On May 25, 2015, at 4:15 PM, Taras M. [email protected] wrote:
Great, it did the trick.
Thank you, Walter.
Just one more question, I started googling for differences between JSON
(used in my example) and JSONP format suggested by you. I would
appreciate if you could give a couple of links or resources to read more
about JSONP, CORS or anything like that so I can get better
understanding of why my example does not work and what are alternatives
or “better ways” of implementing rails API.
the reply and update the page. If you are using a JSON API in another
Rails application (or PHP, or any other server-side language) then you
don’t need to worry about this at all.
that a script can only access data from a site that is in the same
domain, subdomain, and port as itself.
When you control both endpoints, and they don’t pass the Same Origin
tests, and you don’t want to set up CORS, JSONP allows you to create a
callback function to modify the page based on “foreign” JSON content. If
you control both endpoints, and you want to set up CORS, then a
traditional JSON reply is nicer, because you only rely on that endpoint
to send you well-formed data, nothing else. JSONP exposes your
implementation details to the API sender, and counts on that sender to
reply with the callback that you indicated in your request within the
body of the JSON response.
The HTML site containing these lines:
shows off both JSON (CORS) and JSONP (no CORS needed – although my
example Rails app has rack-cors installed – it worked before I did
that). Those lines are the entirety of the JSONP scheme – one function,
which takes the JSON reply from the server as its only argument, and one
injected script tag to kick it all off.