In my blog Cross domain request in ABAP and Java with two workaround I introduce the step how to deal with Cross Domain issue using Cross-origin resource sharing ( CORS ) supported by almost all modern browsers.
And there is another alternative for cross domain issue, that is JSONP which can work on legacy browsers which predate CORS support.
In this blog, I will first explain how to use JSONP and then introduce the secret behind it.
JSONP in nodeJS server
Suppose I have two employee ID lookup service hosted by the port 3000 and 3001 in my local server. The service will simply return employee name by ID.
The client web page is hosted in port 3000. According to same origin policy, the web page hosted in port 3000 is allowed to access the service hosted in localhost:3000, but forbidden for localhost:3001.
Let’s now do a verification.
This is my server listening to port 3000:
const express = require('express');
const app = express();
const port = 3000;
var path = require('path');
var repo = {
"I042416": "Jerry",
"I042417": "Tom",
"I042418": "Jim"
}
app.use(express.static(path.join(__dirname, 'public')));
app.get('/request', (request, response) => {
console.log("The employee ID sent from Client:" + request.query.id);
response.json({
UserName: repo[request.query.id] + " ( handled in port 3000 )"
});
});
app.listen(port, (err) => {
if (err) {
return console.log('something bad happened', err)
}
console.log(`server is listening on ${port}`)
});
And this is my client page which allows end user to type the employee ID and send the query request:
<html>
<body>
<form action="">
ID: <input type="text" id = "inumber" name="ID" value="I042416"><br>
<input type="submit" value="Submit">
</form>
</body>
<script src="jquery1.7.1.js"></script>
<script>
$(document).ready(function(){
$("form").click(function(e){
e.preventDefault();
var data = {
id: $("#inumber").val()
};
$.ajax({
type: 'GET',
data: data,
url: 'http://localhost:3000/request',
dataType: 'json',
success: function(data) {
alert(data.UserName);
},
error: function(jqXHR, textStatus, errorThrown) {
console.log('error ' + textStatus + ' ' + errorThrown);
}
});
});
});
</script>
</html>
When I click Submit button, I get query response returned from service in port 3000 as expected:
And this is the log output in the console of service in port 3000:
Now I make small modification on the web page in port 3000, forcing it to send request to port 3001 instead:
And resend the id query, this time I saw the expected cross domain error message:
How to resolve cross domain issue using JSONP
Both minor changes in client and server side are necessary.
In service working in port 3001, I add a new service end point “request_jsonp”:
app.get('/request_jsonp', (request, response) => {
console.log("This service supports JSONP now: " + request.query.id);
var data = "{" + "UserName:'" + repo[request.query.id] + " ( handled in port 3001 )'"
+ "}";
var callback = request.query.callback;
var jsonp = callback + '(' + data + ');';
response.send(jsonp);
response.end();
});
In client web page, I change the send AJAX data type from json to jsonp, and inform server that “please parse the callback function name from literal “callback” in request header.
$.ajax({
type: 'GET',
data: data,
url: 'http://localhost:3001/request_jsonp',
dataType: 'jsonp',
jsonp: 'callback',
jsonpCallback: 'jsonpCallback',
success: function(data) {
alert(data.UserName);
},
error: function(jqXHR, textStatus, errorThrown) {
console.log('error ' + textStatus + ' ' + errorThrown);
}
});
Now send the query again from localhost:3000 page, and the request could successfully reach service in localhost:3001, handled there and return to localhost:3000 again:
Magic behind JSONP
In fact, no magic at all. The mechanism of JSONP just utilize the “benefit” that the HTML