jsonp icon indicating copy to clipboard operation
jsonp copied to clipboard
verified publisher icon kapytein

Test 24 cases in 2 requests

Open s0md3v opened this issue 5 years ago • 2 comments

Web applications do not acknowledge additional query parameters supplied in HTTP requests. Developers simply fetch whatever parameters they need from the request.

Hence, if callback parameter exists on an endpoint, sending both callback and jsonp parameters in the same request won't affect the application's behavior.

Using this simple deduction, we can reduce the number of requests by 50%.

s0md3v avatar Jan 16 '20 00:01 s0md3v

Thanks for the PR! I am collecting some more feedback, since merging this PR will mean that we won't be able to report the exact parameter (which is used to trigger the JSONP functionality) to the user.

This will definitely save time and requests though! :D

kapytein avatar Jan 16 '20 15:01 kapytein

I understand your concern but the exact parameter can be identified using a binary search approach. It will however take around 9 to 10 requests including the initial ones in case a jsonp endpoint is detected.

Here's how it will work:

  1. Make a request containing all the 24 parameter names.
  2. If the response changes, break the parameter list into two parts and make two separate requests.
  3. Reject the parameter list which doesn't cause any change in the response. Break the other list again and do it until you have just one parameter left.

You can look at Arjun's code to see how it can be implemented.

s0md3v avatar Jan 16 '20 17:01 s0md3v