On Mon, Nov 4, 2013 at 4:34 AM, Ben Caradoc-Davies <
[email protected]> wrote:
> Why is JSONP disabled by default?
>
> Security/CSRF concerns? As JSONP is an outputformat, I do not see how
> enabling it provides any greater risk of CSRF than JSON output. Perhaps
> someone more familiar could shed some light.
>
Ben,
if you search in the archives I believe there was a discussion between
Carlo and
Tim about it
Cheers
Andrea
--
==
Our support, Your Success! Visit http://opensdi.geo-solutions.it for more
information.
==
Ing. Andrea Aime
@geowolf
Technical Lead
GeoSolutions S.A.S.
Via Poggio alle Viti 1187
55054 Massarosa (LU)
Italy
phone: +39 0584 962313
fax: +39 0584 1660272
mob: +39 339 8844549
http://www.geo-solutions.it
http://twitter.com/geosolutions_it
-------------------------------------------------------
------------------------------------------------------------------------------
Android is increasing in popularity, but the open development platform that
developers love is also attractive to malware creators. Download this white
paper to learn more about secure code signing practices that can help keep
Android apps secure.
http://pubads.g.doubleclick.net/gampad/clk?id=65839951&iu=/4140/ostg.clktrk
_______________________________________________
Geoserver-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/geoserver-devel
