[Grok-dev] UPDATE recently created projects to 0.14.1

Leonardo Rochael Almeida leorochael at gmail.com
Thu Dec 18 11:17:34 EST 2008


The usual solutions for blessed cross-domain are:

 1. an iframe
 2. JSONP [1]

[1] http://ajaxian.com/archives/jsonp-json-with-padding


On Thu, Dec 18, 2008 at 13:48, Sebastian Ware <sebastian at urbantalk.se> wrote:
> 18 dec 2008 kl. 16.05 skrev Martijn Faassen:
>
>> Brandon Craig Rhodes wrote:
>>> Sebastian Ware <sebastian at urbantalk.se> writes:
>>>
>>>> Being the devils advocate if I am excused. This feels like a
>>>> microsoftesque solution. Would be a lot nicer if could query my Grok
>>>> installation from a commandline or dashboard like interface.
>>>
>>> Well, that's a good point.  We don't want to be microsoftesque! :-)
>>>
>>> To avoid having the application itself phone home, it could be that
>>> the
>>> Grok admin UI could have a Javascript widget that, when loaded into
>>> the
>>> user's web browser, does the version check.  That way the application
>>> does not reveal anything to the outside world - neither its own
>>> version,
>>> nor even its own existence.  The Javascript could also do things like
>>> pull into a <div> some recent entries from the Grok Blog.
>>
>> That'd be a cross-domain request. Those are generally not very nice
>> from
>> a security perspective either. In fact I thought browsers generally
>> don't allow this from Javascript to prevent cross site scripting
>> attacks. How does Wordpress do it?
>>
>
> This could probably be done by some creative use of a css-file to hold
> the data and having the javascript load and interpret the css file at
> runtime.
>
> Mvh Sebastian
> _______________________________________________
> Grok-dev mailing list
> Grok-dev at zope.org
> http://mail.zope.org/mailman/listinfo/grok-dev
>


More information about the Grok-dev mailing list