Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
In many example code I saw the format of .getJSON() is something like
$.getJSON("url?jsoncallback=?", function(data){
...}
And at back-end the response is written like
$response = $_GET["jsoncallback"]."(".json_encode($orders).")";
echo $reponse
I delete “?jsoncallback=?” from the url and $_GET[“jsoncallback”] and square brackets at back-end and it seems that everything still works. So what is the use of that jsoncallback stuff indeed?
If you don’t have the
jsoncallback=?it will just do normal JSON request not JSONP*. You can do normal JSON request just fine on your own server or a server that sends CORS headers.* forget about JSONP, this is a fancy name for inserting a script element in your document that runs code from a foreign server but with same authorization as your own scripts. The
$_GET["jsoncallback"], makes it a javascript function call like this:This is the code in a script like
<script src="http://foreign.org/data?jsoncallback=fn"></script>. As you can see, that’s Javascript, not JSON. With this, foreign.org (or someone hacking them) can change their script to do anything with authorization on your page, so be careful when using “JSONP” and prefer CORS JSON.