[Distutils] JSONP: Deprecation and Intent to Remove
Richard Jones
richard at python.org
Thu Mar 19 04:06:01 CET 2015
+1, JSONP was an interim hack solution way before CORS was an option.
On Thu, 19 Mar 2015 at 13:58 Donald Stufft <donald at stufft.io> wrote:
> For awhile now PyPI has supported JSONP on the /pypi/*/json API to allow
> people
> to access the JSON data in a cross origin request. JSONP is problematic
> psuedo
> standard which has niggly edge cases which make it hard to fully secure.
> Browsers have a much better standard through CORS to handle this use case.
>
> As of now this endpoint has CORS enabled on it and any new or existing
> consumers of this API should switch to using CORS instead of JSONP.
> Warehouse
> will not be implementing the JSONP endpoint so when we switch PyPI to the
> Warehouse code base anything still relying on JSONP will break.
>
> Thanks!
>
> ---
> Donald Stufft
> PGP: 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA
>
> _______________________________________________
> Distutils-SIG maillist - Distutils-SIG at python.org
> https://mail.python.org/mailman/listinfo/distutils-sig
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/distutils-sig/attachments/20150319/2fd1b378/attachment-0001.html>
More information about the Distutils-SIG
mailing list