In this talk, Bruno Genero(@bfgenaro) will go through how to request data from a server in a different domain and not to worry about the “Same-origin policy” using the JSONP technique.
origin” or “cross-site” requests from one domain to another SAME-ORIGIN POLICY “… the same-origin policy is an important concept in the web application security model. Under the policy, a web browser permits scripts contained in a first web page to access data in a second web page, but only if both web pages have the same origin.” Wikipedia
data from a different domain. It takes advantage of the fact that browsers do not enforce the same-origin policy on <script> tags. WHAT IS JSONP? - Take a pure JSON, make it a function call, then eval it in the browser - Same-Origin Policy does NOT apply to resource loading (script tags) - Yes, it’s a hack!
Only GET - Easy jQuery integration - Partial or no control on the server side - Most APIs have JSONP support - Cross-Origin Resource Sharing - IE8 and IE9 issues - Read/write (e.g. full REST or just POST/GET) - More Secure - Full control on the server side - Know the domains you want to enable JSONP VS CORS JSONP CORS WHEN AND WHY?
really the whole trick to JSONP. The function padding around JSON data is why it’s called JSONP. - In order to retrieve the API answer from the newly included JavaScript code, jQuery automatically appends a callback argument to your URL (for example &callback=functionCallback ) which must be called by the JavaScript code that your API generates. - As long as a callback parameter is provided to the getJSON method, jQuery will consider the request JSONP. (https://github.com/jquery/jquery/blob/1.4.4/src/ ajax.js#L224) JSONP CALLBACK
brunogenaro
kazushi_ohata
diggymo
askua
iwamot
cyberagentdevelopers
f6wbl6
drsprime
yahonda
aurimas
chanyou0311
panda_program
loglass2019
kastner
gr2m
palkan
lara
rmw
bkeepers
mraible
bcantrill
reverentgeek
marktimemedia
caitiem20
davidbonilla
