[Catalyst] Re: Converting a GET request to a POST request

Ronald J Kimball rkimball at pangeamedia.com
Mon Nov 29 17:20:34 GMT 2010


On Fri, Nov 26, 2010 at 3:02 PM, Aristotle Pagaltzis <pagaltzis at gmx.de> wrote:
> * Ronald J Kimball <rkimball at pangeamedia.com> [2010-11-23 18:00]:
>> REST principles dictate that I use POST, not GET, for these
>> requests. The same-origin policy forces me to use JSONP, which
>> can only make GET requests, not POST. What's the solution?
>
> “You can’t get there from here”: you can’t use Javascript to make
> unsafe requests outside the origin.
>
> <mst>Step back.</mst> What are you actually trying to do?
>
> I could imagine that eg. an OAuth-based solution could work
> (wherein the user hands other sites an auth token from you, and
> the sites use that token to make requests to your site on their
> users’ behalf). Or maybe it’s too complicated or overkill for
> you – that depends on your aim and constraints.
>
> So tell us about them.

This is for a widget that will be hosted on third party websites.  The
widget will allow users of those sites to interact with our content.
The widget will be written in JavaScript and HTML.  The widget will
retrieve content and submit user interactions using Ajax and JSONP
(supposedly via a REST API :).  Users will not be required to log in
to interact with the content in the widget.

Thank you for your feedback.  Some of this is new territory for me, so
being steered away from doing things the wrong way is very helpful.

Ronald



More information about the Catalyst mailing list