Comment 14 for bug 236947
Revision history for this message
| solrize (solrize) wrote Re: search API improvements | #14 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
1b1ed1a
(Get the code!)
Aaron explained it to me, the idea is that the client sends the OL request and the callback gets around restrictions on cross-site scripting. The callback function is just whatever is in the request url. Out of general paranoia I check that it's an identifier-like token.
One issue is about the case where there's a bunch of different queries in one request: maybe that leads to an overlong url and you want to POST instead of GET the request. I'm not sure if that works so well with this model. Also, it occurs to me that putting the search terms into the url is a slight privacy hazard because of company firewalls that log outgoing url's but don't log POST contents. We should at minimum put up an HTTPS server to help with such issues.