What I have learnt about JSON-P (from JSON-P VS JSON and wikipedia ) is

Question

0

Asked: June 7, 20262026-06-07T05:35:39+00:00 2026-06-07T05:35:39+00:00

What I have learnt about JSON-P (from JSON-P VS JSON and wikipedia ) is

0

What I have learnt about JSON-P (from JSON-P VS JSON and wikipedia) is – JSON-P is invented to overcome the same origin policy of browsers and load JSON objects from another domain. There is a post on stackoverflow which shows how JSON-P calls work. There it seems, if I remove ?callback=? from the URL, the JSON-P request acts like plain JSON call and hence rejected by same origin policy. Which is proved by this live example .

Now I have another URL : https://graph.facebook.com/100001612121705.json
And I use following method to load data from it (visit here for live example):

$(document).ready(function() {
    $.getJSON("https://graph.facebook.com/100001612121705", null,
    function(data) {
        $.each(data, function(key, val) { 
            alert(key + ' is ' + val);
        });
    });
});

Note that I am not using the ?callback? with my URL and still this request is able fetch JSON data from another domain ! Which is very surprising to me. Can anyone kindly explain why is this request not rejected by Same Origin Rule ?

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-06-07T05:35:40+00:00

Editorial Team

2026-06-07T05:35:40+00:00Added an answer on June 7, 2026 at 5:35 am

Facebook’s server emits a header of

Access-Control-Allow-Origin: *

This header is retrieved by the browser in the first phase of the call and parsed, it states that any referrer (origin page) may load data from that url. Thus bypassing the same-origin-policy restrictions.

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

What I have learnt about JSON-P (from JSON-P VS JSON and wikipedia ) is

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply