NodeJS - Disable JSONP on specific routes
Problem
I'm using Express. How do I disable JSONP
for specific routes?
Problem courtesy of: CamelCamelCamel
Solution
Looking at res.json()
, it appears there's no explicit setting to disable JSONP per-route – it only checks the global app setting jsonp callback
.
You could simply clear the value of req.query.callback
before calling res.json()
in any route you don't want to work via JSONP. As a middleware function:
function noJSONP(req, res, next) {
delete req.query.callback;
next();
}
Now you can just do this:
app.get('/something/sensitive', noJSONP, function(req, res) {
// ...
});
Solution courtesy of: josh3736
Discussion
View additional discussion.