An HTTP GET request is what you get when you enter a URI in your browser or when you click on a link on a web page. Certain HTML elements, like also generate GET requests. GET requests a resource from the server. You can pass additional information to a server-side script by adding 'query parameters' after the script, such as Example Domain.
Say you're on domain www.example.com, and you want to make a request to domainwww.example.net. To do so, you need to cross domain boundaries, a no-no in most of browserland.
Enter JSONP. When you make your request to a server that is JSONP enabled, you pass a special parameter that tells the server a little bit about your page. That way, the server is able to nicely wrap up its response in a way that your page can handle.
For example, say the server expects a parameter called "callback" to enable its JSONP capabilities. Then your request would look like:
- http://www.example.net/sample.aspx?callback=mycallback
Without JSONP, this might return some basic JavaScript object, like so:
- { foo: 'bar' }
However, with JSONP, when the server receives the "callback" parameter, it wraps up the result a little differently, returning something like this:
- mycallback({ foo: 'bar' });
As you can see, it will now invoke the method you specified. So, in your page, you define the callback function:
- mycallback = function(data){ alert(data.foo); };
Major issue with JSONP
you lose a lot of control of the request that creates doubts in maintaining security