i am using JSONP for cross domain ajax. It works perfecly. My doubt is that, is there any security issues while using jsonp?
Share
Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
i am using JSONP for cross domain ajax. It works perfecly. My doubt is that, is there any security issues while using jsonp?
EDIT
Just saw that there is already the same question: (Is JSONP safe to use?)
well you need to keep in mind that if you use ‘jsonp’ any external site could also call this script and get the result of you response.
the security problem occurs when the actions or responses are limited in some kind to a login of the user. e.g. if you return certain informations only if the user is logge
if you have information you only send to the client when the user is logged in or if there are certain actions only allowed when the user is logged in it is . so if a user is logged in and browsing to another page, this page could theoretically do jsonp requests for that user.