Skip to main content

Bug Tracker

Side navigation

#5955 closed bug (fixed)

Opened January 27, 2010 11:12AM UTC

Closed January 09, 2011 03:53PM UTC

Last modified March 13, 2012 11:33PM UTC

datatype=jsonp is ignored if request is local

Reported by: nickjohnson Owned by: jaubourg
Priority: high Milestone: 1.5
Component: ajax Version: 1.4.1
Keywords: ajaxrewrite Cc:
Blocked by: Blocking:
Description

When making a jQuery.ajax request with datatype=jsonp, or a jQuery.getJSON request with a callback parameter, jQuery ignores the jsonp parameter and always uses an XHR if the request is not crossdomain. The culprit is here: http://github.com/jquery/jquery/blob/master/src/ajax.js#L292

This is a problem if the local URL is known to return a crossdomain 302 redirect, as is the case in our situation: We want the client to make OAuth authenticated calls to the twitter API, but the client can't do the signing (and shouldn't know the oauth secrets in any case), so we handle this by having jQuery request a local URL, which assembles the signed URL and returns it as a redirect. Since jQuery picks the callback function name, we can't do this as separate requests or by precalculating the URL, either.

Attachments (0)
Change History (6)

Changed February 08, 2010 05:06AM UTC by iraebrasil comment:1

I agree completely with this being a bug. In the past I had issues with that too, but fixed in the server side, but would be much better if jQuery handled this better.

Here is a proposal to fix this issue, including one new unit test:

http://github.com/irae/jquery/commit/df635fcb6dc7b47bf2f15b8b26f6a73d8bfa5210

)

Changed November 20, 2010 02:54PM UTC by dmethvin comment:2

milestone: 1.4.21.4.5
priority: majorhigh
status: newopen

Changed December 27, 2010 10:37PM UTC by rwaldron comment:3

keywords: → ajaxrewrite

Changed January 09, 2011 03:43PM UTC by jaubourg comment:4

owner: → jaubourg
status: openassigned

DataType "jsonp" is not ignored at all. Ajax simply uses the best available transport (ie the one with the best error handling capabilities).

The case where you request a same-domain url that redirects to a cross-domain one shouldn't force all other valid usages of same-domain script ot jsonp requests to use script tags.

Since the rewrite there's an internally computed option called "crossDomain". I think the best way to deal with this kind of situation is to only compute crossDomain if no truish value has already been provided for it in the options. That way, you can force a same-domain request to be considered cross-domain (and handle cross-domain redirection) while not forcing a less reliable transport on all other same-domain requests.

Changed January 09, 2011 03:53PM UTC by jaubourg comment:5

resolution: → fixed
status: assignedclosed

Fixes #5955. Option crossDomain now forces ajax to consider a request as cross-domain even when it is not. Useful for when servers issue redirects to cross-domain urls. Unit test added.

Changeset: 5a5f67800b048ae274e644547f4b8e03156ffa49

Changed January 14, 2011 10:20PM UTC by jitter comment:6

milestone: 1.4.51.5

Move fixed tickets to appropriate milestone