Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
JSON Padding (JSONP) is a mechanism that enables cross-site scripting support in Web browsers. JSONP is designed around the ability of Web browsers to load scripts from a site different from the one the current loaded document was retrieved from. The mechanism works by padding the JSON payload with a user-defined callback function name, as shown in the following example.
callback({"a" = \\"b\\"});
In the preceding example the JSON payload, {"a" = \\"b\\"}, is wrapped in a function call, callback. The callback function must already be defined in the current Web page. The content type of a JSONP response is application/javascript.
JSONP is not automatically enabled. To enable it, set the javascriptCallbackEnabled attribute to true on one of the HTTP standard endpoints (WebHttpEndpoint or WebScriptEndpoint), as shown in the following example.
<system.serviceModel>
<standardEndpoints>
<webHttpEndpoint>
<standardEndpoint name="" javascriptCallbackEnabled="true"/>
</webHttpEndpoint>
</standardEndpoints>
</system.serviceModel>
The name of the callback function can be specified in a query variable called callback as shown in the following URL.
http://baseaddress/Service/RestService?callback=functionName
When invoked, the service sends a response like the following.
functionName({"root":"Something"});
You can also specify the callback function name by applying the JavascriptCallbackBehaviorAttribute to the service class, as shown in the following example.
[ServiceContract]
[JavascriptCallbackBehavior(ParameterName = "$callback")]
public class Service1
{
[OperationContract]
[WebGet(ResponseFormat=WebMessageFormat.Json)]
public string GetData()
{
}
}
For the service shown previously, a request looks like the following.
http://baseaddress/Service/RestService?$callback=anotherFunction
When invoked, the service responds with the following.
anotherFunction ({"root":"Something"});
HTTP Status Codes
JSONP responses with HTTP status codes other than 200 include a second parameter with the numeric representation of the HTTP status code, as shown in the following example.
anotherFunction ({"root":"Something"}, 201);
Validations
The following validations are performed when JSONP is enabled:
The WCF infrastructure throws an exception if
javascriptCallbackis enabled, a callback query-string parameter is present in the request and the response format is set to JSON.If the request contains the callback query string parameter but the operation is not an HTTP GET, the callback parameter is ignored.
If the callback name is
nullor empty string the response is not formatted as JSONP.