Restrict JSONP requests to trusted URLs [Updated in Security Center 1.3]

Yokohama Platform security

Release

yokohama

ft:locale

en-US

ft:publication_title

Yokohama Platform security

ft:clusterId

psec

bundleId

psec

workflow

Platform

Restrict JSONP requests to trusted URLs [Updated in Security Center 1.3]

Release version: Yokohama

Updated January 30, 2025

1 minute to read

Specify trusted URLs for the AngularJS $http service to allow or reject JSONP requests.

The angular.jsonp.inclusion_list.enabled property specifies trusted URLs for the angularJS $http service to allow and or reject JSONP requests. This property is necessary because this is a potentially breaking change for customers, so they need a way to add their trusted URLs. If this property is not set to the recommended value of true, then JSONP requests are allowed to any URL.

More information


Attribute	Description
Configuration name	angular.jsonp.inclusion_list.enabled
Configuration type	System Properties (/sys_properties_list.do)
Data type	boolean
Recommended value	true
Default value	true
Category	Access control
Security risk	Severity score: Medium CVSS score: 5.4 Security risk details: Setting this property to false enables JSONP requests to any URL.
Dependencies and prerequisites	None