Remove JSONP support

[kanongil]

Support plan

• is this issue currently blocking your project? (yes/no): no
• is this issue affecting a production system? (yes/no): no

Context

• node version: any
• module version: 20.x
• environment (e.g. node, browser, native): node
• used with (e.g. hapi application, another framework, standalone, ...):
• any other relevant information:

What problem are you trying to solve?

Simpler, more secure hapi.

Do you have a new or modified API suggestion to solve the problem?

Remove built-in JSONP support. See https://dev.to/benregenspan/the-state-of-jsonp-and-jsonp-vulnerabilities-in-2021-52ep for some recent insights.

While the JSONP feature does not effect any hapi usage where it is not enabled, it does add a bit of unnecessary maintenance burden and complicates the API. Given that no new projects should ever use this feature, and all use cases can be handled using the built-in CORS support, I say that this is a good candidate for removal in a future breaking release. Any project that still somehow requires it, should be able to handle manually or using a plugin.

[hueniverse]

Sounds like a good idea. I wanted to remove it in every release after it was added. If anyone still using JSONP, they are probably on hapi 16...