PDA

View Full Version : CORS and Sencha Touch



darrellj
17 Aug 2011, 2:08 AM
For those that aren't aware, CORS is a w3c spec for passing header information to say it's safe for a page/service to be used from a different domain. It's basically a better (and officially supported) alternative to JSONP which uses a script tag hack to get around the cross domain security restriction which modern browsers implement.

JSONP is fine for a lot of things, however, as I have just realised does not handle POST requests, in fact you are limited to only GET requests.
This is a really big negative. If you imagine that you are creating a RESTful web service for a hotel booking system. When querying room availability or prices, performing a JSONP request is fine. However when it comes to submitting a reservation, REST best practices say that you should use POST to create a new record.
So in order to make your hotel booking REST service work with JSONP, you are required to Butcher your nicely designed REST service and force it to allow "create" or "update" style requests using a GET request.

This brings me to the big question. CORS, in its current state is supported by only a number of Browsers, and this limitation would probably put me off developing a regular web based non-mobile app which makes use of CORS. However, since Sencha Touch is targeted at mostly WebKit browsers (which support CORS) and the mobile web is a different playing field when it comes to browser support,

do you believe that creating a Sencha web app which relies on CORS is a safe and sensible approach?

rstuart
12 Mar 2012, 7:14 PM
No. See this (http://www.sencha.com/forum/showthread.php?186917-Does-the-CORS-option-in-Ext.data.Connection-v4.0.7-actually-work&p=753881).