Post Data to JSONp

How to make a jsonp POST request that specifies contentType with jQuery?

It is not possible to make a JSONP POST request.

JSONP works by creating a <script> tag that executes Javascript from a different domain; it is not possible to send a POST request using a <script> tag.

Send data using POST to JSONP request

Is it possible to post data to JSONP?

No, it isn't.

JSONP works by adding a <script> element that gets data from its src (the data is embedded in a JavaScript program). You can't make a POST request to load a JavaScript program.

Or does all data have to be passed in the querystring as a GET request?

Yes

JSONP is a dirty hack to get around the Same Origin Policy.

CORS was introduced as standard way to get around the Same Origin Policy that is much, much more flexible. You can make POST requests with XMLHttpRequest if authorised by CORS. Use CORS instead.

Post data to JsonP

It is not possible to do an asynchronous POST to a service on another domain, due to the (quite sensible) limitation of the same origin policy. JSON-P only works because you're allowed to insert <script> tags into the DOM, and they can point anywhere.

You can, of course, make a page on another domain the action of a regular form POST.

Edit: There are some interesting hacks out there if you're willing to go to a lot of effort inserting hidden <iframe>s and mucking about with their properties.

How to make a JSONP POST request in angular?

You cannot make a POST request using JSON-P (with or without Angular)

A JSON-P request works by generating a <script> element with a src attribute. This will always trigger a GET request.

If you want to make a cross-domain POST request with JavaScript then you must use either XMLHttpRequest (and have the server supply suitable access control headers as per the CORS specification) or proxy the request through the server hosting the page.

How to use type: POST in jsonp ajax call

You can't POST using JSONP...it simply doesn't work that way, it creates a <script> element to fetch data...which has to be a GET request. There's not much you can do besides posting to your own domain as a proxy which posts to the other...but user's not going to be able to do this directly and see a response though.

Using PUT/POST/DELETE with JSONP and jQuery

Actually - there is a way to support POST requests.
And there is no need in a PROXI server - just a small utility HTML page that is described bellow.

Here's how you get Effectively a POST cross-domain call, including attached files and multi-part and all :)

Here first are the steps in understanding the idea, after that - find an implementation sample.

How JSONP of jQuery is implemented, and why doesn't it support POST requests?

While the traditional JSONP is implemented by creating a script element and appending it into the DOM - what results inforcing the browser to fire an HTTP request to retrieve the source for the tag, and then execute it as JavaScript, the HTTP request that the browser fires is simple GET.

What is not limited to GET requests?

A FORM. Submit the FORM while specifing action the cross-domain server.
A FORM tag can be created completely using a script, populated with all fields using script, set all necessary attributes, injected into the DOM, and then submitted - all using script.

But how can we submit a FORM without refreshing the page?

We specify the target the form to an IFRAME in the same page.
An IFRAME can also be created, set, named and injected to the DOM using script.

But How can we hide this work from the user?
We'll contain both FORM and IFRAME in a hidden DIV using style="display:none"

(and here's the most complicated part of the technique, be patient)

But IFRAME from another domain cannot call a callback on it's top-level document. How to overcome that?

Indeed , if a response from FORM submit is a page from another domain, any script communication between the top-level page and the page in the IFRAME results in "access denied". So the server cannot callback using a script. What can the server can do? redirect. The server may redirect to any page - including pages in the same domain as the top-level document - pages that can invoke the callback for us.

How can a server redirect?

two ways:

  1. Using client side script like <Script>location.href = 'some-url'</script>
  2. Using HTTP-Header. See: http://www.webconfs.com/how-to-redirect-a-webpage.php

So I end up with another page? How does it help me?

This is a simple utility page that will be used from all cross-domain calls. Actually, this page is in-fact a kind of a proxi, but it is not a server, but a simple and static HTML page, that anybody with notepad and a browser can use.

All this page has to do is invoke the callback on the top-level document, with the response-data from the server. Client-Side scripting has access to all URL parts, and the server can put it's response there encoded as part of it, as well as the name of the callback that has to be invoked. Means - this page can be a static and HTML page, and does not have to be a dynamic server-side page :)

This utility page will take the information from the URL it runs in - specifically in my implementation bellow - the Query-String parameters (or you can write your own implementation using anchor-ID - i.e the part of a url right to the "#" sign). And since this page is static - it can be even allowed to be cached :)

Won't adding for every POST request a DIV, a SCRIPT and an IFRAME eventually leak memory?

