Previously, `jQuery.ajax` with `dataType: 'json'` with a provided callback was
automatically converted to a jsonp request unless one also specified
`jsonp: false`. Today the preferred way of interacting with a cross-domain
backend is CORS which works in all browsers jQuery 4 will support.
Auto-promoting JSON requests to JSONP ones introduces a security issue as the
developer may be unaware they're not just downloading data but executing code
from a remote domain.
This commit disables the auto-promoting logic.
BREAKING CHANGE: to trigger a JSONP request, it's now required to specify
`dataType: "jsonp"`; previously some requests with `dataType: "json"` were
auto-promoted to JSONP.
Fixes gh-1799
Fixes gh-3376
Closes gh-4754
This fixes the issue of "%20" in POST data being replaced with "+"
even for requests with content-type different from
"application/x-www-form-urlencoded", e.g. for "application/json".
Fixes gh-4119
Closes gh-4650
Co-authored-by: Richard Gibson <richard.gibson@gmail.com>
Co-authored-by: Michał Gołębiowski-Owczarek <m.goleb@gmail.com>
This commit fixes unit tests for the following builds:
1. The no-deprecated build: `custom:-deprecated`
2. The current slim build: `custom:-ajax,-effects`
3. The future (#4553) slim build: `custom:-ajax,-callbacks,-deferred,-effects`
It also adds separate Travis jobs for the no-deprecated & slim builds.
Closes gh-4577
The script transport used to evaluate fetched script sources which is
undesirable for unsuccessful HTTP responses. This is different to other data
types where such a convention was fine (e.g. in case of JSON).
Fixes gh-4250
Closes gh-4379
Android Browser versions provided by BrowserStack fail the "prototype collision
(constructor)" test while locally fired emulators don't, even when they connect
to TestSwarm. Just skip the test there to avoid a red build.
Closes gh-4334
Also, run `grunt npmcopy` to sync the "external" directory with dependencies
from package.json. For example, the Sinon library version didn't match.
Ref gh-4234
Closes gh-4297
- getResponseHeader(key) combines all header values for the provided key into a
single result where values are concatenated by ', '. This does not happen for
IE11 since multiple values for the same header are returned on separate lines.
This makes the function only return the last value of the header for IE11.
- Updated ajax headers test to better cover Object.prototype collisions
Close gh-4173
Fixes gh-3403
- Update QUnit to 1.23.1
- Remove unused dl#dl from test/index.html
- Remove unused map#imgmap from test/index.html
- Ensure all urls to data use baseURI
- Add the 'grunt karma:main' task
- customContextFile & customDebugFile
- Add 'npm run jenkins' script
Close gh-3744
Fixes gh-1999
- Renames and changes rnotwhite to focus on HTML whitespace chars
- Change internal use of jQuery.trim to more accurate strip and collapse
- Adds tests to ensure HTML space characters are retained where valid
- Doesn't add tests where the difference is inconsequential and
existing tests are adequate.
Fixes gh-3003
Fixes gh-3072
Close gh-3316
Support comments that were lacking the final IE/Edge version that exhibits
the bug were checked & updated. Links to the Chromium bug tracker were updated.
Code in tests related to unsupported browsers (like Android 2.3 in non-basic
tests) has been removed.
Fixes gh-2868
Closes gh-2949
Fixes gh-2498
Closes gh-2682
The added unit test shows how this could be used to support an
ArrayBuffer return, but $.ajax does not support it natively.
The goal with this change was to avoid the exception.
Android 2.3 doesn't fire the window.onerror handler, just accept the reality
there and skip the test.
Refs gh-1573
Refs gh-1786
Refs jquery/jquery.com#108
Closes gh-2458
