user2939415
Reputation: 894
How is JSONP any safer than JSON in cross-domain requests?
Why do browsers allow cross-origin JSONP requests and do not allow JSON requests? I know that JSON requests are not allowed to prevent XSS, but I don't see how JSONP is safer than JSON.
In fact, could JSONP be even more dangerous because it is technically a script, where JSON is just a text string?
Upvotes: 2
Views: 232
Answers (2)
user2939415
Reputation: 894
Because cross-domain JSON is blocked, sensitive data can be transmitted using JSON, rather than JSONP. This prevents XSS. Additionally, a server should not send sensitive data using JSONP. Thus, sending data using JSON protects it from unauthorized observation. JSON is safer in this sense.
Upvotes: 0
Related Questions
- What is the place the JSONP in CORS platform?
- Cross domain request in JavaScript vs. jQuery's JSONP
- Why is cross-domain JSONP safe, but cross-domainJSON not?
- What are the risks of cross domain JSONP communication?
- jsonp crossbrowser mistakes from domain or code side
- Should I use JSONP for something else than cross domain http request?
- Crossdomain request and plain javascript
- Benefits / disadvantages to a cross origin domain proxy?
- Difference jsonp and simple get request (cross domain)
- Could Future Security Measures Limit JSONP's Cross-Domain Asynchronous Capabilities?