You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
While the JSONP feature does not effect any hapi usage where it is not enabled, it does add a bit of unnecessary maintenance burden and complicates the API. Given that no new projects should ever use this feature, and all use cases can be handled using the built-in CORS support, I say that this is a good candidate for removal in a future breaking release. Any project that still somehow requires it, should be able to handle manually or using a plugin.
The text was updated successfully, but these errors were encountered:
Support plan
Context
What problem are you trying to solve?
Simpler, more secure hapi.
Do you have a new or modified API suggestion to solve the problem?
Remove built-in JSONP support. See https://dev.to/benregenspan/the-state-of-jsonp-and-jsonp-vulnerabilities-in-2021-52ep for some recent insights.
While the JSONP feature does not effect any hapi usage where it is not enabled, it does add a bit of unnecessary maintenance burden and complicates the API. Given that no new projects should ever use this feature, and all use cases can be handled using the built-in CORS support, I say that this is a good candidate for removal in a future breaking release. Any project that still somehow requires it, should be able to handle manually or using a plugin.
The text was updated successfully, but these errors were encountered: