[Distutils] JSONP: Deprecation and Intent to Remove

Paul Moore p.f.moore at gmail.com
Thu Mar 19 09:12:00 CET 2015


On 19 March 2015 at 02:57, Donald Stufft <donald at stufft.io> wrote:
> For awhile now PyPI has supported JSONP on the /pypi/*/json API to allow people
> to access the JSON data in a cross origin request. JSONP is problematic psuedo
> standard which has niggly edge cases which make it hard to fully secure.
> Browsers have a much better standard through CORS to handle this use case.
>
> As of now this endpoint has CORS enabled on it and any new or existing
> consumers of this API should switch to using CORS instead of JSONP. Warehouse
> will not be implementing the JSONP endpoint so when we switch PyPI to the
> Warehouse code base anything still relying on JSONP will break.

For those of us who don't know (and are too lazy to google CORS :-))
could you provide an example of how to replace uses of the JSON API?
For example, a script I currently use has:

url = 'https://pypi.python.org/pypi/' + args.name
req = requests.get(url + "/json")
data = req.json()
url = data['info'].get('home_page', url)

Thanks,
Paul


More information about the Distutils-SIG mailing list