Hacker News new | past | comments | ask | show | jobs | submit login

You could invoke pipes from any webpage without worrying about cross-domain access.

If you look at some janky JS code[1] I had on my website at the time, you can see what you can do with it.

That would basically source

://pipes.yahoo.com/pipes/pipe.run?_id=7CTRtbtL3BGX_AHbjknRlg&_render=json&_callback=load_daily_show

as a static asset in my page, which would load the JS and call load_daily_show(<json>) as a result.

Now, EVERYONE who hits my page is invoking the pipe as a backend API call, with no caching and unfortunately with the entire Y/T cookies intact.

[1] - https://web.archive.org/web/20081007043923/http://t3.dotgnu....




Yeah I remember using it as a CORS proxy, it allowed me to put together a full client side music app (tracks source was not very legal) but tags, similar tracks/artists etc were pulled from lastfm and allowed to quickly build a decent playlist.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: