Comments on: JSONP and The Same Origin Policy

By: Zack Grossbart

Zack Grossbart — Fri, 22 Jan 2010 00:51:22 +0000

All REST requests are just HTTP requests. When you make an HTTP request from a browser it is an AJAX request. AJAX request are governed by the same origin policy which prevents you from calling to a different web server from inside JavaScript. JSONP is a limited type of AJAX request that can get around the same origin policy, but it doesn't support the full implementation of HTTP that REST needs. If you are calling REST from JavaScript you are limited to calling the server that served your JavaScript.

By: Daniel Silva

Daniel Silva — Fri, 22 Jan 2010 00:39:24 +0000

But Can you explain me why REST-based APIs are affected by Same Origin Policy?
I just make a request to one server, or not?

By: Zack Grossbart

Zack Grossbart — Thu, 21 Jan 2010 22:11:55 +0000

Hello Daniel,

It is difficult for me to debug your issue since I’m not working on your code, but I can give you a few guesses. If the authentication process is using standard HTML then it doesn’t have anything to do with your JSONP.

The real issue with REST and JSONP is that JSONP only supports GET and REST requires POST, PUT, and DELETE at a minimum.

By: Daniel Silva

Daniel Silva — Thu, 21 Jan 2010 21:23:01 +0000

I’m developing a twitter app in JS and I’m getting a same origin policy problem when trying to authenticate, it used to happen with all requests but after changing the datatype from json to jsonp the problem was genneraly solved across the application, except on the authentication process (it’s not json but html). What I find weird is that all the requests are made to the same server, so I don’t really get what is the issue here. The twitter uses a REST API, but once more I don’t really get what’s the specific problem of calling on a REST API in JS.

If you could enlighten me I would be very thankful,

Daniel Silva