Jsonp principle:
Ajax itself is not cross-domain and is implemented across domains by generating a script tag. Because the SRC attribute of the script tag is not a cross-domain limitation. In fact, set the datatype: ' Jsonp ' after the $.ajax method and Ajax XMLHttpRequest have nothing to do with, instead of the JSONP protocol. JSONP is an unofficial protocol that allows the server-side integration of script tags back to the client to achieve cross-domain access through JavaScript callback.
JSONP is a script injection (scripts injection) behavior, so there are some security implications. First register a callback (for example: ' Jsoncallback ') on the client, and then pass callback's name (for example: jsonp1236827957501) to the server. Note: After the server gets the value of callback, use jsonp1236827957501 (...). Include the JSON content that will be output, at which point the server generates JSON data to be properly received by the client.
Then, in JavaScript syntax, a function is generated, and the function name is the value jsonp1236827957501 of the parameter ' Jsoncallback ' passed up.
Finally, the JSON data is placed directly into the function in the form of a parameter, so that a document of JS syntax is generated and returned to the client.
The client browser, parses the script tag, and executes the returned JavaScript document, at which time the JavaScript document data, as parameters,
Passed into the client's pre-defined callback function (as in the previous example, the jquery $.ajax () method encapsulates the Success:function (JSON)). (Dynamic execution callback function)
Can say Jsonp way principle and <script src= "//cross-domain/...xx.js" ></script> is consistent (QQ space is a large number of this way to achieve cross-domain data exchange).
The page js is :
$.ajax ({ URL: "/http" + Ipport + "/user/getuser", type: ' GET ', dataType: ' Jsonp ', jsonp: ' Callback ', success:function (data) { alert (' success: ' +data); }, fail:function () { alert (' fail '); } });
The datatype parameter is JSONP: JSONP cross-domain request.
The JSONP parameter is callback: The callback function is named callback (the same as the background return).
The code in the Java background is:
/** * Direct output. Handling JSONP returned data */public static void Printjsondata (String text) {PrintWriter Print;try {httpservletrequest Request = Threadcontextholder.gethttprequest (); HttpServletResponse response = Threadcontextholder.gethttpresponse (); Response.setcontenttype ("text/html;charset= Utf-8 ");p rint=response.getwriter (); String Jsonp=request.getparameter ("callback"), if (jsonp!=null) {text=jsonp+ "({\" data\ ":" +text+ "," + "\" token\ ": \" "+ Stringutil.token () + "\"}) "; else{text= "{\" data\ ":" +text+ "," + "\" token\ ": \" "+stringutil.token () +" \ "}";} Print.write (text);p rint.close ();} catch (IOException e) {System.err.println (E.getmessage ());}}
Request.getparameter ("callback"), callback in the callback function name, to remain consistent.
This will not prompt for cross-domain.
JSONP cross-domain issues in jquery and Java background