summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJohn Christopher Anderson <jchris@apache.org>2010-05-19 21:14:28 +0000
committerJohn Christopher Anderson <jchris@apache.org>2010-05-19 21:14:28 +0000
commitea00c0491ce7b8642979bd5195aa4851a63eae25 (patch)
tree23b56179b4cc9c3354268a838cd2737513a4f3a5
parent98e34f7e65d344e846b04eaea73d841f9da9cd9c (diff)
jsonp callbacks are ignored unless jsonp is configured to true
git-svn-id: https://svn.apache.org/repos/asf/couchdb/trunk@946400 13f79535-47bb-0310-9956-ffa450edef68
-rw-r--r--etc/couchdb/default.ini.tpl.in1
-rw-r--r--share/www/script/test/changes.js18
-rw-r--r--share/www/script/test/jsonp.js67
-rw-r--r--src/couchdb/couch_httpd.erl14
4 files changed, 65 insertions, 35 deletions
diff --git a/etc/couchdb/default.ini.tpl.in b/etc/couchdb/default.ini.tpl.in
index 0222839a..453418bb 100644
--- a/etc/couchdb/default.ini.tpl.in
+++ b/etc/couchdb/default.ini.tpl.in
@@ -24,6 +24,7 @@ vhost_global_handlers = _utils
_session
_oauth
_users
+jsonp = false
[log]
file = %localstatelogdir%/couch.log
diff --git a/share/www/script/test/changes.js b/share/www/script/test/changes.js
index 4f77771c..6a8802b9 100644
--- a/share/www/script/test/changes.js
+++ b/share/www/script/test/changes.js
@@ -39,12 +39,18 @@ couchTests.changes = function(debug) {
T(resp.results[0].changes[0].rev == docFoo._rev)
// test with callback
- var xhr = CouchDB.request("GET", "/test_suite_db/_changes?callback=jsonp");
- T(xhr.status == 200);
- jsonp_flag = 0;
- eval(xhr.responseText);
- T(jsonp_flag == 1);
-
+
+ run_on_modified_server(
+ [{section: "httpd",
+ key: "jsonp",
+ value: "true"}],
+ function() {
+ var xhr = CouchDB.request("GET", "/test_suite_db/_changes?callback=jsonp");
+ T(xhr.status == 200);
+ jsonp_flag = 0;
+ eval(xhr.responseText);
+ T(jsonp_flag == 1);
+ });
req = CouchDB.request("GET", "/test_suite_db/_changes?feed=continuous&timeout=10");
var lines = req.responseText.split("\n");
diff --git a/share/www/script/test/jsonp.js b/share/www/script/test/jsonp.js
index dfd6a0df..02349c93 100644
--- a/share/www/script/test/jsonp.js
+++ b/share/www/script/test/jsonp.js
@@ -32,38 +32,51 @@ couchTests.jsonp = function(debug) {
db.deleteDb();
db.createDb();
if (debug) debugger;
-
+
var doc = {_id:"0",a:0,b:0};
T(db.save(doc).ok);
+
+ // callback param is ignored unless jsonp is configured
+ var xhr = CouchDB.request("GET", "/test_suite_db/0?callback=jsonp_not_configured");
+ JSON.parse(xhr.responseText);
- // Test unchunked callbacks.
- var xhr = CouchDB.request("GET", "/test_suite_db/0?callback=jsonp_no_chunk");
- T(xhr.status == 200);
- jsonp_flag = 0;
- eval(xhr.responseText);
- T(jsonp_flag == 1);
- xhr = CouchDB.request("GET", "/test_suite_db/0?callback=foo\"");
- T(xhr.status == 400);
+ run_on_modified_server(
+ [{section: "httpd",
+ key: "jsonp",
+ value: "true"}],
+ function() {
- // Test chunked responses
- var doc = {_id:"1",a:1,b:1};
- T(db.save(doc).ok);
+ // Test unchunked callbacks.
+ var xhr = CouchDB.request("GET", "/test_suite_db/0?callback=jsonp_no_chunk");
+ T(xhr.status == 200);
+ jsonp_flag = 0;
+ eval(xhr.responseText);
+ T(jsonp_flag == 1);
+ xhr = CouchDB.request("GET", "/test_suite_db/0?callback=foo\"");
+ T(xhr.status == 400);
+
+ // Test chunked responses
+ var doc = {_id:"1",a:1,b:1};
+ T(db.save(doc).ok);
- var designDoc = {
- _id:"_design/test",
- language: "javascript",
- views: {
- all_docs: {map: "function(doc) {if(doc.a) emit(null, doc.a);}"}
+ var designDoc = {
+ _id:"_design/test",
+ language: "javascript",
+ views: {
+ all_docs: {map: "function(doc) {if(doc.a) emit(null, doc.a);}"}
+ }
}
- }
- T(db.save(designDoc).ok);
+ T(db.save(designDoc).ok);
+
+ var url = "/test_suite_db/_design/test/_view/all_docs?callback=jsonp_chunk";
+ xhr = CouchDB.request("GET", url);
+ T(xhr.status == 200);
+ jsonp_flag = 0;
+ eval(xhr.responseText);
+ T(jsonp_flag == 1);
+ xhr = CouchDB.request("GET", url + "\'");
+ T(xhr.status == 400);
+ });
+
- var url = "/test_suite_db/_design/test/_view/all_docs?callback=jsonp_chunk";
- xhr = CouchDB.request("GET", url);
- T(xhr.status == 200);
- jsonp_flag = 0;
- eval(xhr.responseText);
- T(jsonp_flag == 1);
- xhr = CouchDB.request("GET", url + "\'");
- T(xhr.status == 400);
};
diff --git a/src/couchdb/couch_httpd.erl b/src/couchdb/couch_httpd.erl
index 00bfc196..15b3de1a 100644
--- a/src/couchdb/couch_httpd.erl
+++ b/src/couchdb/couch_httpd.erl
@@ -593,8 +593,18 @@ start_jsonp(Req) ->
[] -> [];
CallBack ->
try
- validate_callback(CallBack),
- CallBack ++ "("
+ % make sure jsonp is configured on (default off)
+ case couch_config:get("httpd", "jsonp", "false") of
+ "true" ->
+ validate_callback(CallBack),
+ CallBack ++ "(";
+ _Else ->
+ % this could throw an error message, but instead we just ignore the
+ % jsonp parameter
+ % throw({bad_request, <<"JSONP must be configured before using.">>})
+ put(jsonp, no_jsonp),
+ []
+ end
catch
Error ->
put(jsonp, no_jsonp),