[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Implement JSONP interface for check.torproject.org

On 06/11/11 01:26, Arturo Filastò wrote:

> I have made a patch to check.torproject.org to expose a JSONP interface
> that would allow people to have the user check client side if (s)he is
> using Tor.

It would be safer to expose a JSON web service than a JSONP web service,
and use a wild "Access-Control-Allow-Origin" HTTP response header to
allow cross-site XMLHttpRequest. That way, people could pull the data
without suffering the risks of embeddeding third party JavaScript.
There's nothing stopping it from being provided as a secondary option.

Mike Cardwell https://grepular.com/  https://twitter.com/mickeyc
Professional  http://cardwellit.com/ http://linkedin.com/in/mikecardwell
PGP.mit.edu   0018461F/35BC AF1D 3AA2 1F84 3DC3 B0CF 70A5 F512 0018 461F

Attachment: signature.asc
Description: OpenPGP digital signature

tor-talk mailing list