egg-jsonp
egg-jsonp copied to clipboard
Published
20 hours ago •
eggjs
eggjs
jsonp support for egg, with security check inside
egg-jsonp
An egg plugin for jsonp support.
Install
$ npm i egg-jsonp --save
Usage
// {app_root}/config/plugin.js
exports.jsonp = {
enable: true,
package: 'egg-jsonp',
};
Configuration
- {String|Array} callback - jsonp callback method key, default to
[ '_callback', 'callback' ] - {Number} limit - callback method name's max length, default to
50 - {Boolean} csrf - enable csrf check or not. default to false
- {String|RegExp|Array} whiteList - referrer white list
if whiteList's type is RegExp, referrer must match whiteList, pay attention to the first ^ and last /.
exports.jsonp = {
whiteList: /^https?:\/\/test.com\//,
}
// matchs referrer:
// https://test.com/hello
// http://test.com/
if whiteList's type is String and starts with .:
exports.jsonp = {
whiteList: '.test.com',
};
// matchs domain test.com:
// https://test.com/hello
// http://test.com/
// matchs subdomain
// https://sub.test.com/hello
// http://sub.sub.test.com/
if whiteList's type is String and not starts with .:
exports.jsonp = {
whiteList: 'sub.test.com',
};
// only matchs domain sub.test.com:
// https://sub.test.com/hello
// http://sub.test.com/
whiteList also can be an array:
exports.jsonp = {
whiteList: [ '.foo.com', '.bar.com' ],
};
see config/config.default.js for more detail.
API
- ctx.acceptJSONP - detect if response should be jsonp, readonly
Example
In app/router.js
// Create once and use in any router you want to support jsonp.
const jsonp = app.jsonp();
app.get('/default', jsonp, 'jsonp.index');
app.get('/another', jsonp, 'jsonp.another');
// Customize by create another jsonp middleware with specific sonfigurations.
app.get('/customize', app.jsonp({ callback: 'fn' }), 'jsonp.customize');
Questions & Suggestions
Please open an issue here.
eggjs