On Wed, Sep 28, 2011 at 5:02 PM, Michael B. Klein <[log in to unmask]> wrote:
>
> It's not NYTimes.com's fault; it's the cross-site scripting jerks who made
> the security necessary in the first place.
>
>
NYTimes could allow JSONP, but then developers would need to embed their API
key in their web pages, which means the API key would simply be a token used
for statistics, rather than for authentication. It's their choice that they
don't allow that.
Closer to the code4lib community: OCLC and Serials Solutions don't support
JSONP in their webservices, either, even though doing so would allow cool
services and would likely not affect their business models adversely in a
significant way, IMO. We should keep lobbying them to remove these
restrictions, as I've been doing for a while.
- Godmar
|