[Distutils] JSONP: Deprecation and Intent to Remove
Donald Stufft
donald at stufft.io
Thu Mar 19 03:57:59 CET 2015
For awhile now PyPI has supported JSONP on the /pypi/*/json API to allow people
to access the JSON data in a cross origin request. JSONP is problematic psuedo
standard which has niggly edge cases which make it hard to fully secure.
Browsers have a much better standard through CORS to handle this use case.
As of now this endpoint has CORS enabled on it and any new or existing
consumers of this API should switch to using CORS instead of JSONP. Warehouse
will not be implementing the JSONP endpoint so when we switch PyPI to the
Warehouse code base anything still relying on JSONP will break.
Thanks!
---
Donald Stufft
PGP: 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://mail.python.org/pipermail/distutils-sig/attachments/20150318/5f744534/attachment.sig>
More information about the Distutils-SIG
mailing list