diff --git a/src/main/java/org/codelibs/fess/api/BaseJsonApiManager.java b/src/main/java/org/codelibs/fess/api/BaseJsonApiManager.java
index 41004d0fe..56a649615 100644
--- a/src/main/java/org/codelibs/fess/api/BaseJsonApiManager.java
+++ b/src/main/java/org/codelibs/fess/api/BaseJsonApiManager.java
@@ -81,7 +81,7 @@ public abstract class BaseJsonApiManager extends BaseApiManager {
protected void writeJsonResponse(final int status, final String body) {
final String callback = LaRequestUtil.getRequest().getParameter("callback");
- final boolean isJsonp = StringUtil.isNotBlank(callback);
+ final boolean isJsonp = ComponentUtil.getFessConfig().isApiJsonpEnabled() && StringUtil.isNotBlank(callback);
final StringBuilder buf = new StringBuilder(1000);
if (isJsonp) {
diff --git a/src/main/java/org/codelibs/fess/mylasta/direction/FessConfig.java b/src/main/java/org/codelibs/fess/mylasta/direction/FessConfig.java
index 491e733af..e833e566b 100644
--- a/src/main/java/org/codelibs/fess/mylasta/direction/FessConfig.java
+++ b/src/main/java/org/codelibs/fess/mylasta/direction/FessConfig.java
@@ -220,6 +220,9 @@ public interface FessConfig extends FessEnv, org.codelibs.fess.mylasta.direction
/** The key of the configuration. e.g. true */
String API_CORS_ALLOW_CREDENTIALS = "api.cors.allow.credentials";
+ /** The key of the configuration. e.g. false */
+ String API_JSONP_ENABLED = "api.jsonp.enabled";
+
/** The key of the configuration. e.g. */
String VIRTUAL_HOST_HEADERS = "virtual.host.headers";
@@ -1870,6 +1873,20 @@ public interface FessConfig extends FessEnv, org.codelibs.fess.mylasta.direction
*/
boolean isApiCorsAllowCredentials();
+ /**
+ * Get the value for the key 'api.jsonp.enabled'.
+ * The value is, e.g. false
+ * @return The value of found property. (NotNull: if not found, exception but basically no way)
+ */
+ String getApiJsonpEnabled();
+
+ /**
+ * Is the property for the key 'api.jsonp.enabled' true?
+ * The value is, e.g. false
+ * @return The determination, true or false. (if not found, exception but basically no way)
+ */
+ boolean isApiJsonpEnabled();
+
/**
* Get the value for the key 'virtual.host.headers'.
* The value is, e.g.
@@ -6063,6 +6080,14 @@ public interface FessConfig extends FessEnv, org.codelibs.fess.mylasta.direction
return is(FessConfig.API_CORS_ALLOW_CREDENTIALS);
}
+ public String getApiJsonpEnabled() {
+ return get(FessConfig.API_JSONP_ENABLED);
+ }
+
+ public boolean isApiJsonpEnabled() {
+ return is(FessConfig.API_JSONP_ENABLED);
+ }
+
public String getVirtualHostHeaders() {
return get(FessConfig.VIRTUAL_HOST_HEADERS);
}
@@ -8249,6 +8274,7 @@ public interface FessConfig extends FessEnv, org.codelibs.fess.mylasta.direction
defaultMap.put(FessConfig.API_CORS_MAX_AGE, "3600");
defaultMap.put(FessConfig.API_CORS_ALLOW_HEADERS, "Origin, Content-Type, Accept, Authorization");
defaultMap.put(FessConfig.API_CORS_ALLOW_CREDENTIALS, "true");
+ defaultMap.put(FessConfig.API_JSONP_ENABLED, "false");
defaultMap.put(FessConfig.VIRTUAL_HOST_HEADERS, "");
defaultMap.put(FessConfig.HTTP_PROXY_HOST, "");
defaultMap.put(FessConfig.HTTP_PROXY_PORT, "8080");
diff --git a/src/main/resources/fess_config.properties b/src/main/resources/fess_config.properties
index 8721dd0cf..b78896319 100644
--- a/src/main/resources/fess_config.properties
+++ b/src/main/resources/fess_config.properties
@@ -147,6 +147,7 @@ api.cors.allow.methods=GET, POST, OPTIONS, DELETE, PUT
api.cors.max.age=3600
api.cors.allow.headers=Origin, Content-Type, Accept, Authorization
api.cors.allow.credentials=true
+api.jsonp.enabled=false
# Virtual Host: Host:fess.codelibs.org=fess
virtual.host.headers=