Work
SubscribeWhat is JSONP?
jQuery 1.2 introduced JSONP support, but on initial read of the release notes, I wasn't completely sure what it was - so for anyone else that might want the Dr Seuss explanation.
JSONP is script tag injection, passing the response from the server in to a user specified function
How you can use JSONP
You need to mould both your request and response to handle JSONP - and in doing so, you can have cross domain JSON requests.
Your server will need to return the response as JSON, but also wrap the response in the requested call back, something like this in PHP (hosted on http://myotherserver.com):
$data = getDataAsJSON($_GET['id']);
echo $_GET['jsonp_callback'] . '(' . $data . ');';
// prints: jsonp123({"name" : "Remy", "id" : "10", "blog" : "http://remysharp.com"});The jQuery script would be:
$.ajax({
dataType: 'jsonp',
data: 'id=10',
jsonp: 'jsonp_callback',
url: 'http://myotherserver.com/getdata',
success: function () {
// do stuff
},
});jQuery will change the url to include &jsonp_callback=jsonpmethod - but you can exclude it and it default to just 'callback'.
Example in the Wild
Twitter's JavaScript blog plugin works in exactly the same way. You create a function to handle the data from Twitter, and insert a script tag. Once the script is inserted, it calls the function passing the Twitter data as a JSON object.
How it works in jQuery
jQuery attaches a global function to the window object that is called when the script is injected, then the function is removed on completion.
Note that if the request is being made to the same domain, then jQuery will switch it down to a straight Ajax request.
Potential Problems
- Security. There's documents out on the web that can help, but as a cursory check, I would check the referrer in the server side script.
- There's no error handling. The script injection either works, or it doesn't. If there's an error from the injection, it'll hit the page, and short of a window wide error handler (bad, bad, very bad), you need to be sure the return value is valid on the server side.
[...] What is JSONP?. Remy Sharp describes the JSONP method of script-tag injection and shows how it can be done with jQuery. [...]
Good tip here on JSONP -- I'm going to look into it further.
One thing: checking the referrer is basically useless from a security perspective, as it's provided by the client and very easy to forge.
So one thing I'm noticing as a potential problem is the lack of support for the POST method. If I'm adding a comment or article via a webservice that provides JSONP support, I can't work outside the limitations of GET. Any thoughts on this?
@Ryan - you're right, I can't think of a way to use a POST to get a JSONP response. If you're trying to write a REST API or something similar, you might want to send the POST, ignore the response, and use a GET JSONP to test for changes.
Does that help?
thx ramy, u help me out from the trouble.
5 hours just to figure out this line:
echo $_GET['jsonp_callback'] . '(' . $data . ');';
:p
tx u so much..
I didn't know the server code had to be modified as well. Now I understand how JSONP works. Thanks
[...] those interested, I've got a nice little trick inside the script which allows me to run a JSONP call and cancel it at a predefined [...]
[...] XML, JSON, plain text, or JSONP (JSONP involves cross domain callbacks and is deconstructed with a PHP example here). The licensing agreement for the AideRSS API specifies only non-commercial [...]
[...] packaged JSON data set uses JSONP for the callback pattern and thus to populate the page [...]
[...] server-side proxy; dynamically creating a script tag), the beauty of Pipes is that it can return a JSONP response. By providing a callback function as an input argument, it is possible to perform [...]