This repository has been archived by the owner on Apr 12, 2024. It is now read-only.
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat($http): specify the JSONP callback via the
callbackParam
confi…
…g value The query parameter that will be used to transmit the JSONP callback to the server is now specified via the `callbackParam` config value, instead of using the `JSON_CALLBACK` placeholder. * Any use of `JSON_CALLBACK` in a JSONP request URL will cause an error. * Any request that provides a parameter with the same name as that given by the `callbackParam` config property will cause an error. This is to prevent malicious attack via the response from an app inadvertently allowing untrusted data to be used to generate the callback parameter. BREAKING CHANGE You can no longer use the `JSON_CALLBACK` placeholder in your JSONP requests. Instead you must provide the name of the query parameter that will pass the callback via the `callbackParam` property of the config object, or app-wide via the `$http.defaults.callbackParam` property, which is `callback` by default. Before this change: ``` $http.json('trusted/url?callback=JSON_CALLBACK'); $http.json('other/trusted/url', {params:cb:'JSON_CALLBACK'}); ``` After this change: ``` $http.json('trusted/url'); $http.json('other/trusted/url', {callbackParam:'cb'}); ```
- Loading branch information
1 parent
3d1512b
commit 308f3bf
Showing
4 changed files
with
123 additions
and
17 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,18 @@ | ||
@ngdoc error | ||
@name $http:badjsonp | ||
@fullName Bad JSONP Request Configuration | ||
@description | ||
|
||
This error occurs when the URL generated from the configuration object contains a parameter with the same name as the configured `callbackParam` | ||
property; or when it contains a parameter whose value is `JSON_CALLBACK`. | ||
|
||
`$http` JSON requests need to attach a callback query parameter to the URL. The name of this parameter is specified in the configuration | ||
object (or in the defaults) via the `callbackParam` property. You must not provide your own parameter with this name in the configuration | ||
of the request. | ||
|
||
In previous versions of Angular, you specified where to add the callback parameter value via the `JSON_CALLBACK` placeholder. This is no longer | ||
allowed. | ||
|
||
To resolve this error, remove any parameters that have the same name as the `callbackParam`; and/or remove any parameters that have a value of `JSON_CALLBACK`. | ||
|
||
For more information, see the {@link ng.$http#jsonp `$http.jsonp()`} method API documentation. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters