/egg-jsonp

jsonp support for egg, with security check inside

Primary LanguageJavaScriptMIT LicenseMIT

egg-jsonp

NPM version build status Test coverage David deps Known Vulnerabilities npm download

An egg plugin for jsonp support.

Install

$ npm i egg-jsonp --save

Usage

// {app_root}/config/plugin.js
exports.jsonp = {
  enable: true,
  package: 'egg-jsonp',
};

Configuration

  • {String|Array} callback - jsonp callback method key, default to [ '_callback', 'callback' ]
  • {Number} limit - callback method name's max length, default to 50
  • {Boolean} csrf - enable csrf check or not. default to false
  • {String|RegExp|Array} whiteList - referrer white list

if whiteList's type is RegExp, referrer must match whiteList, pay attention to the first ^ and last /.

exports.jsonp = {
  whiteList: /^https?:\/\/test.com\//,
}
// matchs referrer:
// https://test.com/hello
// http://test.com/

if whiteList's type is String and starts with .:

exports.jsonp = {
  whiteList: '.test.com',
};
// matchs domain test.com:
// https://test.com/hello
// http://test.com/

// matchs subdomain
// https://sub.test.com/hello
// http://sub.sub.test.com/

if whiteList's type is String and not starts with .:

exports.jsonp = {
  whiteList: 'sub.test.com',
};
// only matchs domain sub.test.com:
// https://sub.test.com/hello
// http://sub.test.com/

whiteList also can be an array:

exports.jsonp = {
  whiteList: [ '.foo.com', '.bar.com' ],
};

see config/config.default.js for more detail.

API

  • ctx.acceptJSONP - detect if response should be jsonp, readonly

Example

In app/router.js

// Create once and use in any router you want to support jsonp.
const jsonp = app.jsonp();
app.get('/default', jsonp, 'jsonp.index');
app.get('/another', jsonp, 'jsonp.another');

// Customize by create another jsonp middleware with specific sonfigurations.
app.get('/customize', app.jsonp({ callback: 'fn' }), 'jsonp.customize');

Questions & Suggestions

Please open an issue here.

License

MIT