Hello,
I have created a simple Ruby on Rails app I use for storing a list of contacts. What I’d like is to allow other websites to include this contact data in their websites. This seems to g ive problems with same-domain only restrictions which aim to restrict cross-site scripting.
Any ideas on how I can get around this ?
Best regards / Colm
If you’d like your API to be available client-side on other domains, JSONP is probably your best bet (http://en.wikipedia.org/wiki/JSON#JSONP)
In Rails, that’s as simple as calling render :json with a :callback parameter, as detailed here: http://kevinchiu.org/archives/jsonp-in-rails-3
Hi Louis,
Thats exactly the solution I need, now working a treat with a little jquery on one end and the kevinchiu rails bit.
Thanks for that
Here’s the kevinbiu advice
Your URL:
http://localhost:3000/api/get_items?callback=awesome
In your api controller:
render :json => @items.to_json, :callback => params[:callback]
Result:
awesome(["item1", item2"]);
This gives you cross-domain JSONP. The callback variable in the URL is optional.
There’s no need to roll your own render_json.