i am using JSONP for cross domain ajax. It works perfecly. My doubt is that, is there any security issues while using jsonp?
Asked
Active
Viewed 209 times
1 Answers
0
EDIT Just saw that there is already the same question: (Is JSONP safe to use?)
well you need to keep in mind that if you use 'jsonp' any external site could also call this script and get the result of you response.
the security problem occurs when the actions or responses are limited in some kind to a login of the user. e.g. if you return certain informations only if the user is logge
if you have information you only send to the client when the user is logged in or if there are certain actions only allowed when the user is logged in it is . so if a user is logged in and browsing to another page, this page could theoretically do jsonp requests for that user.
