Continuing our JSON series, we have been covering some excellent features of JSON like JSON Java script tutorial,  JSON with CSS and Simple remoting using JSON. Today we will talk about JSON Request and its advantages

JSONRequest

JSONRequest is a global JavaScript object. It provides three methods: post, get, and cancel.

JSONRequest.post

JSONRequest.post does an HTTP POST of a the serialization of a JavaScript object or array, gets the response, and parses the response into a JavaScript value. If the parse is successful, it returns the value to the requesting script. In making the request, no HTTP authentication or cookies are sent. Any cookies returned by the server cause the request to fail. The JSONRequest service can only be used to send and receive JSON-encoded values. JSONRequest cannot be used to retrieve other text formats.

JSONRequest.get

JSONRequest.get does an HTTP GET request, gets the response, and parses the response into a JavaScript value. If the parse is successful, it returns the value to the requesting script. In making the request, no HTTP authentication or cookies are sent. Any cookies returned by the server cause the request to fail. The JSONRequest.get service can only be used to obtain JSON-encoded values. JSONRequest.get cannot be used to retrieve other text formats.

JSONRequest.cancel

A request can be cancelled by calling JSONRequest.cancel with the request number as the only parameter. Nothing is returned. There is no guarantee that the request will not be sent to the server since it is possible that it had been transmitted before the cancel request was made.

For more information refer the following link

http://www.json.org/JSONRequest.html

Advantages of JSONRequest

The JSONRequest has some features that allow it to be exempted from the Same Origin Policy (Related to Security).

1.    JSONRequest does not send or receive cookies or passwords in HTTP headers. This avoids false authorization situations. Knowing the name of a site does not grant the ability to use its browser credentials.

2.    JSONRequest works only with JSON text. The JSONRequest cannot be used to access legacy data or documents or scripts. This avoids attacks on internal websites which assume that access is sufficient authorization. A request will fail if the response is not perfectly UTF-8 encoded. Suboptimal aliases and surrogates will fail. A request will fail if the response is not strictly in JSON format. A request will fail if the server does not respond to POST with a JSON payload.

3.    Reponses will be rejected unless they contain a JSONRequest content type. This makes it impossible to use JSONRequest to obtain data from insecure legacy servers.

4.    JSONRequest reveals very little error information. In some cases, the goal of a miscreant is to access the information that can be obtained from an error message. JSONRequest does not return this information to the requesting script. It may provide the information to the user through a log or other mechanism, but not in a form that the script can ordinarily access.

5.    JSONRequest accumulates random delays before acting on new requests when previous requests have failed. This is to frustrate timing analysis attacks and denial of service attacks.

The JSONRequest does only one thing: It exchanges data between scripts on pages with JSON servers in the web. It provides this highly valuable service while introducing no new security vulnerabilities.

A browser within a filewall may have the capability to interact with a server. Computers on the outside do not have that capability.