If you leave it in the page - it will. If you clean after you - it will not. All we have to do is give an ID to the DIV that we can use to celan-up the DIV and the FORM and IFRAME inside it whenever the response arrives from the server, or times out.

What do we get?

Effectively a POST cross-domain call, including attached files and multi-part and all :)

What are the limits?

  • The server response is limited to whatever fits into a redirection.
  • The server must ALWAYS return a REDIRECT to a POST requests. That include 404 and 500 errors.
    Alternatively - create a timeout on the client just before firing the request, so you'll have a chance to detect requests that have not returned.
  • not everybody can understand all this and all the stages involved. it's a kind of an infrastructure level work, but once you get it running - it rocks :)

Can I use it for PUT and DELETE calls?

FORM tag does not PUT and DELETE.
But that's better then nothing :)

Ok, got the concept. How is it done technically?

What I do is:

I create the DIV, style it as invisible, and append it to the DOM. I also give it an ID that I can clean it up from the DOM after the server response has arrived (the same way JQuery cleans it's JSONP SCRIPT tasgs - but the DIV).

Then I compose a string that contains both IFRAME and FORM - with all attributes, properties and input fields, and inject it into the invisible DIV. it is important to inject this string into the DIV only AFTER the div is in the DOM. If not - it will not work on all browsers.

After that - I obtain a reference to the FORM and submit it.
Just remember one line before that - to set a Timeout callback in case the server does not respond, or responds in a wrong way.

The callback function contains the clean-up code. It is also called by timer in case of a response-timeout (and cleans it's timeout-timer when a server response arrives).

Show me the code!

The code snippet bellow is totally "neutral" on "pure" javascript, and declares whatever utility it needs. Just for simplification of explaining the idea - it all runs on the global scope, however it should be a little more sophisticated...

Organize it in functions as you may and parameterize what you need - but make sure that all parts that need to see each other run on the same scope :)

For this example - assume the client runs on http://samedomain.com and the server runs on http://crossdomain.com.

The script code on the top-level document

//declare the Async-call callback function on the global scope
function myAsyncJSONPCallback(data){
    //clean up 
    var e = document.getElementById(id);
    if (e) e.parentNode.removeChild(e);
    clearTimeout(timeout);

    if (data && data.error){
        //handle errors & TIMEOUTS
        //...
        return;
    }

    //use data
    //...
}

var serverUrl          = "http://crossdomain.com/server/page"
  , params = { param1  : "value of param 1"      //I assume this value to be passed
             , param2  : "value of param 2"      //here I just declare it...
             , callback: "myAsyncJSONPCallback" 
             }
  , clientUtilityUrl   = "http://samedomain.com/utils/postResponse.html"
  , id     = "some-unique-id"// unique Request ID. You can generate it your own way
  , div    = document.createElement("DIV")       //this is where the actual work start!
  , HTML   = [ "<IFRAME name='ifr_",id,"'></IFRAME>"  
             , "<form target='ifr_",id,"' method='POST' action='",serverUrl 
             , "' id='frm_",id,"' enctype='multipart/form-data'>"
             ]
  , each, pval, timeout;

//augment utility func to make the array a "StringBuffer" - see usage bellow
HTML.add = function(){
              for (var i =0; i < arguments.length; i++) 
                  this[this.length] = arguments[i];
           }

//add rurl to the params object - part of infrastructure work
params.rurl = clientUtilityUrl //ABSOLUTE URL to the utility page must be on
                               //the SAME DOMAIN as page that makes the request

//add all params to composed string of FORM and IFRAME inside the FORM tag  
for(each in params){
    pval = params[each].toString().replace(/\"/g,""");//assure: that " mark will not break
    HTML.add("<input name='",each,"' value='",pval,"'/>"); //        the composed string      
}
//close FORM tag in composed string and put all parts together
HTML.add("</form>");
HTML = HTML.join("");   //Now the composed HTML string ready :)

//prepare the DIV
div.id = id; // this ID is used to clean-up once the response has come, or timeout is detected
div.style.display = "none"; //assure the DIV will not influence UI

//TRICKY: append the DIV to the DOM and *ONLY THEN* inject the HTML in it
//        for some reason it works in all browsers only this way. Injecting the DIV as part 
//        of a composed string did not always work for me
document.body.appendChild(div);
div.innerHTML = HTML;

//TRICKY: note that myAsyncJSONPCallback must see the 'timeout' variable
timeout = setTimeout("myAsyncJSONPCallback({error:'TIMEOUT'})",4000);
document.getElementById("frm_"+id+).submit();

The server on the cross-domain
The response from the server is expected to be a REDIRECTION, either by HTTP-Header or by writing a SCRIPT tag. (redirection is better, SCRIPT tag is easier to debug with JS breakpoints).
Here's the example of the header, assuming the rurl value from above

Location: http://samedomain.com/HTML/page?callback=myAsyncJSONPCallback&data=whatever_the_server_has_to_return

Note that

  • the value of the data argument can be a JavaScript Object-Literal or JSON expression, however it better be url-encoded.
  • the length of the server response is limited to the length of a URL a browser can process.

