Posts: 5,184
Joined: Jan 2009
Reputation:
131
Does it make sense to support both JSONP and CORS?
Always read the
online manual (wiki),
FAQ (wiki) and search the forum before posting.
Do not e-mail Team Kodi members directly asking for support. Read/follow the
forum rules (wiki).
Please read the pages on
troubleshooting (wiki) and
bug reporting (wiki) before reporting issues.
Posts: 3,077
Joined: Jun 2009
They do not have the same purpose
CORS is needed for proper streaming for example to allow subtitles and video to be served from XBMC on a Chromecast for example.
Posts: 4,549
Joined: Dec 2007
Reputation:
17
topfs2
Team-Kodi Developer
Posts: 4,549
Another usecase for CORS is images, say you want to do canvas operations on images in a webapp which uses images from other source than what is serving the html/javascript you need CORS otherwise the image data is dirty. This would happen if you do a webapp serving html markup from something seperated from the kodi instance (say if we would host a webapp on kodi.tv for a remote and would want to blur a fanart on client).
If you have problems please read
this before posting
Always read the
XBMC online-manual,
FAQ and
search the forum before posting.
Do not e-mail XBMC-Team members directly asking for support. Read/follow the
forum rules.
For troubleshooting and bug reporting please make sure you
read this first.
"Well Im gonna download the code and look at it a bit but I'm certainly not a really good C/C++ programer but I'd help as much as I can, I mostly write in C#."
Posts: 5,184
Joined: Jan 2009
Reputation:
131
See PR6352 for JSONP support.
I'll have to read more about CORS to be able to figure out how to determine if an "Origin" header is allowed or not.
Always read the
online manual (wiki),
FAQ (wiki) and search the forum before posting.
Do not e-mail Team Kodi members directly asking for support. Read/follow the
forum rules (wiki).
Please read the pages on
troubleshooting (wiki) and
bug reporting (wiki) before reporting issues.
Posts: 3,077
Joined: Jun 2009
For CORS there's 2 different things.
First a convenience things for user to allow sharing XBMC data (the Access-Control-Allow-Origin with either * or a configurable list) and / or jsonp.
Second a security usage when you'd have to check the origin header against the previously set parameter. (with high risk of compatibility breakage as 0 remote client for the moment does send the headers).
While the first would be quite welcome, the second IMO is not really urgent since there's other discussion on security that should be handled first.
Specially with webserver still lacking stability and more and more remote moving to TCP without authentication and users that open the 9090 port on internet without thinking about the risks.
Posts: 3,077
Joined: Jun 2009
It depends on the nothing handling on backend, if nothing disable all access without origin header it's a problem for users
For 9090 answer it's more or less the same as the 14.1 release for windows, disable webserver, if users can't use a feature but have another one that works they will use it.
(And the fact too that the setting is still labeled for remote and event server and not json on TCP 9090 as reported a few times)
Anyway I suppose we will continue to not agree on security and how users use XBMC, but while the Team post on G+
http://www.gadgetreview.com/2015/02/8-be...g-the-cord and are glad to be at 8, there's plex at 3 and only because plex have understood the need for multiple devices access and internet access.
I have numerous demands to make Yatse compatible with plex and / or the plex xbmc addon because lot's of users prefers kodi as client but needs plex for transcoding and internet access.
There's no a lot missing (apart the complex transcoding part) to have something that can be used, but security have to be taken in account on Kodi side.
Posts: 3,077
Joined: Jun 2009
Instead of quoting just one part, quote the rest that says what the users says
As I said Kodi is superior in lot's of way and not a lot is missing but well you can just read the non important part