JSON with Padding (JSONP) - Alfresco Content Services - 23.4 - 23.4 - Ready - Alfresco - external

Alfresco Content Services

Platform
Alfresco
Product
Alfresco Content Services
Release
23.4
License

The allow.unsecure.callback.jsonp property controls if the JSONP feature is supported or not, it is false by default. If set to true, then the callback query parameter on a ReST call will be accepted. This parameter is used by JSONP to encapsulate a JSON response with a javascript function.

Note: If JSONP is enabled by setting the allow.unsecure.callback.jsonp to true, then this can lead to a security issue.

The following table explains how the ReST API behaves depending on the setting of this property:

property value callback parameter result
false existing HTTP 403 with an error message, operation cancelled
false non existing operation executed as usual
true existing operation executed as usual
true non existing operation executed as usual

The allow.unsecure.callback.jsonp property is set in the alfresco-global.properties configuration file.