Package detail

egg-jsonp

eggjs96.3kMIT2.0.0

jsonp support for egg

egg, egg-plugin, jsonp, security

readme

egg-jsonp

NPM version build status Test coverage David deps Known Vulnerabilities npm download

An egg plugin for jsonp support.

Install

$ npm i egg-jsonp --save

Usage

// {app_root}/config/plugin.js
exports.jsonp = {
  enable: true,
  package: 'egg-jsonp',
};

Configuration

  • {String|Array} callback - jsonp callback method key, default to [ '_callback', 'callback' ]
  • {Number} limit - callback method name's max length, default to 50
  • {Boolean} csrf - enable csrf check or not. default to false
  • {String|RegExp|Array} whiteList - referrer white list

if whiteList's type is RegExp, referrer must match whiteList, pay attention to the first ^ and last /.

exports.jsonp = {
  whiteList: /^https?:\/\/test.com\//,
}
// matchs referrer:
// https://test.com/hello
// http://test.com/

if whiteList's type is String and starts with .:

exports.jsonp = {
  whiteList: '.test.com',
};
// matchs domain test.com:
// https://test.com/hello
// http://test.com/

// matchs subdomain
// https://sub.test.com/hello
// http://sub.sub.test.com/

if whiteList's type is String and not starts with .:

exports.jsonp = {
  whiteList: 'sub.test.com',
};
// only matchs domain sub.test.com:
// https://sub.test.com/hello
// http://sub.test.com/

whiteList also can be an array:

exports.jsonp = {
  whiteList: [ '.foo.com', '.bar.com' ],
};

see config/config.default.js for more detail.

API

  • ctx.acceptJSONP - detect if response should be jsonp, readonly

Example

In app/router.js

// Create once and use in any router you want to support jsonp.
const jsonp = app.jsonp();
app.get('/default', jsonp, 'jsonp.index');
app.get('/another', jsonp, 'jsonp.another');

// Customize by create another jsonp middleware with specific sonfigurations.
app.get('/customize', app.jsonp({ callback: 'fn' }), 'jsonp.customize');

Questions & Suggestions

Please open an issue here.

License

MIT

changelog

2.0.0 / 2017-11-11

others

1.2.2 / 2017-11-10

fixes

others

1.2.1 / 2017-10-11

fixes

1.2.0 / 2017-10-11

features

1.1.2 / 2017-07-21

  • fix: should not throw when referrer illegal (#5)

1.1.1 / 2017-06-04

  • docs: fix License url (#4)

1.1.0 / 2017-06-01

  • test: test on node 8
  • feat: support _callback and callback

1.0.0 / 2017-01-23

  • fix: refine jsonp (#1)
  • feat: init jsonp