[Catalyst] JSONP support Catalyst::Controller::DBIC::API

Rajesh Kumar Mallah mallah at redgrape.tech
Thu Mar 16 17:07:37 GMT 2017 




Ok are you suggesting DBIC::API needs to be enhanced for
JSONP support ?


Regds
Mallah.

> Looks like a code injection attack vector to me...
>
> Patch + Tests for DBIC::API welcome!
>
>
> On 2017-03-09 11:05, Rajesh Kumar Mallah wrote:
>>
>>
>>
>> For the time being i have modified and solved my issue as below:
>>
>> sub end : Private {
>>       my ( $self, $c ) = @_;
>>
>>       ##
>>       # code for manipulating stash here
>>       ##
>>
>>       $c->forward('serialize');
>>
>>       my $cb = $c->request->params->{callback} ;
>>
>>       if ($cb) {
>>       my $body = \$c->res->body;
>>       $$body = "$cb ($$body);";
>>       $c->res->body($$body);
>>       }
>>
>> }
>>
>>
>> regds
>> mallah.
>>
>>
>>> Hi ,
>>>
>>> How to get JSON response body wrapped in a callback function
>>> call (a.k.a JSONP) when using Catalyst::Controller::DBIC::API::REST
>>>
>>> I use Catalyst::Controller::DBIC::API and 'end' function
>>> in ControllerBase is like below:
>>>
>>> sub end : Private {
>>>      my ( $self, $c ) = @_;
>>>
>>>      ##
>>>       # code for manipulating stash here
>>>      ##
>>>
>>>      $c->forward('serialize');
>>> }
>>>
>>> =============================================
>>> In   Catalyst/Controller/DBIC/API.pm
>>>
>>> # from Catalyst::Action::Serialize
>>> sub serialize : ActionClass('Serialize') { }
>>>
>>> =============================================
>>>
>>>
>>> My other JSON responses which are rendered via MyApp::View::JSON
>>> can be modified as JSONP compatible as i have below in my App config
>>>
>>> __PACKAGE__->config({
>>>        'View::JSON' => {
>>>            allow_callback  => 1,    # defaults to 0
>>>        },
>>> });
>>>
>>>
>>> ===============================================
>>>
>>>
>>> The problem is only with automatically generated rest endpoints
>>> from  Catalyst::Controller::DBIC::API.
>>>
>>> Thanks in anticipation.
>>>
>>>
>>> Regds
>>> mallah.
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>
>>
>>
>>
>> _______________________________________________
>> List: Catalyst at lists.scsys.co.uk
>> Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
>> Searchable archive:
>> http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
>> Dev site: http://dev.catalyst.perl.org/
>
>
>
>
 *"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*
> T-Systems Austria GesmbH Rennweg 97-99, 1030 Wien
> Handelsgericht Wien, FN 79340b
>
 *"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*
> Notice: This e-mail contains information that is confidential and may be
> privileged.
> If you are not the intended recipient, please notify the sender and then
> delete this e-mail immediately.
>
 *"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*
>
> _______________________________________________
> List: Catalyst at lists.scsys.co.uk
> Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
> Searchable archive:
> http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
> Dev site: http://dev.catalyst.perl.org/
>

More information about the Catalyst mailing list