-
Notifications
You must be signed in to change notification settings - Fork 155
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
support jsonp #42
Comments
JSONP cannot be globally hooked. Since JSONP just uses scripts and function calls, the only way to do this would be to manually insert hook points in each JSONP library. XHook is an XMLHttpRequest wrapper with hooking options and since JSONP doesn't use XMLHttpRequest at all, it's out of scope. My recommendation would be to choose your JSONP library, jQuery for example, and modify it to do what you need. |
What if you overwrote
You would still not be covered by |
Intercepting all possible ways of inserting a script tag isn't practical. Consider: fooElement.innerHTML = '<script src="//server.com/my-jsonp-request.json?param=42"></script>'; This is a valid way for a library to make a JSONP request and would be impossible to catch. |
one more idea. you could intercept all jsonp requests with a MutationObserver since it requires a script tag get added to the page. I've created an example here its not complete and only console.log's the data. |
That's actually quite neat, I've never used MutationObserver. This looks like it might support the "after" hook, though I'm not sure about the "before" hook (and optional response replacement) as this would require the altering/cancelling of the script's request for |
Yeah, before wouldn't work in terms of altering/canceling. The mutation observer would fire off after the script tag is appended to the page, but from my initial tests always before the request completes. The only concern would be all the mutations it would have to filter through to look for scripts. It could potentially slow down the execution of the page. |
While MutationObserver is a good way to detect script tags in the page, we won't be able to stop the request from finishing and parsing, we might be able to remove the script tag in time and that would tell the browser to not process the incoming javascript but we need to test how each browser reacts to this change. We also need to keep in mind this will only work in evergreen browsers and the user must provide a valid jsonp response using the correct callback name. The only other way I can think about doing this is trying to override the original Script is using service workers. However using service workers having many limitations which aren't very logical for a library to implement. The 2 main ones are that you must be running on https and you can only have 1 service worker per scope (and this would need to run on the root scope). |
It seems that in this way the script in the |
Does it support jsonp? If not, could you point out how to implement?
The text was updated successfully, but these errors were encountered: