新增 web.jsonp.enabled 参数,默认不开启
This commit is contained in:
thinkgem
@@ -215,12 +215,13 @@ public class ServletUtils {
|
|||||||
if (response != null){
|
if (response != null){
|
||||||
response.setContentType(MediaType.APPLICATION_JSON_UTF8_VALUE);
|
response.setContentType(MediaType.APPLICATION_JSON_UTF8_VALUE);
|
||||||
}
|
}
|
||||||
String functionName = request.getParameter("__callback");
|
if (ObjectUtils.toBoolean(PropertiesUtils.getInstance().getProperty("web.jsonp.enabled"))) {
|
||||||
if (StringUtils.isNotBlank(functionName)){
|
String functionName = request.getParameter("__callback");
|
||||||
return JsonMapper.toJsonp(functionName, resultMap);
|
if (StringUtils.isNotBlank(functionName)){
|
||||||
}else{
|
return JsonMapper.toJsonp(functionName, resultMap);
|
||||||
return JsonMapper.toJson(resultMap);
|
}
|
||||||
}
|
}
|
||||||
|
return JsonMapper.toJson(resultMap);
|
||||||
}
|
}
|
||||||
}else{
|
}else{
|
||||||
if (response != null){
|
if (response != null){
|
||||||
@@ -267,12 +268,13 @@ public class ServletUtils {
|
|||||||
.equalsIgnoreCase(request.getParameter("__ajax"), "xml")){
|
.equalsIgnoreCase(request.getParameter("__ajax"), "xml")){
|
||||||
return renderString(response, XmlMapper.toXml(object));
|
return renderString(response, XmlMapper.toXml(object));
|
||||||
}else{
|
}else{
|
||||||
String functionName = request.getParameter("__callback");
|
if (ObjectUtils.toBoolean(PropertiesUtils.getInstance().getProperty("web.jsonp.enabled"))) {
|
||||||
if (StringUtils.isNotBlank(functionName)){
|
String functionName = request.getParameter("__callback");
|
||||||
return renderString(response, JsonMapper.toJsonp(functionName, object));
|
if (StringUtils.isNotBlank(functionName)){
|
||||||
}else{
|
return renderString(response, JsonMapper.toJsonp(functionName, object));
|
||||||
return renderString(response, JsonMapper.toJson(object));
|
}
|
||||||
}
|
}
|
||||||
|
return renderString(response, JsonMapper.toJson(object));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -350,18 +350,18 @@ shiro:
|
|||||||
# 是否允许嵌入到外部网站iframe中(true:不限制,false:不允许)
|
# 是否允许嵌入到外部网站iframe中(true:不限制,false:不允许)
|
||||||
isAllowExternalSiteIframe: true
|
isAllowExternalSiteIframe: true
|
||||||
|
|
||||||
# 是否允许跨域访问,如果允许,设置允许的域名,全部域名设置*号,如果不允许,此设置应该为空
|
# 是否允许跨域访问 CORS,如果允许,设置允许的域名,全部域名设置*号,如果不允许,此设置应该为空
|
||||||
# accessControlAllowOrigin: http://demo.jeesite.com
|
# accessControlAllowOrigin: http://demo.jeesite.com
|
||||||
# accessControlAllowOrigin: '*'
|
# accessControlAllowOrigin: '*'
|
||||||
|
|
||||||
# 允许跨域访问时,可以使用的方法和响应头
|
# 允许跨域访问时 CORS,可以使用的方法和响应头
|
||||||
# accessControlAllowMethods: GET, POST, OPTIONS
|
# accessControlAllowMethods: GET, POST, OPTIONS
|
||||||
# accessControlAllowHeaders: Origin, No-Cache, X-Requested-With, If-Modified-Since, Pragma, Last-Modified, Cache-Control, Expires, Content-Type, X-E4M-With
|
# accessControlAllowHeaders: Origin, No-Cache, X-Requested-With, If-Modified-Since, Pragma, Last-Modified, Cache-Control, Expires, Content-Type, X-E4M-With
|
||||||
|
|
||||||
# 是否允许接收跨域的Cookie凭证数据
|
# 是否允许接收跨域的Cookie凭证数据 CORS
|
||||||
# accessControlAllowCredentials: true
|
# accessControlAllowCredentials: true
|
||||||
|
|
||||||
# 允许的网站来源地址,不设置为全部地址(避免一些跨站点请求伪造CSRF)
|
# 允许的网站来源地址,不设置为全部地址(避免一些跨站点请求伪造 CSRF)
|
||||||
# allowReferers: http://127.0.0.1,http://localhost
|
# allowReferers: http://127.0.0.1,http://localhost
|
||||||
# allowReferers: ~
|
# allowReferers: ~
|
||||||
|
|
||||||
@@ -506,6 +506,10 @@ web:
|
|||||||
id: '[a-zA-Z0-9_\-/#\u4e00-\u9fa5]{0,64}'
|
id: '[a-zA-Z0-9_\-/#\u4e00-\u9fa5]{0,64}'
|
||||||
user.loginCode: '[a-zA-Z0-9_\u4e00-\u9fa5]{4,20}'
|
user.loginCode: '[a-zA-Z0-9_\u4e00-\u9fa5]{4,20}'
|
||||||
|
|
||||||
|
# 默认不启用(为兼用旧版保留,建议使用 CORS)
|
||||||
|
jsonp:
|
||||||
|
enabled: false
|
||||||
|
|
||||||
# 核心模块的Web功能(仅作为微服务时设为false)
|
# 核心模块的Web功能(仅作为微服务时设为false)
|
||||||
core:
|
core:
|
||||||
enabled: true
|
enabled: true
|
||||||
|
|||||||
@@ -389,14 +389,18 @@ shiro:
|
|||||||
# # 是否允许嵌入到外部网站iframe中(true:不限制,false:不允许)
|
# # 是否允许嵌入到外部网站iframe中(true:不限制,false:不允许)
|
||||||
# isAllowExternalSiteIframe: true
|
# isAllowExternalSiteIframe: true
|
||||||
#
|
#
|
||||||
# # 是否允许跨域访问,如果允许,设置允许的域名,全部域名设置*号,如果不允许,此设置应该为空
|
# # 是否允许跨域访问 CORS,如果允许,设置允许的域名,全部域名设置*号,如果不允许,此设置应该为空
|
||||||
## accessControlAllowOrigin: http://demo.jeesite.com
|
## accessControlAllowOrigin: http://demo.jeesite.com
|
||||||
## accessControlAllowOrigin: '*'
|
## accessControlAllowOrigin: '*'
|
||||||
#
|
#
|
||||||
# # 是否允许接收跨域的Cookie凭证数据
|
# # 允许跨域访问时 CORS,可以使用的方法和响应头
|
||||||
|
# accessControlAllowMethods: GET, POST, OPTIONS
|
||||||
|
# accessControlAllowHeaders: Origin, No-Cache, X-Requested-With, If-Modified-Since, Pragma, Last-Modified, Cache-Control, Expires, Content-Type, X-E4M-With
|
||||||
|
#
|
||||||
|
# # 是否允许接收跨域的Cookie凭证数据 CORS
|
||||||
## accessControlAllowCredentials: true
|
## accessControlAllowCredentials: true
|
||||||
#
|
#
|
||||||
# # 允许的网站来源地址,不设置为全部地址(避免一些跨站点请求伪造CSRF)
|
# # 允许的网站来源地址,不设置为全部地址(避免一些跨站点请求伪造 CSRF)
|
||||||
# allowReferers: http://127.0.0.1,http://localhost
|
# allowReferers: http://127.0.0.1,http://localhost
|
||||||
# allowReferers: ~
|
# allowReferers: ~
|
||||||
#
|
#
|
||||||
|
|||||||
Reference in New Issue
Block a user