From: Christian Hofstaedtler <christian.hofstaedtler@deduktiva.com>
Date: Thu, 14 Jan 2016 10:59:21 +0000 (+0100)
Subject: API: drop JSONP support
X-Git-Tag: auth-4.0.0-alpha2~4^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2949383564c2458839fbf3677acb55267e0ae104;p=thirdparty%2Fpdns.git

API: drop JSONP support

Mostly so we don't need to implement JSONP identifier sanitization
and we already support CORS here.
---

diff --git a/docs/markdown/httpapi/api_spec.md b/docs/markdown/httpapi/api_spec.md
index 1f93b06a51..2d2dedab47 100644
--- a/docs/markdown/httpapi/api_spec.md
+++ b/docs/markdown/httpapi/api_spec.md
@@ -16,10 +16,7 @@ Data format
 
 Input data format: JSON.
 
-Output data formats: JSON, JSONP
-
-All GET requests support appending a `_callback` URL parameter, which, if
-present, will turn the response into a JSONP response.
+Output data formats: JSON.
 
 The `Accept:` header determines the output format. An unknown value or
 `*/*` will cause a `400 Bad Request`.
diff --git a/pdns/webserver.cc b/pdns/webserver.cc
index 8223b50f1a..4776203fb4 100644
--- a/pdns/webserver.cc
+++ b/pdns/webserver.cc
@@ -155,13 +155,6 @@ static void apiWrapper(WebServer::HandlerFunction handler, HttpRequest* req, Htt
   resp->headers["X-XSS-Protection"] = "1; mode=block";
   resp->headers["Content-Security-Policy"] = "default-src 'self'; style-src 'self' 'unsafe-inline'";
 
-  string callback;
-
-  if(req->getvars.count("callback")) {
-    callback=req->getvars["callback"];
-    req->getvars.erase("callback");
-  }
-
   req->getvars.erase("_"); // jQuery cache buster
 
   try {
@@ -179,10 +172,6 @@ static void apiWrapper(WebServer::HandlerFunction handler, HttpRequest* req, Htt
     // No Content -> no Content-Type.
     resp->headers.erase("Content-Type");
   }
-
-  if(!callback.empty()) {
-    resp->body = callback + "(" + resp->body + ");";
-  }
 }
 
 void WebServer::registerApiHandler(const string& url, HandlerFunction handler) {