32

I understand that jsonp is a technique to get around the same origin policy. You basically refer to your json serving server endpoint in a script tag, because script tags are exempt from the SO policy.

My question is: Assuming a server has an endpoint that serves up json, are there any modifications necessary on the server to make use of jsonp in the client?

I think no, but want to be sure....

hippietrail
  • 15,848
  • 18
  • 99
  • 158
hvgotcodes
  • 118,147
  • 33
  • 203
  • 236

1 Answers1

37

Yes, JSONP is slightly different when it renders, so your server needs to support it.

JSON looks like this:

{ "name": "value" }

Whereas JSONP looks like this:

functionName({ "name": "value" });

If whatever you're using supports it you're covered, but it's not the same as supporting just JSON. When the server gets a request, for example: http://example.com/json?callback=functionName, the above is what you should render, because how it looks in the page is this:

<script type="text/javascript" src="http://example.com/json?callback=functionName"></script>

This means something that runs needs to be returned, as an illustration, this is valid:

<script type="text/javascript">
  functionName({ "name": "value" });
</script>

If your server didn't support JSONP it would effectively be this:

<script type="text/javascript">
  { "name": "value" }
</script>

...and you'll get syntax errors, since that's not valid JavaScript.

Nick Craver
  • 623,446
  • 136
  • 1,297
  • 1,155
  • 1
    and your js code has to implement functionName? Does it need to eval the json to get the js objects? – hvgotcodes Jul 21 '10 at 01:37
  • @hvgotcodes - Yes, the client has that function (for example jQuery creates one dynamically by default). It's JSON being passed to the function (JSON is valid object literal notation, just a subset of it), so no `eval()` needs to be done. – Nick Craver Jul 21 '10 at 01:40
  • 1
    i don't understand why you don't need to eval it. Regardless of jsonp, dont most js libraries eval the json returned via xhrs to get the actual js objects the json represents? – hvgotcodes Jul 21 '10 at 01:44
  • 1
    @hvgotcodes - Nope, it's not running through JavaScript (or XmlHttpRequest), it's literally a ` – Nick Craver Jul 21 '10 at 01:49
  • My understanding is that the decision about how to process __any__ script tag content (i.e. whether to parse it at native code level or to offer it to a high-level JavaScript `eval` function) is left to the implementor of the browser. – Marco Faustinelli Mar 09 '17 at 09:09