Bug Tracker

Ticket #5955 (closed bug: fixed)

Opened 5 years ago

Last modified 3 years ago

datatype=jsonp is ignored if request is local

Reported by: nickjohnson Owned by: jaubourg
Priority: high Milestone: 1.5
Component: ajax Version: 1.4.1
Keywords: ajaxrewrite Cc:
Blocking: Blocked by:

Description

When making a jQuery.ajax request with datatype=jsonp, or a jQuery.getJSON request with a callback parameter, jQuery ignores the jsonp parameter and always uses an XHR if the request is not crossdomain. The culprit is here:  http://github.com/jquery/jquery/blob/master/src/ajax.js#L292

This is a problem if the local URL is known to return a crossdomain 302 redirect, as is the case in our situation: We want the client to make OAuth authenticated calls to the twitter API, but the client can't do the signing (and shouldn't know the oauth secrets in any case), so we handle this by having jQuery request a local URL, which assembles the signed URL and returns it as a redirect. Since jQuery picks the callback function name, we can't do this as separate requests or by precalculating the URL, either.

Change History

comment:1 Changed 5 years ago by iraebrasil

I agree completely with this being a bug. In the past I had issues with that too, but fixed in the server side, but would be much better if jQuery handled this better.

Here is a proposal to fix this issue, including one new unit test:  http://github.com/irae/jquery/commit/df635fcb6dc7b47bf2f15b8b26f6a73d8bfa5210

=)

comment:2 Changed 4 years ago by dmethvin

  • Priority changed from major to high
  • Status changed from new to open
  • Milestone changed from 1.4.2 to 1.4.5

comment:3 Changed 4 years ago by rwaldron

  • Keywords ajaxrewrite added

comment:4 Changed 4 years ago by jaubourg

  • Owner set to jaubourg
  • Status changed from open to assigned

DataType "jsonp" is not ignored at all. Ajax simply uses the best available transport (ie the one with the best error handling capabilities).

The case where you request a same-domain url that redirects to a cross-domain one shouldn't force all other valid usages of same-domain script ot jsonp requests to use script tags.

Since the rewrite there's an internally computed option called "crossDomain". I think the best way to deal with this kind of situation is to only compute crossDomain if no truish value has already been provided for it in the options. That way, you can force a same-domain request to be considered cross-domain (and handle cross-domain redirection) while not forcing a less reliable transport on all other same-domain requests.

comment:5 Changed 4 years ago by jaubourg

  • Status changed from assigned to closed
  • Resolution set to fixed

Fixes #5955. Option crossDomain now forces ajax to consider a request as cross-domain even when it is not. Useful for when servers issue redirects to cross-domain urls. Unit test added.

Changeset: 5a5f67800b048ae274e644547f4b8e03156ffa49

comment:6 Changed 4 years ago by jitter

  • Milestone changed from 1.4.5 to 1.5

Move fixed tickets to appropriate milestone

Note: See TracTickets for help on using tickets.