jsonp support for egg, with security check inside
JavaScript
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
.github
app/extend
config
lib
test
.autod.conf.js
.eslintignore
.eslintrc
.gitignore
.travis.yml
History.md
LICENSE
README.md
appveyor.yml
package.json

README.md

egg-jsonp

NPM version build status Test coverage David deps Known Vulnerabilities npm download

An egg plugin for jsonp support.

Install

$ npm i egg-jsonp --save

Usage

// {app_root}/config/plugin.js
exports.jsonp = {
  enable: true,
  package: 'egg-jsonp',
};

Configuration

  • {String|Array} callback - jsonp callback method key, default to [ '_callback', 'callback' ]
  • {Number} limit - callback method name's max length, default to 50
  • {Boolean} csrf - enable csrf check or not. default to false
  • {String|RegExp|Array} whiteList - referrer white list

if whiteList's type is RegExp, referrer must match whiteList, pay attention to the first ^ and last /.

exports.jsonp = {
  whiteList: /^https?:\/\/test.com\//,
}
// matchs referrer:
// https://test.com/hello
// http://test.com/

if whiteList's type is String and starts with .:

exports.jsonp = {
  whiteList: '.test.com',
};
// matchs domain test.com:
// https://test.com/hello
// http://test.com/

// matchs subdomain
// https://sub.test.com/hello
// http://sub.sub.test.com/

if whiteList's type is String and not starts with .:

exports.jsonp = {
  whiteList: 'sub.test.com',
};
// only matchs domain sub.test.com:
// https://sub.test.com/hello
// http://sub.test.com/

whiteList also can be an array:

exports.jsonp = {
  whiteList: [ '.foo.com', '.bar.com' ],
};

see config/config.default.js for more detail.

API

  • ctx.acceptJSONP - detect if response should be jsonp, readonly

Example

In app/router.js

// Create once and use in any router you want to support jsonp.
const jsonp = app.jsonp();
app.get('/default', jsonp, 'jsonp.index');
app.get('/another', jsonp, 'jsonp.another');

// Customize by create another jsonp middleware with specific sonfigurations.
app.get('/customize', app.jsonp({ callback: 'fn' }), 'jsonp.customize');

Questions & Suggestions

Please open an issue here.

License

MIT