Also - in my system the server has a default value for the rurl so that this parameter is optional. But you can do that only if your client-application and server-application are coupled.

APIs to emit redirection header:

http://www.webconfs.com/how-to-redirect-a-webpage.php

Alternatively, you can have the server write as a response the following:

<script>
   location.href="http://samedomain.com/HTML/page?callback=myAsyncJSONPCallback&data=whatever_the_server_has_to_return"
</script>

But HTTP-Headers would be considered more clean ;)

The utility page on the same domain as the top-level document

I use the same utility page as rurl for all my post requests: all it does is take the name of the callback and the parameters from the Query-String using client side code, and call it on the parent document. It can do it ONLY when this page runs in the EXACT same domain as the page that fired the request! Important: Unlike cookies - subdomains do not count!! It has to he the exact same domain.

It's also make it more efficient if this utility page contains no references to other resources -including JS libraries. So this page is plain JavaScript. But you can implement it however you like.

Here's the responder page that I use, who's URL is found in the rurl of the POST request (in the example: http://samedomain.com/utils/postResponse.html )

<html><head>
<script type="text/javascript">
//parse and organize all QS parameters in a more comfortable way
var params = {};
if (location.search.length > 1) {
    var i, arr = location.search.substr(1).split("&");
    for (i = 0; i < arr.length; i++) {
        arr[i] = arr[i].split("=");
        params[arr[i][0]] = unescape(arr[i][1]);
    }
}

//support server answer as JavaScript Object-Literals or JSON:
//  evaluate the data expression
try { 
    eval("params.data = " + params.data); 
} catch (e) { 
    params.data = {error: "server response failed with evaluation error: " + e.message
                  ,data : params.data
                  }
}

//invoke the callback on the parent
try{
     window.parent[ params.callback ](params.data || "no-data-returned");
}catch(e){
     //if something went wrong - at least let's learn about it in the
     //      console (in addition to the timeout)
     throw "Problem in passing POST response to host page: \n\n" + e.message;
}
</script>
</head><body></body></html>

It's not much automation and 'ready-made' library like jQuery and involes some 'manual' work - but it has the charm :)

If you're a keen fan of ready-made libraries - you can also check on Dojo Toolkit that when last I checked (about a year ago) - had their own implementation for the same mechanism.
http://dojotoolkit.org/

Good luck buddy, I hope it helps...

Unable to post data using JSONP on Cross Domain

You can't POST using JSONP (look here and here) because it just doesn't work that way - it creates a <script> element to fetch data, which has to be done via GET request. JSONP solution doesn't use XmlHttpRequest object, so it is not an AJAX request in the standard way of understanding, but the content is still accessed dynamically - no difference for the end user.

JSONP can be indeed used to overcome same origin policy restriction, but alternatively you can use CORS, implemented in modern browsers alternative to JSON with Padding.

It is possible to post data with jsonp in Angular 5 without query string?

JSONP is GET request, it isn't supposed to have body, all data should be sent as query string.

So no, it's not possible.

In case of CORS problems alternative solutions such as CORS proxy may be used.


Related Topics

React-Router External Link

Parse Error: Adjacent Jsx Elements Must Be Wrapped in an Enclosing Tag

How to Add a Custom Right-Click Menu to a Webpage

How to Read the Client's MAChine/Computer Name from the Browser

How to Strip HTML Tags from String in JavaScript

JavaScript Scroll Event for Iphone/Ipad

Angularjs with Django - Conflicting Template Tags

Send Response to All Clients Except Sender

Mongodb, Remove Object from Array

How to Compare Software Version Number Using JS? (Only Number)

What's the Easiest Way to Call a Function Every 5 Seconds in Jquery

How to Render an Array of Objects in React

JavaScript - Arrow Functions This in Event Handler

How to Order Events Bound with Jquery

Make Axios Send Cookies in Its Requests Automatically

How to Use JavaScript to Change the Meta-Tags of the Page

Is ".Then(Function(A){ Return A; })" a No-Op for Promises

How to Write a Named Arrow Function in Es2015


Leave a reply



Submit