Details
-
Improvement
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
2.5.0-beta3
-
None
Description
Shindig code base supports a 'callback' query parameter on a number of entry points (RPC Servlet entry, DataServiceServlet and JsonRpcServlet) and thereby provides JSONP support. However, Shindig has no place that uses this support.
ALL containers based off of Shindig are now forced to protect themselves against inappropriate JSONP usage (security issue).
Why would Shindig ship unused functionality that FORCES all containers to do extra work?
The proposed improvement is to extract a setting so application can disable JSONP feature. In the longer term, we can deprecate this feature and remove it if no one is depending on this feature.