From c212204ad0b421ebbb8a2e50adf0e4c35e5c149b Mon Sep 17 00:00:00 2001 From: Konstantin Haase Date: Thu, 20 Sep 2012 15:18:30 +0200 Subject: [PATCH] more cors and jsonp docs --- docs/01_cross_origin.md | 13 ++++++++++++- lib/travis/api/app/endpoint/documentation.rb | 5 ++++- 2 files changed, 16 insertions(+), 2 deletions(-) diff --git a/docs/01_cross_origin.md b/docs/01_cross_origin.md index d6408bef..cd905e83 100644 --- a/docs/01_cross_origin.md +++ b/docs/01_cross_origin.md @@ -27,8 +27,19 @@ In contrast to JSONP, CORS does not lead to any execution of untrusted code. Most JavaScript frameworks, like [jQuery](http://jquery.com), take care of CORS requests for you under the hood, so you can just do a normal *ajax* request. + // using jQuery + $.get("https://api.travis-ci.org/", function() { alert("it worked!") }); + Our current setup allows the headers `Content-Type`, `Authorization`, `Accept` and the HTTP methods `HEAD`, `GET`, `POST`, `PATCH`, `PUT`, `DELETE`. ## JSONP -... some docs here ... +You can disable the same origin policy by treating the response as JavaScript. +Supply a `callback` parameter to use this. + + + + +This has the potential of code injection, use with caution. diff --git a/lib/travis/api/app/endpoint/documentation.rb b/lib/travis/api/app/endpoint/documentation.rb index 907f9c7b..6e2c427e 100644 --- a/lib/travis/api/app/endpoint/documentation.rb +++ b/lib/travis/api/app/endpoint/documentation.rb @@ -7,6 +7,9 @@ class Travis::Api::App set prefix: '/docs', public_folder: File.expand_path('../documentation', __FILE__) enable :inline_templates, :static + # Don't cache general docs in development + configure(:development) { before { @@general_docs = nil } } + # HTML view for [/endpoints](#/endpoints/). get '/' do content_type :html @@ -45,7 +48,7 @@ class Travis::Api::App def with_code_highlighting(str) str. - gsub('/, ''). gsub(/TODO:?/, 'TODO') end