fix #2064 add api.jsonp.enabled

2019-03-25 07:14:53 +09:00 · 2019-03-25 07:14:53 +09:00 · 79bd447c59
commit 79bd447c59
parent 34918bfadd
3 changed files with 28 additions and 1 deletions
--- a/src/main/java/org/codelibs/fess/api/BaseJsonApiManager.java
+++ b/src/main/java/org/codelibs/fess/api/BaseJsonApiManager.java
@ -81,7 +81,7 @@ public abstract class BaseJsonApiManager extends BaseApiManager {

    protected void writeJsonResponse(final int status, final String body) {
        final String callback = LaRequestUtil.getRequest().getParameter("callback");
-        final boolean isJsonp = StringUtil.isNotBlank(callback);
+        final boolean isJsonp = ComponentUtil.getFessConfig().isApiJsonpEnabled() && StringUtil.isNotBlank(callback);

        final StringBuilder buf = new StringBuilder(1000);
        if (isJsonp) {
--- a/src/main/java/org/codelibs/fess/mylasta/direction/FessConfig.java
+++ b/src/main/java/org/codelibs/fess/mylasta/direction/FessConfig.java
@ -220,6 +220,9 @@ public interface FessConfig extends FessEnv, org.codelibs.fess.mylasta.direction
    /** The key of the configuration. e.g. true */
    String API_CORS_ALLOW_CREDENTIALS = "api.cors.allow.credentials";

+    /** The key of the configuration. e.g. false */
+    String API_JSONP_ENABLED = "api.jsonp.enabled";
+
    /** The key of the configuration. e.g.  */
    String VIRTUAL_HOST_HEADERS = "virtual.host.headers";

@ -1870,6 +1873,20 @@ public interface FessConfig extends FessEnv, org.codelibs.fess.mylasta.direction
     */
    boolean isApiCorsAllowCredentials();

+    /**
+     * Get the value for the key 'api.jsonp.enabled'. <br>
+     * The value is, e.g. false <br>
+     * @return The value of found property. (NotNull: if not found, exception but basically no way)
+     */
+    String getApiJsonpEnabled();
+
+    /**
+     * Is the property for the key 'api.jsonp.enabled' true? <br>
+     * The value is, e.g. false <br>
+     * @return The determination, true or false. (if not found, exception but basically no way)
+     */
+    boolean isApiJsonpEnabled();
+
    /**
     * Get the value for the key 'virtual.host.headers'. <br>
     * The value is, e.g.  <br>
@ -6063,6 +6080,14 @@ public interface FessConfig extends FessEnv, org.codelibs.fess.mylasta.direction
            return is(FessConfig.API_CORS_ALLOW_CREDENTIALS);
        }

+        public String getApiJsonpEnabled() {
+            return get(FessConfig.API_JSONP_ENABLED);
+        }
+
+        public boolean isApiJsonpEnabled() {
+            return is(FessConfig.API_JSONP_ENABLED);
+        }
+
        public String getVirtualHostHeaders() {
            return get(FessConfig.VIRTUAL_HOST_HEADERS);
        }
@ -8249,6 +8274,7 @@ public interface FessConfig extends FessEnv, org.codelibs.fess.mylasta.direction
            defaultMap.put(FessConfig.API_CORS_MAX_AGE, "3600");
            defaultMap.put(FessConfig.API_CORS_ALLOW_HEADERS, "Origin, Content-Type, Accept, Authorization");
            defaultMap.put(FessConfig.API_CORS_ALLOW_CREDENTIALS, "true");
+            defaultMap.put(FessConfig.API_JSONP_ENABLED, "false");
            defaultMap.put(FessConfig.VIRTUAL_HOST_HEADERS, "");
            defaultMap.put(FessConfig.HTTP_PROXY_HOST, "");
            defaultMap.put(FessConfig.HTTP_PROXY_PORT, "8080");
--- a/src/main/resources/fess_config.properties
+++ b/src/main/resources/fess_config.properties
@ -147,6 +147,7 @@ api.cors.allow.methods=GET, POST, OPTIONS, DELETE, PUT
 api.cors.max.age=3600
 api.cors.allow.headers=Origin, Content-Type, Accept, Authorization
 api.cors.allow.credentials=true
+api.jsonp.enabled=false

 # Virtual Host: Host:fess.codelibs.org=fess
 virtual.host.headers=