mirror of
https://github.com/jquery/jquery.git
synced 2024-11-23 02:54:22 +00:00
e7b3bc488d
Previously, `jQuery.ajax` with `dataType: 'json'` with a provided callback was automatically converted to a jsonp request unless one also specified `jsonp: false`. Today the preferred way of interacting with a cross-domain backend is CORS which works in all browsers jQuery 4 will support. Auto-promoting JSON requests to JSONP ones introduces a security issue as the developer may be unaware they're not just downloading data but executing code from a remote domain. This commit disables the auto-promoting logic. BREAKING CHANGE: to trigger a JSONP request, it's now required to specify `dataType: "jsonp"`; previously some requests with `dataType: "json"` were auto-promoted to JSONP. Fixes gh-1799 Fixes gh-3376 Closes gh-4754 |
||
|---|---|---|
| .. | ||
| data | ||
| integration | ||
| node_smoke_tests | ||
| promises_aplus_adapters | ||
| unit | ||
| .eslintrc.json | ||
| delegatetest.html | ||
| hovertest.html | ||
| index.html | ||
| jquery.js | ||
| karma.context.html | ||
| karma.debug.html | ||
| localfile.html | ||
| middleware-mockserver.js | ||
| networkerror.html | ||
| xhtml.php | ||