tags:

views:

38

answers:

1

I understand that jsonp is a technique to get around the same origin policy. You basically refer to your json serving server endpoint in a script tag, because script tags are exempt from the SO policy.

My question is: Assuming a server has an endpoint that serves up json, are there any modifications necessary on the server to make use of jsonp in the client?

I think no, but want to be sure....

+3  A: 

Yes, JSONP is slightly different when it renders, so your server needs to support it.

JSON looks like this:

{ "name": "value" }

Whereas JSONP looks like this:

functionName({ "name": "value" });

If whatever you're using supports it you're covered, but it's not the same as supporting just JSON. When the server gets a request, for example: http://example.com/json?callback=functionName, the above is what you should render, because how it looks in the page is this:

<script type="text/javascript" src="http://example.com/json?callback=functionName"&gt;&lt;/script&gt;

This means something that runs needs to be returned, as an illustration, this is valid:

<script type="text/javascript">
  functionName({ "name": "value" });
</script>

If your server didn't support JSONP it would effectively be this:

<script type="text/javascript">
  { "name": "value" }
</script>

...and you'll get syntax errors, since that's not valid JavaScript.

Nick Craver
and your js code has to implement functionName? Does it need to eval the json to get the js objects?
hvgotcodes
@hvgotcodes - Yes, the client has that function (for example jQuery creates one dynamically by default). It's JSON being passed to the function (JSON is valid object literal notation, just a subset of it), so no `eval()` needs to be done.
Nick Craver
@Nick -- i don't understand why you don't need to eval it. Regardless of jsonp, dont most js libraries eval the json returned via xhrs to get the actual js objects the json represents?
hvgotcodes
@hvgotcodes - Nope, it's not running through JavaScript (or XmlHttpRequest), it's literally a `<script>` element added to the page...it's fetched like any other `.js` file. It's a normal GET...that's why it's allowed cross-domain where normal AJAX requests aren't. In the case of JSON the response is either eval'd or better, uses the native `JSON.parse()` several browsers have implemented....but JSONP is a different ballgame.
Nick Craver