Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Configurable JSON prefix on MappingJackson2HttpMessageConverter and MappingJacksonHttpMessageConverter [SPR-10627] #15255

Closed
spring-issuemaster opened this issue Jun 4, 2013 · 4 comments
Assignees
Milestone

Comments

@spring-issuemaster
Copy link
Collaborator

@spring-issuemaster spring-issuemaster commented Jun 4, 2013

Halvard Skogsrud opened SPR-10627 and commented

Spring MVC currently prevents JSON hijacking by prefixing the response with "{} &&" if the prefixJSON bean property is set.

This has been made configurable in MappingJackson(2)JsonView (see #15196), but not in MappingJackson(2)HttpMessageConverter.

Could we implement the same change in the message converters?


Affects: 3.2.3

Issue Links:

  • #15443 MappingJackson2HttpMessageConverter and MappingJacksonHttpMessageConverter should use configured JSON prefix instead of hardcoded value.

1 votes, 3 watchers

@spring-issuemaster

This comment has been minimized.

Copy link
Collaborator Author

@spring-issuemaster spring-issuemaster commented Jul 24, 2013

Halvard Skogsrud commented

Thanks for doing this, much appreciated!

@spring-issuemaster

This comment has been minimized.

Copy link
Collaborator Author

@spring-issuemaster spring-issuemaster commented Aug 10, 2013

Maxime Falaize commented

It is not resolved in the 3.2.4.RELEASE. You forgot to use the jsonPrefix variable in the writeRaw function !!

@spring-issuemaster

This comment has been minimized.

Copy link
Collaborator Author

@spring-issuemaster spring-issuemaster commented Aug 10, 2013

Maxime Falaize commented

Sorry, I just saw that it was resolved 2 days ago for the next 3.2.5 release.
However I still cannot use the )]}',\n for AngularJS (http://docs.angularjs.org/api/ng.$http) because the \n is interpreted as a String.
A workaround is to create my own class inherited from the spring MappingJacksonHttpMessageConverter and to override the setJsonPrefix to unescape Java specials characters but can you add this functionality to the spring converter please ?

@spring-issuemaster

This comment has been minimized.

Copy link
Collaborator Author

@spring-issuemaster spring-issuemaster commented Aug 11, 2013

Rossen Stoyanchev commented

See separate ticket created for 3.2.5 (#15443).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
2 participants
You can’t perform that action at this time.