diff options
| author | Mathias Stearn <mathias@10gen.com> | 2010-08-25 15:25:54 -0400 |
|---|---|---|
| committer | Mathias Stearn <mathias@10gen.com> | 2010-08-25 15:26:20 -0400 |
| commit | 259dc007d7a97410fd7ccc85d1ef70f4f806024d (patch) | |
| tree | c6ce43c9d3510c4ae32e24ae3cd751d4d82610c8 /db/dbwebserver.cpp | |
| parent | 6c71ce88ffe42e1c44d175a2cb3705632c81f7e6 (diff) | |
| download | mongo-259dc007d7a97410fd7ccc85d1ef70f4f806024d.tar.gz | |
Disable JSONP by default due to security implications
Diffstat (limited to 'db/dbwebserver.cpp')
| -rw-r--r-- | db/dbwebserver.cpp | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/db/dbwebserver.cpp b/db/dbwebserver.cpp index 4051b7d83c5..8534d52c75c 100644 --- a/db/dbwebserver.cpp +++ b/db/dbwebserver.cpp @@ -168,9 +168,11 @@ namespace mongo { if ( handler->requiresREST( url ) && ! cmdLine.rest ){ _rejectREST( responseMsg , responseCode , headers ); }else{ + string callback = params.getStringField("jsonp"); + uassert(13453, "server not started with --jsonp", callback.empty() || cmdLine.jsonp); + handler->handle( rq , url , params , responseMsg , responseCode , headers , from ); - string callback = params.getStringField("jsonp"); if (responseCode == 200 && !callback.empty()){ responseMsg = callback + '(' + responseMsg + ')'; } |