[Catalyst] JSONP support Catalyst::Controller::DBIC::API

Hartmaier Alexander alexander.hartmaier at t-systems.at
Tue Mar 14 16:48:41 GMT 2017 

Looks like a code injection attack vector to me...

Patch + Tests for DBIC::API welcome!


On 2017-03-09 11:05, Rajesh Kumar Mallah wrote:
>
>
>
> For the time being i have modified and solved my issue as below:
>
> sub end : Private {
>       my ( $self, $c ) = @_;
>
>       ##
>       # code for manipulating stash here
>       ##
>
>       $c->forward('serialize');
>
>       my $cb = $c->request->params->{callback} ;
>
>       if ($cb) {
>       my $body = \$c->res->body;
>       $$body = "$cb ($$body);";
>       $c->res->body($$body);
>       }
>
> }
>
>
> regds
> mallah.
>
>
>> Hi ,
>>
>> How to get JSON response body wrapped in a callback function
>> call (a.k.a JSONP) when using Catalyst::Controller::DBIC::API::REST
>>
>> I use Catalyst::Controller::DBIC::API and 'end' function
>> in ControllerBase is like below:
>>
>> sub end : Private {
>>      my ( $self, $c ) = @_;
>>
>>      ##
>>       # code for manipulating stash here
>>      ##
>>
>>      $c->forward('serialize');
>> }
>>
>> =============================================
>> In   Catalyst/Controller/DBIC/API.pm
>>
>> # from Catalyst::Action::Serialize
>> sub serialize : ActionClass('Serialize') { }
>>
>> =============================================
>>
>>
>> My other JSON responses which are rendered via MyApp::View::JSON
>> can be modified as JSONP compatible as i have below in my App config
>>
>> __PACKAGE__->config({
>>        'View::JSON' => {
>>            allow_callback  => 1,    # defaults to 0
>>        },
>> });
>>
>>
>> ===============================================
>>
>>
>> The problem is only with automatically generated rest endpoints
>> from  Catalyst::Controller::DBIC::API.
>>
>> Thanks in anticipation.
>>
>>
>> Regds
>> mallah.
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>
>
>
>
> _______________________________________________
> List: Catalyst at lists.scsys.co.uk
> Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
> Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
> Dev site: http://dev.catalyst.perl.org/



*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*
T-Systems Austria GesmbH Rennweg 97-99, 1030 Wien
Handelsgericht Wien, FN 79340b
*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*
Notice: This e-mail contains information that is confidential and may be privileged.
If you are not the intended recipient, please notify the sender and then
delete this e-mail immediately.
*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*

More information about the Catalyst mailing list