Export (0) Print
Expand All


JSON Padding (JSONP) is a mechanism that enables cross-site scripting support in Web browsers. JSONP is designed around the ability of Web browsers to load scripts from a site different from the one the current loaded document was retrieved from. The mechanism works by padding the JSON payload with a user-defined callback function name, as shown in the following example.

callback({"a" = \"b\" });

In the preceding example the JSON payload, {"a" = \"b\"}, is wrapped in a function call, callback. The callback function must already be defined in the current Web page. The content type of a JSONP response is “application/javascript”.

JSONP is not automatically enabled. To enable it, set the javascriptCallbackEnabled attribute to true on one of the HTTP standard endpoints (WebHttpEndpoint or WebScriptEndpoint), as shown in the following example.

        <standardEndpoint name="" javascriptCallbackEnabled="true"/>

The name of the callback function can be specified in a query variable called callback as shown in the following URL.


When invoked, the service sends a response like the following.


You can also specify the callback function name by applying the JavascriptCallbackBehaviorAttribute to the service class, as shown in the following example.

[JavascriptCallbackBehavior(ParameterName = "$callback")]
public class Service1
    public string GetData()

For the service shown previously, a request looks like the following.


When invoked, the service responds with the following.

anotherFunction ({"root":"Something});

JSONP responses with HTTP status codes other than 200 include a second parameter with the numeric representation of the HTTP status code, as shown in the following example.

anotherFunction ({"root":"Something}, 201);

The following validations are performed when JSONP is enabled:

  • The WCF infrastructure throws an exception if javascriptCallback is enabled, a callback query-string parameter is present in the request and the response format is set to JSON.

  • If the request contains the callback query string parameter but the operation is not an HTTP GET, the callback parameter is ignored.

  • If the callback name is null or empty string the response is not formatted as JSONP.

© 2014 Microsoft