br>
<br>
As of now this endpoint has CORS enabled on it and any new or existing<br>
consumers of this API should switch to using CORS instead of JSONP. Warehouse<br>
will not be implementing the JSONP endpoint so when we switch PyPI to the<br>
Warehouse code base anything still relying on JSONP will break.<br>
<br>
Thanks!<br>
<br>
---<br>
Donald Stufft<br>
PGP: 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA<br>
<br>
______________________________<u></u>_________________<br>
Distutils-SIG maillist - <a href="mailto:Distutils-SIG@python.org" target="_blank">Distutils-SIG@python.org</a><br>
<a href="https://mail.python.org/mailman/listinfo/distutils-sig" target="_blank">https://mail.python.org/<u></u>mailman/listinfo/distutils-sig</a><br>
</blockquote></div>