Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

support jsonp #42

Closed
jasonzhuang opened this issue Feb 7, 2016 · 8 comments
Closed

support jsonp #42

jasonzhuang opened this issue Feb 7, 2016 · 8 comments

Comments

@jasonzhuang
Copy link

Does it support jsonp? If not, could you point out how to implement?

@jpillora
Copy link
Owner

jpillora commented Feb 7, 2016

JSONP cannot be globally hooked. Since JSONP just uses scripts and function calls, the only way to do this would be to manually insert hook points in each JSONP library. XHook is an XMLHttpRequest wrapper with hooking options and since JSONP doesn't use XMLHttpRequest at all, it's out of scope.

My recommendation would be to choose your JSONP library, jQuery for example, and modify it to do what you need.

@jpillora jpillora closed this as completed Feb 7, 2016
@j-5-s
Copy link

j-5-s commented Apr 22, 2017

What if you overwrote document.createElement?

var createElement = document.createElement;
document.createElement = function(){
  var args = [].slice.apply(arguments)
  var el = createElement.apply(this, args);
  if (el.nodeNode === 'SCRIPT') {
   //  attach listeners to onload here
  }
  return el;
}

You would still not be covered by document.appendChild with script's as strings but not sure how common that is with jsonp libraries. I've really only seen that with analytics libraries like google analytics.

@jpillora
Copy link
Owner

Intercepting all possible ways of inserting a script tag isn't practical. Consider:

fooElement.innerHTML = '<script src="//server.com/my-jsonp-request.json?param=42"></script>';

This is a valid way for a library to make a JSONP request and would be impossible to catch.

@j-5-s
Copy link

j-5-s commented May 13, 2017

one more idea. you could intercept all jsonp requests with a MutationObserver since it requires a script tag get added to the page. I've created an example here its not complete and only console.log's the data.

@jpillora
Copy link
Owner

That's actually quite neat, I've never used MutationObserver. This looks like it might support the "after" hook, though I'm not sure about the "before" hook (and optional response replacement) as this would require the altering/cancelling of the script's request for script[src] fires off to the server

@j-5-s
Copy link

j-5-s commented May 14, 2017

Yeah, before wouldn't work in terms of altering/canceling. The mutation observer would fire off after the script tag is appended to the page, but from my initial tests always before the request completes. The only concern would be all the mutations it would have to filter through to look for scripts. It could potentially slow down the execution of the page.

@morsdyce
Copy link
Collaborator

While MutationObserver is a good way to detect script tags in the page, we won't be able to stop the request from finishing and parsing, we might be able to remove the script tag in time and that would tell the browser to not process the incoming javascript but we need to test how each browser reacts to this change.

We also need to keep in mind this will only work in evergreen browsers and the user must provide a valid jsonp response using the correct callback name.

The only other way I can think about doing this is trying to override the original Script is using service workers. However using service workers having many limitations which aren't very logical for a library to implement. The 2 main ones are that you must be running on https and you can only have 1 service worker per scope (and this would need to run on the root scope).

@dickeylth
Copy link

Intercepting all possible ways of inserting a script tag isn't practical. Consider:

fooElement.innerHTML = '<script src="//server.com/my-jsonp-request.json?param=42"></script>';

This is a valid way for a library to make a JSONP request and would be impossible to catch.

It seems that in this way the script in the src would not be executed, even not be loaded.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

5 participants