You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently, the ability to allow JSONP is a global app setting. There's no way to control whether a specific route allows JSONP other than deleting req.query.callback (or in 3.x, whatever you've set jsonp callback name to).
Consider an app that has routes where we want to allow public access (from other origins) and "private" APIs (routes that should not be accessible from other origins). We should be able to explicitly enable/disable JSONP, rather than the rather hacky method of globally enabling JSONP and then deleting query params to turn it off for specific routes. (This leaves the door open to forgetting to disable JSONP on a new, private route.)
The text was updated successfully, but these errors were encountered:
Currently, the ability to allow JSONP is a global app setting. There's no way to control whether a specific route allows JSONP other than deleting
req.query.callback
(or in 3.x, whatever you've setjsonp callback name
to).Consider an app that has routes where we want to allow public access (from other origins) and "private" APIs (routes that should not be accessible from other origins). We should be able to explicitly enable/disable JSONP, rather than the rather hacky method of globally enabling JSONP and then deleting query params to turn it off for specific routes. (This leaves the door open to forgetting to disable JSONP on a new, private route.)
The text was updated successfully, but these errors were encountered: