mirror of
https://github.com/jquery/jquery.git
synced 2024-11-23 02:54:22 +00:00
e7b3bc488d
Previously, `jQuery.ajax` with `dataType: 'json'` with a provided callback was automatically converted to a jsonp request unless one also specified `jsonp: false`. Today the preferred way of interacting with a cross-domain backend is CORS which works in all browsers jQuery 4 will support. Auto-promoting JSON requests to JSONP ones introduces a security issue as the developer may be unaware they're not just downloading data but executing code from a remote domain. This commit disables the auto-promoting logic. BREAKING CHANGE: to trigger a JSONP request, it's now required to specify `dataType: "jsonp"`; previously some requests with `dataType: "json"` were auto-promoted to JSONP. Fixes gh-1799 Fixes gh-3376 Closes gh-4754 |
||
|---|---|---|
| .. | ||
| ajax.js | ||
| animation.js | ||
| attributes.js | ||
| basic.js | ||
| callbacks.js | ||
| core.js | ||
| css.js | ||
| data.js | ||
| deferred.js | ||
| deprecated.js | ||
| dimensions.js | ||
| effects.js | ||
| event.js | ||
| exports.js | ||
| manipulation.js | ||
| offset.js | ||
| queue.js | ||
| ready.js | ||
| selector.js | ||
| serialize.js | ||
| support.js | ||
| traversing.js | ||
| tween.js | ||
| wrap.js | ||