If we can't make cross origin requests without JSONP, how are we doing it with other websites like Google maps without JSONP?

If we can't make cross origin requests without JSONP, how are we doing it with other websites like Google maps without JSONP?
0

#1

[Wikipedia viewer] if we can’t make cross origin requests without JSONP, how are we doing it with other websites like Google maps without JSONP? Isn’t Google map from different origin? We use JSONP with Wikipedia.

While doing the Wikipedia viewer project I came across CORS cross origin resource sharing. Which prevents cross origin requests ( ex request to Wikipedia from local Host). And we use JSONP ( json with padding ) to overcome it.

My question is if we can’t make cross origin requests without JSONP, how are we doing it with other websites like Google maps without JSONP?


#2

CORS is actually an alternative to JSONP. According to Wikipedia:

CORS can be used as a modern alternative to the JSONP pattern. While JSONP supports only the GET request method, CORS also supports other types of HTTP requests. Using CORS enables a web programmer to use regular XMLHttpRequest, which supports better error handling than JSONP. On the other hand, JSONP works on legacy browsers which predate CORS support. CORS is supported by most modern web browsers. Also, while JSONP can cause cross-site scripting (XSS) issues when the external site is compromised, CORS allows websites to manually parse responses to ensure security.

For Google Maps, if I remember correctly, you use a javascript API. Google’s code takes care of sending the requests. I don’t know if it uses CORS or JSONP or something else.


#3

Typically it is done via the HTTPS (as opposed to HTTP) protocol, in which case that server has internally enabled the CORS handshake/transmission to go through.