有没有理由不使用JSONP的AJA〜X请求? [英] Are there reasons not to use JSONP for AJA~X requests?
问题描述
如果您正在构建一个AJA〜XY的应用程序,还有什么缺点使用JSONP请求/响应,即使你不打算在任何跨域请求?我唯一能想到的是,有一对夫妇额外的字节回调包装...
If you're building an AJA~Xy app, are there any downsides to using JSONP requests/responses even if you're not planning on any cross-domain requests? The only thing I can think of is that there are a couple extra bytes for the callback wrapper...
编辑:
我发现这这也表明安全和错误处理可能出现的问题?
I found this which also suggests security and error handling as potential problems...
有没有错误处理。剧本 注射无论是工作,还是没有。 如果有一个错误的 注射,它会击中页面, 短窗户大错误处理 (坏,坏,非常坏的),你需要 确定返回值是在有效 服务器端。
There's no error handling. The script injection either works, or it doesn't. If there's an error from the injection, it'll hit the page, and short of a window wide error handler (bad, bad, very bad), you need to be sure the return value is valid on the server side.
我不认为错误处理是太大的问题......我们大多数人会使用库来生成JSON ...的良好性我的回答是不是这个问题值得关注。
I don't think error handling is much of a problem... most of us would use a library to generate the JSON... the well-formedness of my response isn't a concern for this question.
和安全性:
安全。有文件出来的 网络可以帮助,但作为一个粗略 检查,我会检查引荐的 在服务器端脚本。
Security. There's documents out on the web that can help, but as a cursory check, I would check the referrer in the server side script.
好像这是与任何类型的响应的潜在问题......肯定有什么独特的JSONP在安全领域...?
it seems like this is a potential problem with any type of response... certainly there's nothing unique to JSONP in the security arena...?
推荐答案
下行?这是相当有限的 - 你触发一个GET请求,并取回多数民众赞成执行一些脚本。你没有得到的错误处理,如果你的服务器抛出一个错误,所以你需要用JSON中的所有错误,以及。你真的无法取消或重试请求。你在的正确的行为的各种浏览器作者意见怜悯动态生成的<脚本> 标签。调试是较为困难。
Downside? It's fairly limited - you trigger a "GET" request and get back some script that's executed. You don't get error handling if your server throws an error, so you need to wrap all errors in JSON as well. You can't really cancel or retry the request. You're at the mercy of the various browser author opinions of "correct" behavior for dynamically-generated <script> tags. Debugging is somewhat more difficult.
这是说,我用它有时,并没有受到影响。情况因人而异。
That said, i've used it on occasion, and haven't suffered. YMMV.
这篇关于有没有理由不使用JSONP的AJA〜X请求?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
