雅虎使用Django的未经授权的JSONP请求

Question

I have template Test.html :

<!DOCTYPE html>
<html lang="en">

<head>
<meta name = "viewport" content = "width = device-width; initial-scale=1.0; maximum-scale=1.0; user-scalable=no;">
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.7/jquery.min.js"></script>
<link href="http://ajax.googleapis.com/ajax/libs/jqueryui/1.8/themes/base/jquery-ui.css" rel="stylesheet" type="text/css"/>
<script src="http://ajax.googleapis.com/ajax/libs/jqueryui/1.8/jquery-ui.min.js"></script>
<script type="text/javascript" src="http://yui.yahooapis.com/2.9.0/build/yahoo/yahoo-min.js"></script> 
</head>

<body >

<h1>Stock Quotes AutoSuggest </h1>
<br><br>

<input style="width:800px; height:20px;" id="txtTicker" class="x"/>

<script type="text/javascript">
    var YAHOO = {
        Finance: {
            SymbolSuggest: {}
        }
    };   
$(".x").autocomplete({
source: function (request, response) {
var query=request.term;  
$.ajax({
          type: "GET",
          url: "http://d.yimg.com/autoc.finance.yahoo.com/autoc",
          data: {query: query,region:'US',lang:'en-US'},
          dataType: "jsonp",
          jsonp : "callback",
          jsonpCallback: "YAHOO.Finance.SymbolSuggest.ssCallback",
      });
      // call back function
      YAHOO.Finance.SymbolSuggest.ssCallback = function (data)     {           
            var suggestions = [];          //alert(JSON.stringify(data.ResultSet.Result));                            
            $.each(data.ResultSet.Result, function(i, val) {                                                                 
                suggestions.push(val.symbol+ " "+ val.name);
            });

        response(suggestions);
      }
},
minLength: 1,
select: function (event, ui) {
           //alert(ui.item.value.split("#")[1]);
           $(this).val(ui.item.value.split(" ")[0]);
           $("#stockvalue").val(ui.item.name); 
return false;   
},
});</script>

</body>
</html>

Javascript uses for autosuggest ticker names. After user input some letter in input field it sends ajax request to yahoo finance and should show the result.

If i open this html directly in browser - it works fine and shows some suggestions. But after i use it in my django project it shows nothing.

My views.py :

def home(request): 
    return render(request, 'Test.html')

What i found out in firefox console: 1) If i open html directly: after placing a letter in input field JS sends request to YAHOO.Finance (the full link for letter a : http://d.yimg.com/autoc.finance.yahoo.com/autoc?callback=YAHOO.Finance.SymbolSuggest.ssCallback&query=a&region=US&lang=en-US&_=1467262652424 ) with method GET and it's working good, we have an answer in json. 2) If we use Django to render this template: It sends request to YAHOO too (the full link for letter a : http://d.yimg.com/autoc.finance.yahoo.com/autoc?callback=YAHOO.Finance.SymbolSuggest.ssCallback&query=a&region=US&lang=en-US&_=1467263364507 ) but the status is 400 Bad Request . Inside the answer from yahoo i see this: /**/YAHOO.Finance.SymbolSuggest.ssCallback({"error":{"result":null,"error":{"code":"request-error","description":"Unauthorized JSONP request"}}}); What could be wrong?

Answer 1

I found answer for my question:

all you need is to add this in head: <meta charset="UTF-8" name="referrer" content="no-referrer">