Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow more granular control over JSONP #1240

Closed
daguej opened this issue Jul 22, 2012 · 2 comments
Closed

Allow more granular control over JSONP #1240

daguej opened this issue Jul 22, 2012 · 2 comments

Comments

@daguej
Copy link
Contributor

daguej commented Jul 22, 2012

Currently, the ability to allow JSONP is a global app setting. There's no way to control whether a specific route allows JSONP other than deleting req.query.callback (or in 3.x, whatever you've set jsonp callback name to).

Consider an app that has routes where we want to allow public access (from other origins) and "private" APIs (routes that should not be accessible from other origins). We should be able to explicitly enable/disable JSONP, rather than the rather hacky method of globally enabling JSONP and then deleting query params to turn it off for specific routes. (This leaves the door open to forgetting to disable JSONP on a new, private route.)
@daguej daguej mentioned this issue Jul 22, 2012
Closed
@Radagaisus
Copy link

+1. Another approach is to create two servers, only one of them serves cross-domain requests, which sits nicely with rate limiting and monitoring.

@tj
Copy link
Member

tj commented Aug 28, 2012

I'd prefer we go this route personally #1307 since res.json doesn't do much else

@tj tj closed this as completed Aug 28, 2012
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@tj @daguej @Radagaisus