forked from JoyChou93/java-sec-code
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathJSONP.java
More file actions
50 lines (39 loc) · 1.52 KB
/
JSONP.java
File metadata and controls
50 lines (39 loc) · 1.52 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
package org.joychou.controller;
import org.joychou.utils.Security;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.*;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
/**
* @author JoyChou
* @date 2018年10月24日
*/
@Controller
@RequestMapping("/jsonp")
public class JSONP {
protected static String info = "{\"name\": \"JoyChou\", \"phone\": \"18200001111\"}";
protected static String[] urlwhitelist = {"joychou.com", "joychou.me"};
// http://localhost:8080/jsonp/referer?callback=test
@RequestMapping("/referer")
@ResponseBody
private static String referer(HttpServletRequest request, HttpServletResponse response) {
// JSONP的跨域设置
response.setHeader("Access-Control-Allow-Origin", "*");
String callback = request.getParameter("callback");
return callback + "(" + info + ")";
}
// http://localhost:8080/jsonp/sec?callback=test
@RequestMapping("/sec")
@ResponseBody
private static String sec(HttpServletRequest request, HttpServletResponse response) {
// JSONP的跨域设置
response.setHeader("Access-Control-Allow-Origin", "*");
String referer = request.getHeader("referer");
Security sec = new Security();
if (!sec.checkSafeUrl(referer, urlwhitelist)) {
return "Referer is not safe.";
}
String callback = request.getParameter("callback");
return callback + "(" + info + ")";
}
}