Forum Discussion

grahamgatus's avatar
grahamgatus
Guide
10 years ago

JSONP support in Endpoints - undocumented feature?

I have been testing cross domain requests to an Endpoint I created, with the assumption that only CORS was supported to work around same origin browser issues when doing AJAX. I found however that if I pass a "callback=someFunction" HTTP parameter to the Endpoint, that the response is wrapped in jsonp, and works fine without any CORS setup.

 

My endpoint content type is configured to be 'application/json".

 

Is anyone else using this, or can confirm it is an 'official' way to do cross domain requests (along with CORS), as there isnt anything in the knowledge base to suggest this. I was going to write my own jsonp wrapper macro and was surpised to see it working out of the box.

 

  • PaoloT's avatar
    PaoloT
    Lithium Alumni (Retired)
    10 years ago

    Hi SuzieH - looks like this could be part of our documentation if it is a supported feature (I am not sure about this part) ? Thanks, 

      • SuzieH's avatar
        SuzieH
        Khoros Alumni (Retired)
        10 years ago

        grahamgatus What you attempted is supported. Engineering has confirmed that endpoints are not vulnerable to content sniffing or code injection attacks. We'll get more formalized documentation about this on our documentation backlog.