Opened 15 years ago
Closed 15 years ago
#1987 closed bug (fixed)
.ajax with dataType: 'script' and type: 'POST' performs a GET Request
| Reported by: | developingchris | Owned by: | |
|---|---|---|---|
| Priority: | minor | Milestone: | 1.2.2 |
| Component: | ajax | Version: | 1.2 |
| Keywords: | Cc: | ||
| Blocked by: | Blocking: |
Description (last modified by )
I did the above test case based on your title and it appears to me a 'post' is done, not a 'get'. So based on the title I'd say this works for me. I still don't understand what the patch is supposed to do even if it didn't work so feel free to reopen the bug with more details and a new test case if it seems appropriate.
Attachments (3)
Change History (8)
Changed 15 years ago by
| Attachment: | ajax_xdscript.patch added |
|---|
comment:1 Changed 15 years ago by
| need: | Review → Test Case |
|---|
I'm thinking about this and I'm not sure I understand what the bug is. The title says if you have 'script' and 'post' then the code is doing a 'get'. But the proposed solution is to create a new type of dataType called 'xdscript'.
So what is the actual problem? How does the solution fix it? I think I'm missing something. Please attach a test case that demonstrates it if you can.
comment:2 Changed 15 years ago by
| Description: | modified (diff) |
|---|---|
| Priority: | critical → major |
| Resolution: | → worksforme |
| Status: | new → closed |
comment:3 Changed 15 years ago by
| Resolution: | worksforme |
|---|---|
| Status: | closed → reopened |
Please modify your test to use a fully qaulified url. Since that is the #1 trigger to get to the XD scripting block. I have a site that uses https:// and subdomains for user accounts, so almost all urls must be fully qualified in order to avoid security warnings. When a protocol is passed in the url it will always be a GET, I am sorry that this wasn't in the original ticket.
comment:4 Changed 15 years ago by
Based on my understanding of the jQuery ajax code, there are two basic ways that jQuery can request data. One is the XMLHttpRequest and the other is through a dynamically created <script> tag.
Unfortunately, the XMLHttpRequest specifically prohibits using a fully qualified domain (like http://www.example.com) by its same-origin security model.
That means all cross-domain ajax must be through the <script> tag and I'm not aware of a method to change the way a browser requests the script from a GET to a POST. I believe all your patch would do is throw an error when XMLHttpRequest gets a fully qualified domain.
I'll check to see if someone else has an idea but I suspect this will be closed again without a fix. If you have another idea feel free to post it here.
comment:5 Changed 15 years ago by
| need: | Test Case → Review |
|---|---|
| Priority: | major → minor |
| Resolution: | → fixed |
| Status: | reopened → closed |
Fixed in [4106] such that any non-GET requests are passed on to XMLHttpRequest since a <script> type ajax request can only use GET.
patch to change cross domain script block to only execute on dataType xdscript