Menu
The $.getJSON() documentation states:
If the specified URL is on a remote server, the request is treated as JSONP instead. See the discussion of the
jsonpdata type in $.ajax() for more details.
The $.ajax() documentation for the jsonp data type states (emphasis mine):
Loads in a JSON block using JSONP. Will add an extra "?callback=?" to the end of your URL to specify the callback.
So it seems that if I call $.getJSON() with a cross-domain URL, the extra "callback=?" parameter should automatically get added. (Other parts of the documentation support this interpretation.)
However, I'm not seeing that behavior. If I don't add the "callback=?" explicitly, jQuery incorrectly makes an XMLHttpRequest (which returns null data since I can't read the response cross-domain). If I do add it explicitly, jQuery correctly makes a <script> request.
Here's an example:
var URL = "http://www.geonames.org/postalCodeLookupJSON" +
"?postalcode=10504&country=US";
function alertResponse(data, status) {
alert("data: " + data + ", status: " + status);
}
$.getJSON(URL, alertResponse);
// alerts "data: null, status: success"
$.getJSON(URL + "&callback=?", alertResponse);
// alerts "data: [object Object], status: undefined"
So what's going on? Am I misunderstanding the documentation or forgetting something?
It goes without saying that this isn't a huge deal, but I'm creating a web API and I purposely set the callback parameter to "callback" in the hopes of tailoring it nicely to jQuery usage.
Thanks!
(Edit: I cross-posted this in the jQuery forums if you're interested.)
289
JSONP has some other limitations, too: It can only be used for GET requests, and there's no general way to prevent cross-site request forgeries*. It's bad for private data, since any site on the web could hijack a JSONP response if the URL is known. This means it's best suited for consumption of public data feeds.
JSON with Padding, or JSONP for short, is a technique that allows developers to get around browsers' same-origin policies by exploiting the nature of the <script> element. The policy prohibits reading any responses made by websites with origins other than those currently in use.
JSONP allows you to sidestep the same-origin policy and to some extent make cross-domain Ajax calls. It's not a silver bullet, and it certainly has its issues, but in some cases it can prove invaluable when fetching data from a different origin.
Standard JSON Asynchronous request The browser makes an asynchronous POST request to the server slapping its parameters to the service in the body. The server responds with a string of JSON data. A success handler of the request fires and the string is converted into a Javascript Object to be used in the application.
Turns out this was a bug in the jQuery documentation. See http://forum.jquery.com/topic/getjson-isn-t-automatically-appending-callback-to-my-cross-domain-url for details.
186
Try this:
var URL = "http://www.geonames.org/postalCodeLookupJSON" +
"?postalcode=10504&country=US";
function alertResponse(data, status) {
alert("data: " + data + ", status: " + status);
}
$.ajax({
url: URL,
dataType: 'jsonp',
jsonpCallback: 'alertResponse',
});
Yes, I think you misunderstood. $.getJSON is a shortcut for $.ajax({datatype: 'json'.... as the documentation says. It never makes a JSONP call unless you add the callback=? parameter.
40
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
