Export (0) Print
Expand All

Using JSONP

JSON Padding (JSONP) is a mechanism that enables cross-site scripting support in Web browsers. JSONP is designed around the ability of Web browsers to load scripts from a site different from the one the current loaded document was retrieved from. The mechanism works by padding the JSON payload with a user-defined callback function name, as shown in the following example.

callback({"a" = \"b\" });

In the preceding example the JSON payload, {"a" = \"b\"}, is wrapped in a function call, callback. The callback function must already be defined in the current Web page. The content type of a JSONP response is “application/javascript”.

JSONP is not automatically enabled. To enable it, set the javascriptCallbackEnabled attribute to true on one of the HTTP standard endpoints (WebHttpEndpoint or WebScriptEndpoint), as shown in the following example.

<system.serviceModel>
    <standardEndpoints>
      <webHttpEndpoint>
        <standardEndpoint name="" javascriptCallbackEnabled="true"/>
      </webHttpEndpoint>
    </standardEndpoints>   
  </system.serviceModel>

The name of the callback function can be specified in a query variable called callback as shown in the following URL.

http://baseaddress/Service/RestService?callback=functionName

When invoked, the service sends a response like the following.

functionName({"root":"Something});

You can also specify the callback function name by applying the JavascriptCallbackBehaviorAttribute to the service class, as shown in the following example.

[ServiceContract]
[JavascriptCallbackBehavior(ParameterName = "$callback")]
public class Service1
{
    [OperationContract]
    [WebGet(ResponseFormat=WebMessageFormat.Json)]
    public string GetData()
    {            
    }
}

For the service shown previously, a request looks like the following.

http://baseaddress/Service/RestService?$callback=anotherFunction

When invoked, the service responds with the following.

anotherFunction ({"root":"Something});

JSONP responses with HTTP status codes other than 200 include a second parameter with the numeric representation of the HTTP status code, as shown in the following example.

anotherFunction ({"root":"Something}, 201);

The following validations are performed when JSONP is enabled:

  • The WCF infrastructure throws an exception if javascriptCallback is enabled, a callback query-string parameter is present in the request and the response format is set to JSON.

  • If the request contains the callback query string parameter but the operation is not an HTTP GET, the callback parameter is ignored.

  • If the callback name is null or empty string the response is not formatted as JSONP.

Show:
© 2014 Microsoft