-
Notifications
You must be signed in to change notification settings - Fork 27.5k
feat($http): setting JSONP callback name #3073
Conversation
@IgorMinar - is there a security issue around using the same callback name repeatedly? Or is the current design just to ensure that multiple requests do not accidentally land on each others callback functions? |
PR Checklist (Minor Feature)
|
@ricardohbin - can you please sign the CLA? Thanks |
@petebacondarwin I already signed it in other PR. :) |
rather than hardcoding the callback name, can't we just generate it in a repeatable and deterministic way based on the url requested? that way things can keep on working just as they work today but the callback name will be reused if the url is the same. this does however mean that we need to be able to handle a situation when two jsonp requests are made for the same url at the same time. the expected result should be that we'll call the callbacks in the order their requests were made. so internally we should have a map of stableCallbackIds to arrays instead of randomCallbackIds to callbacks. |
@IgorMinar that could lead to some slightly odd behavior though: I guess a potential solution could be to use a counter if there are parallel requests in flight, but that wouldn't be very pretty either. |
Having two or more requests in single mode is a problem with this patch. As a temporary way to take advantage of this, without going down the SHA route (which would be great), we can mimic a dynamic callback name by providing the defaultParams with an "@callback" and provide the callback name from a parameter, like:
as long as the params are unique, then you don't get caching collisions- |
Related issue : the callback name itself. The BING jsonp api for example prevent the use of dots in name. What about being able to override the default |
02dc2aa
to
fd2d6c0
Compare
cad9560
to
f294244
Compare
e8dc429
to
e83fab9
Compare
4dd5a20
to
998c61c
Compare
var callbackId = '_' + (callbacks.counter++).toString(36); | ||
var callbackId = (/JSON_CALLBACK\((.*)\)/).exec(url) || ('_' + (callbacks.counter++).toString(36)); | ||
|
||
if (callbackId.constructor.name === "Array") { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I would reword it more like this:
var base = (/JSON_CALLBACK\((.*?)\)/).exec(url);
base = base ? base[1] : '';
callbackId = base + ('_' + (callbacks.counter++).toString(36));
This way we use the nam
callbacks[callbackId] = function(data) { | ||
callbacks[callbackId].data = data; | ||
}; | ||
|
||
var jsonpDone = jsonpReq(url.replace('JSON_CALLBACK', 'angular.callbacks.' + callbackId), | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
trailing whitespace
Obviously this has been bitrotten for a pretty long time, but I don't see a huge problem with it really |
updating the fork ;) |
91e362e
to
232865e
Compare
Conflicts: src/ng/httpBackend.js
232865e
to
8104c93
Compare
I'm having the issue with an API that doesn't support dots. Perhaps a related solution is to change to callbacks that don't contain dots. |
We would then be polluting global variables --- this is not good. The right thing to do is either 1) don't use jsonp at all, if you can avoid it, or 2) pressure your API provider to work better |
|
The pyramid web framework disallows angular callbacks since newer versions. |
Still have an API that's not allowing dots; I know polluting global namespace is bad but right now the Angular feature can't be used because of this. An alternative is some flag to remove the dots. |
I think this is annoying enough - and might require a breaking change - to be highlighted for 1.5 |
Could we alleviate this by moving the callback stuff into its own service, say The service could have two methods
|
Use the built-in service to handling callbacks to `$http.jsonp` requests. Closes angular#3073
Use the built-in service to handling callbacks to `$http.jsonp` requests. Closes angular#3073
Use the built-in service to handling callbacks to `$http.jsonp` requests. Closes angular#3073
@ricardohbin, @revolunet, @pixelcort, @katzlbt - please take a look at #14795 |
hi, please unsubscribe my mailid On Sat, Jun 18, 2016 at 10:06 PM, Pete Bacon Darwin <
|
Allow to define a name to angular.callbacks function. It would be useful to caching (varnish, etc).
Ex:
Will always request