Re: [Catalyst] JSONP support Catalyst::Controller::DBIC::API

Tue, 14 Mar 2017 09:49:15 -0700 

Looks like a code injection attack vector to me...

Patch + Tests for DBIC::API welcome!


On 2017-03-09 11:05, Rajesh Kumar Mallah wrote:




For the time being i have modified and solved my issue as below:

sub end : Private {
      my ( $self, $c ) = @_;

      ##
      # code for manipulating stash here
      ##

      $c->forward('serialize');

      my $cb = $c->request->params->{callback} ;

      if ($cb) {
      my $body = \$c->res->body;
      $$body = "$cb ($$body);";
      $c->res->body($$body);
      }

}


regds
mallah.



Hi ,

How to get JSON response body wrapped in a callback function
call (a.k.a JSONP) when using Catalyst::Controller::DBIC::API::REST

I use Catalyst::Controller::DBIC::API and 'end' function
in ControllerBase is like below:

sub end : Private {
     my ( $self, $c ) = @_;

     ##
      # code for manipulating stash here
     ##

     $c->forward('serialize');
}

=============================================
In   Catalyst/Controller/DBIC/API.pm

# from Catalyst::Action::Serialize
sub serialize : ActionClass('Serialize') { }

=============================================


My other JSON responses which are rendered via MyApp::View::JSON
can be modified as JSONP compatible as i have below in my App config

__PACKAGE__->config({
       'View::JSON' => {
           allow_callback  => 1,    # defaults to 0
       },
});


===============================================


The problem is only with automatically generated rest endpoints
from  Catalyst::Controller::DBIC::API.

Thanks in anticipation.


Regds
mallah.






















_______________________________________________
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
Dev site: http://dev.catalyst.perl.org/




*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*
T-Systems Austria GesmbH Rennweg 97-99, 1030 Wien
Handelsgericht Wien, FN 79340b
*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*
Notice: This e-mail contains information that is confidential and may be 
privileged.
If you are not the intended recipient, please notify the sender and then
delete this e-mail immediately.
*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*

_______________________________________________
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
Dev site: http://dev.catalyst.perl.org/

Reply via email to