Menu
JSONP stands for JSON with Padding. Requesting a file from another domain can cause problems, due to cross-domain policy. Requesting an external script from another domain does not have this problem. JSONP uses this advantage, and request files using the script tag instead of the XMLHttpRequest object.
JSONP has some other limitations, too: It can only be used for GET requests, and there's no general way to prevent cross-site request forgeries*. It's bad for private data, since any site on the web could hijack a JSONP response if the URL is known. This means it's best suited for consumption of public data feeds.
Yes, JSONP is obsolete now. There's absolutely no reason to offer a JSONP service anymore.
JSON has to be correctly interpreted by the browser to be used appropriately. text/plain was typically used for JSON, but according to IANA, the official MIME type for JSON is application/json .
Use application/javascript. In that way, clients can rely on the content-type without having to manually check whether a response has padding or not.
Use application/json as per rfc4627.txt if what you return is plain JSON.
If you return JavaScript (which is really what JSONP is), then use application/javascript as per rfc4329.txt
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With