Why can jsonp only be a get method?

I have read several articles, but I don"t understand. Would you please explain? The best explanation for
is here
https://codeshelper.com/q/10.

. The

problem has evolved into a
< script > tag, which only supports GET?
I continue to ask,

Why does the
< script > tag only support GET?

May.22,2021

because script is about getting scripts and executing them, have you ever seen browsers load files in other ways? post is used to send data to the server.

also, it is no longer necessary to use jsonp. Other methods cannot be cross-domain jsonp. Other methods need to be modified as server-side jsonp. Use a more modern method.


says the opposite: not that JSONP can only use GET, but that JSONP takes advantage of the "bug" where the script tag does not check the src content across domains; if you use src to load, it must be a GET request.


< H2 > appearance of jsonp < / H2 >

introduction

because of the restrictions of the browser's same origin policy, XHR 1.0 (XMLHttpRequests) cannot initiate ajax requests for pages that are not in the current domain, in principle for security reasons.

jsonp actually takes advantage of the principle that browsers do not impose homologous policy restrictions on some tags. Usually, a function is created locally and placed under window, and then the js is loaded and executed automatically by creating a tag. However, this process called loading is actually just a js script load initiated by a browser. And then execute.
loading JS from an untrusted source from another point of view is also risky

alternative

there are many solutions to implement cross-domain requests, such as the early iframe. To learn more, bilibili can search Yan 18 one of the ancient ajax

Cross-domain in the new era

XHR 2.0

in XHR 2.0 , a new way to handle cross-domain is introduced, that is, the other party allows you to make a cross-domain request. When the browser initiates a cross-domain request, it will first initiate a options request to check whether the party initiating the request meets the admission conditions. If so, the request will be allowed to initiate a real request. If the request is not allowed, the data will be cut off.

reverse proxy

in fact, there has been a solution since the beginning of cross-domain, that is to set up a reverse proxy server locally to request the target, so that there is no cross-domain.

MySQL Query : SELECT * FROM `codeshelper`.`v9_news` WHERE status=99 AND catid='6' ORDER BY rand() LIMIT 5
MySQL Error : Disk full (/tmp/#sql-temptable-64f5-1b3f401-2c4a7.MAI); waiting for someone to free some space... (errno: 28 "No space left on device")
MySQL Errno : 1021
Message : Disk full (/tmp/#sql-temptable-64f5-1b3f401-2c4a7.MAI); waiting for someone to free some space... (errno: 28 "No space left on device")
Need Help?