Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Post a form with JSONP [closed]

I want to post a form with JSONP is there any feasible solution?

I want to post form to different domain from jsonp.

like image 583
Harshal_m_joshi Avatar asked Oct 13 '11 13:10

Harshal_m_joshi


People also ask

Can JSONP be used with post request?

We can only use JSONP when: The API itself supports JSONP . It needs to return the JSON response wrapped in a function and it usually lets us pass in the function name we want it to use as one of the query params. We can only use it for GET requests, it doesn't work for PUT / POST / DELETE and so on.

What is one reason to avoid using JSONP in a?

JSONP is vulnerable to the data source replacing the innocuous function call with malicious code, which is why it has been superseded by cross-origin resource sharing (available since 2009) in modern applications.

What does JSONP mean?

JSONP stands for JSON with Padding. Requesting a file from another domain can cause problems, due to cross-domain policy. Requesting an external script from another domain does not have this problem. JSONP uses this advantage, and request files using the script tag instead of the XMLHttpRequest object.

How does JSONP request work?

It works by dynamically adding a <script> tag to the DOM and calling a predefined function with the remote web service's JSON data as the parameter. The <script> tag is not subject to the same origin policy and therefore can request content cross-domain.


2 Answers

You cannot make a cross origin POST with JSONP.

However, you can:

  1. Serialize the form into a query string and send it along with a GET request.
  2. Use CORS(Cross Origin Resource Sharing) if you have the luxury of being able to target only modern browsers.
like image 144
Sahil Muthoo Avatar answered Sep 28 '22 10:09

Sahil Muthoo


A JSONP request is just creating a script tag with a function call:

Javascript:

var head = document.getElementsByTagName("head")[0];
var script = document.createElement('script');
script.type = 'text/javascript';
script src = 'url_to_post.serverside?callback=callback_function';

var callback_function(response) {
    head.removeChild(script);
    alert(response.abc); // returns def;
};

url_to_post.serverside:

callback_function({"abc": "def"});

Hope you can see why it only works for GET requests

:)

like image 34
Andreas Louv Avatar answered Sep 28 '22 11:09

Andreas Louv