On Wed, Sep 28, 2011 at 5:02 PM, Michael B. Klein <[log in to unmask]> wrote:
> It's not NYTimes.com's fault; it's the cross-site scripting jerks who made
> the security necessary in the first place.
NYTimes could allow JSONP, but then developers would need to embed their API
key in their web pages, which means the API key would simply be a token used
for statistics, rather than for authentication. It's their choice that they
don't allow that.
Closer to the code4lib community: OCLC and Serials Solutions don't support
JSONP in their webservices, either, even though doing so would allow cool
services and would likely not affect their business models adversely in a
significant way, IMO. We should keep lobbying them to remove these
restrictions, as I've been doing for a while.