| 4 | import "../ajax.js"; |
| 5 | |
| 6 | function canUseScriptTag( s ) { |
| 7 | |
| 8 | // A script tag can only be used for async, cross domain or forced-by-attrs requests. |
| 9 | // Requests with headers cannot use a script tag. However, when both `scriptAttrs` & |
| 10 | // `headers` options are specified, both are impossible to satisfy together; we |
| 11 | // prefer `scriptAttrs` then. |
| 12 | // Sync requests remain handled differently to preserve strict script ordering. |
| 13 | return s.scriptAttrs || ( |
| 14 | !s.headers && |
| 15 | ( |
| 16 | s.crossDomain || |
| 17 | |
| 18 | // When dealing with JSONP (`s.dataTypes` include "json" then) |
| 19 | // don't use a script tag so that error responses still may have |
| 20 | // `responseJSON` set. Continue using a script tag for JSONP requests that: |
| 21 | // * are cross-domain as AJAX requests won't work without a CORS setup |
| 22 | // * have `scriptAttrs` set as that's a script-only functionality |
| 23 | // Note that this means JSONP requests violate strict CSP script-src settings. |
| 24 | // A proper solution is to migrate from using JSONP to a CORS setup. |
| 25 | ( s.async && jQuery.inArray( "json", s.dataTypes ) < 0 ) |
| 26 | ) |
| 27 | ); |
| 28 | } |
| 29 | |
| 30 | // Install script dataType. Don't specify `contents.script` so that an explicit |
| 31 | // `dataType: "script"` is required (see gh-2432, gh-4822) |