diff --git a/src/main/java/org/codelibs/fess/api/BaseJsonApiManager.java b/src/main/java/org/codelibs/fess/api/BaseJsonApiManager.java
index 41004d0fe052b38ea52f7c85683a03db7868c262..56a649615e6f9a73c9b8048e025a2730c2327156 100644
--- a/src/main/java/org/codelibs/fess/api/BaseJsonApiManager.java
+++ b/src/main/java/org/codelibs/fess/api/BaseJsonApiManager.java
@@ -81,7 +81,7 @@ public abstract class BaseJsonApiManager extends BaseApiManager {
protected void writeJsonResponse(final int status, final String body) {
final String callback = LaRequestUtil.getRequest().getParameter("callback");
- final boolean isJsonp = StringUtil.isNotBlank(callback);
+ final boolean isJsonp = ComponentUtil.getFessConfig().isApiJsonpEnabled() && StringUtil.isNotBlank(callback);
final StringBuilder buf = new StringBuilder(1000);
if (isJsonp) {
diff --git a/src/main/java/org/codelibs/fess/mylasta/direction/FessConfig.java b/src/main/java/org/codelibs/fess/mylasta/direction/FessConfig.java
index 491e733af4adf83c270b74f6f02ac71b4d2f0938..e833e566b76dd73ca07bacb4e7d3857cf5054b72 100644
--- a/src/main/java/org/codelibs/fess/mylasta/direction/FessConfig.java
+++ b/src/main/java/org/codelibs/fess/mylasta/direction/FessConfig.java
@@ -220,6 +220,9 @@ public interface FessConfig extends FessEnv, org.codelibs.fess.mylasta.direction
/** The key of the configuration. e.g. true */
String API_CORS_ALLOW_CREDENTIALS = "api.cors.allow.credentials";
+ /** The key of the configuration. e.g. false */
+ String API_JSONP_ENABLED = "api.jsonp.enabled";
+
/** The key of the configuration. e.g. */
String VIRTUAL_HOST_HEADERS = "virtual.host.headers";
@@ -1870,6 +1873,20 @@ public interface FessConfig extends FessEnv, org.codelibs.fess.mylasta.direction
*/
boolean isApiCorsAllowCredentials();
+ /**
+ * Get the value for the key 'api.jsonp.enabled'. <br>
+ * The value is, e.g. false <br>
+ * @return The value of found property. (NotNull: if not found, exception but basically no way)
+ */
+ String getApiJsonpEnabled();
+
+ /**
+ * Is the property for the key 'api.jsonp.enabled' true? <br>
+ * The value is, e.g. false <br>
+ * @return The determination, true or false. (if not found, exception but basically no way)
+ */
+ boolean isApiJsonpEnabled();
+
/**
* Get the value for the key 'virtual.host.headers'. <br>
* The value is, e.g. <br>
@@ -6063,6 +6080,14 @@ public interface FessConfig extends FessEnv, org.codelibs.fess.mylasta.direction
return is(FessConfig.API_CORS_ALLOW_CREDENTIALS);
}
+ public String getApiJsonpEnabled() {
+ return get(FessConfig.API_JSONP_ENABLED);
+ }
+
+ public boolean isApiJsonpEnabled() {
+ return is(FessConfig.API_JSONP_ENABLED);
+ }
+
public String getVirtualHostHeaders() {
return get(FessConfig.VIRTUAL_HOST_HEADERS);
}
@@ -8249,6 +8274,7 @@ public interface FessConfig extends FessEnv, org.codelibs.fess.mylasta.direction
defaultMap.put(FessConfig.API_CORS_MAX_AGE, "3600");
defaultMap.put(FessConfig.API_CORS_ALLOW_HEADERS, "Origin, Content-Type, Accept, Authorization");
defaultMap.put(FessConfig.API_CORS_ALLOW_CREDENTIALS, "true");
+ defaultMap.put(FessConfig.API_JSONP_ENABLED, "false");
defaultMap.put(FessConfig.VIRTUAL_HOST_HEADERS, "");
defaultMap.put(FessConfig.HTTP_PROXY_HOST, "");
defaultMap.put(FessConfig.HTTP_PROXY_PORT, "8080");
diff --git a/src/main/resources/fess_config.properties b/src/main/resources/fess_config.properties
index 8721dd0cffeea654308d45ef17d5e5e90ef67c97..b7889631967618eb24bdeb4ae42f7b417f62c288 100644
--- a/src/main/resources/fess_config.properties
+++ b/src/main/resources/fess_config.properties
@@ -147,6 +147,7 @@ api.cors.allow.methods=GET, POST, OPTIONS, DELETE, PUT
api.cors.max.age=3600
api.cors.allow.headers=Origin, Content-Type, Accept, Authorization
api.cors.allow.credentials=true
+api.jsonp.enabled=false
# Virtual Host: Host:fess.codelibs.org=fess
virtual.host.headers=