Cross-domain Access-JSONP

JSONP is the JSON with Padding. Due to the limitations of the same-origin policy, XMLHttpRequest only allows resources to be requested for the current source (domain name, protocol, port). If cross-domain requests are made, we can make cross-domain requests by using the HTML script tag and return the script code to execute in the response, where the JavaScript object can be passed directly using JSON. This cross-domain communication method is called JSONP.

The advantage of JSONP is that it is not subject to the same-origin policy as the AJAX request implemented by the XMLHttpRequest object, which is better compatible and can be run in older browsers. XMLHttpRequest or ActiveX support is not required, and the result can be returned by calling callback when the request is complete.

The disadvantage of JSONP is that it only supports get requests and does not support other types of HTTP requests such as Post, which only supports cross-domain HTTP requests, and does not solve the problem of how to make JavaScript calls between two pages in different domains.

The benefit of JSONP is the ability to solve cross-domain requests very well, but there are some shortcomings:

• The state of the request is not rich enough, we can only listen to the status of the request success, if the request fails, we can not be known through a status code, so if the request fails, there is no feedback to the user, may cause user confusion.

• Because the script tag is not limited by the same origin, it also creates some security issues.
  Using the script tag on the remote site will allow the remote site to inject any content into the site. If the remote site has JavaScript injection vulnerabilities, the original site will also be affected.
  Now there is an ongoing plan to define the so-called json-p strict security subset so that the browser can enforce the MIME category as "Application/json-p" requests. If the response cannot be resolved to a strict json-p, the browser can throw an error or ignore the entire response.

Compare the differences between JSON and JSONP formats:

JSON format:

{    "message": "Get Succeeded",    "state": "1",    "result": {"name": "Workgroup 1", "id": 1, "description": "11"}}

JSONP format:

Callback ({    "message": "Get Succeeded",    "state": "1",    "result": {"name": "Workgroup 1", "id": 1, "description": "11"}})

See the difference, in the URL callback to the background of the parameter is God horse callback is God horse, jsonp than JSON outside there is a layer, callback (). So we know how to deal with it. Then modify the background code.

Other information:

http://kb.cnblogs.com/page/139725/

Http://www.cnblogs.com/sunxucool/p/3433992.html

Cross-domain Access-JSONP