Forum Discussion

grahamgatus's avatar
grahamgatus
Guide
10 years ago

JSONP support in Endpoints - undocumented feature?

I have been testing cross domain requests to an Endpoint I created, with the assumption that only CORS was supported to work around same origin browser issues when doing AJAX. I found however that if I pass a "callback=someFunction" HTTP parameter to the Endpoint, that the response is wrapped in jsonp, and works fine without any CORS setup.

 

My endpoint content type is configured to be 'application/json".

 

Is anyone else using this, or can confirm it is an 'official' way to do cross domain requests (along with CORS), as there isnt anything in the knowledge base to suggest this. I was going to write my own jsonp wrapper macro and was surpised to see it working out of the box.

 

4 Replies

Sort By
  • PaoloT's avatar
    PaoloT
    Lithium Alumni (Retired)
    10 years ago

    Hi SuzieH - looks like this could be part of our documentation if it is a supported feature (I am not sure about this part) ? Thanks, 

  • SuzieH's avatar
    SuzieH
    Khoros Alumni (Retired)
    10 years ago

    grahamgatus What you attempted is supported. Engineering has confirmed that endpoints are not vulnerable to content sniffing or code injection attacks. We'll get more formalized documentation about this on our documentation backlog.

  • SuzieH's avatar
    SuzieH
    Khoros Alumni (Retired)
    9 years ago

    I want to follow up on this thread. The official recommendation from Lithium is to use CORS, not JSONP. We will continue to support customers currently using JSONP, but we cannot guarantee continued support in future releases.