I'm using a client-side SDK, which creates a script under the hood and attaches it to the <head>
, and looks like the following:
<script src="http://foo.com?foo=bar"></script>
Notice that there's no callback
parameter.
The response sends back the following (with header Content-Type: application/javascript
):
{ document.cookie="something=thing" }
And it sets the cookie in the browser (I can see when I look at the cookies in the dev tools).
The strange this is, in the URL of the script, there's no callback parameter, as you would normally expect in a JSONP request.
I tried to replicate this behavior by adding a similar script to a local web page and am hitting a local server that returns the same response, but it doesn't set a cookie, unlike the SDK. The SDK itself is pretty simple and I don't see any other magic happening.
Has anyone seen anything like this before? How does it work?
Edit: here is the internal SDK method and sample response
_jsonp: function(o, e) {
var t = document.createElement("script");
t.type = "text/javascript", t.src = e, t.async = !0, document.getElementsByTagName("head")[0].appendChild(t), o.log("SENT JSONP request: " + e)
},
Sample response:
Response headers
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 158
Content-Type: application/javascript
Response body
{document.cookie=<redacted>}
Despite the method name in the API source code, it isn't JSONP.
JSONP is a JavaScript program which conforms to the specific format of: Contains only a function call, with one argument, which would be JSON if it was taken out of the JavaScript program and put in a JSON file.
JSONP works by injecting a <script>
element which loads and executes the JavaScript program.
What you have here is a JavaScript program that doesn't conform to the JSONP format.
It is still a JavaScript program.
Loading with a <script>
still works.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.