fix #2064 add api.jsonp.enabled

src/main/java/org/codelibs/fess/api/BaseJsonApiManager.java

@@ -81,7 +81,7 @@ public abstract class BaseJsonApiManager extends BaseApiManager {
 
     protected void writeJsonResponse(final int status, final String body) {
         final String callback = LaRequestUtil.getRequest().getParameter("callback");
-        final boolean isJsonp = StringUtil.isNotBlank(callback);
+        final boolean isJsonp = ComponentUtil.getFessConfig().isApiJsonpEnabled() && StringUtil.isNotBlank(callback);
 
         final StringBuilder buf = new StringBuilder(1000);
         if (isJsonp) {

src/main/java/org/codelibs/fess/mylasta/direction/FessConfig.java

@@ -220,6 +220,9 @@ public interface FessConfig extends FessEnv, org.codelibs.fess.mylasta.direction
     /** The key of the configuration. e.g. true */
     String API_CORS_ALLOW_CREDENTIALS = "api.cors.allow.credentials";
 
+    /** The key of the configuration. e.g. false */
+    String API_JSONP_ENABLED = "api.jsonp.enabled";
+
     /** The key of the configuration. e.g.  */
     String VIRTUAL_HOST_HEADERS = "virtual.host.headers";
 
@@ -1870,6 +1873,20 @@ public interface FessConfig extends FessEnv, org.codelibs.fess.mylasta.direction
      */
     boolean isApiCorsAllowCredentials();
 
+    /**
+     * Get the value for the key 'api.jsonp.enabled'. <br>
+     * The value is, e.g. false <br>
+     * @return The value of found property. (NotNull: if not found, exception but basically no way)
+     */
+    String getApiJsonpEnabled();
+
+    /**
+     * Is the property for the key 'api.jsonp.enabled' true? <br>
+     * The value is, e.g. false <br>
+     * @return The determination, true or false. (if not found, exception but basically no way)
+     */
+    boolean isApiJsonpEnabled();
+
     /**
      * Get the value for the key 'virtual.host.headers'. <br>
      * The value is, e.g.  <br>
@@ -6063,6 +6080,14 @@ public interface FessConfig extends FessEnv, org.codelibs.fess.mylasta.direction
             return is(FessConfig.API_CORS_ALLOW_CREDENTIALS);
         }
 
+        public String getApiJsonpEnabled() {
+            return get(FessConfig.API_JSONP_ENABLED);
+        }
+
+        public boolean isApiJsonpEnabled() {
+            return is(FessConfig.API_JSONP_ENABLED);
+        }
+
         public String getVirtualHostHeaders() {
             return get(FessConfig.VIRTUAL_HOST_HEADERS);
         }
@@ -8249,6 +8274,7 @@ public interface FessConfig extends FessEnv, org.codelibs.fess.mylasta.direction
             defaultMap.put(FessConfig.API_CORS_MAX_AGE, "3600");
             defaultMap.put(FessConfig.API_CORS_ALLOW_HEADERS, "Origin, Content-Type, Accept, Authorization");
             defaultMap.put(FessConfig.API_CORS_ALLOW_CREDENTIALS, "true");
+            defaultMap.put(FessConfig.API_JSONP_ENABLED, "false");
             defaultMap.put(FessConfig.VIRTUAL_HOST_HEADERS, "");
             defaultMap.put(FessConfig.HTTP_PROXY_HOST, "");
             defaultMap.put(FessConfig.HTTP_PROXY_PORT, "8080");

src/main/resources/fess_config.properties

@@ -147,6 +147,7 @@ api.cors.allow.methods=GET, POST, OPTIONS, DELETE, PUT
 api.cors.max.age=3600
 api.cors.allow.headers=Origin, Content-Type, Accept, Authorization
 api.cors.allow.credentials=true
+api.jsonp.enabled=false
 
 # Virtual Host: Host:fess.codelibs.org=fess
 virtual.host.headers=