mirror of
https://github.com/jquery/jquery.git
synced 2024-12-09 08:04:24 +00:00
07a8e4a177
Until now, the AJAX script transport only used a script tag to load scripts for cross-domain requests or ones with `scriptAttrs` set. This commit makes it also used for all async requests to avoid CSP errors arising from usage of inline scripts. This also makes `jQuery.getScript` not trigger CSP errors as it uses the AJAX script transport under the hood. For sync requests such a change is impossible and that's what `jQuery._evalUrl` uses. Fixing that is tracked in gh-1895. The commit also makes other type of requests using the script tag version of the script transport set its type to "GET", namely async scripts & ones with `scriptAttrs` set in addition to the existing cross-domain ones. Fixes gh-3969 Closes gh-4763
14 lines
347 B
HTML
14 lines
347 B
HTML
<!DOCTYPE html>
|
|
<html>
|
|
<head>
|
|
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
|
|
<title>jQuery.ajax() - script, CSP script-src compat (gh-3969)</title>
|
|
<script src="../jquery.js"></script>
|
|
<script src="iframeTest.js"></script>
|
|
<script src="csp-ajax-script.js"></script>
|
|
</head>
|
|
<body>
|
|
<p>CSP Test Page</p>
|
|
</body>
|
|
</html>
|