Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit68b4ec5

Browse files
authored
Ajax: Make responseJSON work for erroneous same-domain JSONP requests
Don't use a script tag for JSONP requests unless for cross-domain requestsor if scriptAttrs are provided. This makes the `responseJSON` property availablein JSONP error callbacks.This fixes a regression from jQuery 3.5.0 introduced ingh-4379 which madeerroneous script responses to not be executed to follow native behavior.The 3.x-stable branch doesn't need this fix as it doesn't use script tags forregular async requests.Closesgh-4778Refgh-4771Refgh-4773Refgh-4379
1 parent1a5fff4 commit68b4ec5

File tree

1 file changed

+18
-5
lines changed

1 file changed

+18
-5
lines changed

‎src/ajax/script.js

Lines changed: 18 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -3,6 +3,22 @@ import document from "../var/document.js";
33

44
import"../ajax.js";
55

6+
functioncanUseScriptTag(s){
7+
8+
// A script tag can only be used for async, cross domain or forced-by-attrs requests.
9+
// Sync requests remain handled differently to preserve strict script ordering.
10+
returns.crossDomain||s.scriptAttrs||
11+
12+
// When dealing with JSONP (`s.dataTypes` include "json" then)
13+
// don't use a script tag so that error responses still may have
14+
// `responseJSON` set. Continue using a script tag for JSONP requests that:
15+
// * are cross-domain as AJAX requests won't work without a CORS setup
16+
// * have `scriptAttrs` set as that's a script-only functionality
17+
// Note that this means JSONP requests violate strict CSP script-src settings.
18+
// A proper solution is to migrate from using JSONP to a CORS setup.
19+
(s.async&&jQuery.inArray("json",s.dataTypes)<0);
20+
}
21+
622
// Prevent auto-execution of scripts when no explicit dataType was provided (See gh-2432)
723
jQuery.ajaxPrefilter(function(s){
824
if(s.crossDomain){
@@ -35,17 +51,14 @@ jQuery.ajaxPrefilter( "script", function( s ) {
3551

3652
// These types of requests are handled via a script tag
3753
// so force their methods to GET.
38-
if(s.crossDomain||s.async||s.scriptAttrs){
54+
if(canUseScriptTag(s)){
3955
s.type="GET";
4056
}
4157
});
4258

4359
// Bind script tag hack transport
4460
jQuery.ajaxTransport("script",function(s){
45-
46-
// This transport only deals with async, cross domain or forced-by-attrs requests.
47-
// Sync requests remain handled differently to preserve strict script ordering.
48-
if(s.crossDomain||s.async||s.scriptAttrs){
61+
if(canUseScriptTag(s)){
4962
varscript,callback;
5063
return{
5164
send:function(_,complete){

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp