On Wed, Sep 28, 2011 at 5:02 PM, Michael B. Klein <[log in to unmask]> wrote: > > It's not NYTimes.com's fault; it's the cross-site scripting jerks who made > the security necessary in the first place. > > NYTimes could allow JSONP, but then developers would need to embed their API key in their web pages, which means the API key would simply be a token used for statistics, rather than for authentication. It's their choice that they don't allow that. Closer to the code4lib community: OCLC and Serials Solutions don't support JSONP in their webservices, either, even though doing so would allow cool services and would likely not affect their business models adversely in a significant way, IMO. We should keep lobbying them to remove these restrictions, as I've been doing for a while. - Godmar