Restrict JSONP Requests to Trusted URLs [Updated in Security Center 1.3]

  • Versão de lançamento: Australia
  • Atualizado 12 de mar. de 2026
  • 1 min. de leitura

    • Specify trusted URLs for the AngularJS $http service to allow or reject JSONP requests.

    Increase security on your instance by ensuring that only trusted URLs for the AngularJS $http service can allow/reject JSONP requests. JSONP requests are allowed to any URL if these properties are not configured and enabled.

    Use the value of the angular.jsonp.inclusion_list.urls system property to define a list of URLs that are trusted and allow for this purpose. Set the value of the angular.jsonp.inclusion_list.enabled system property to true to limit allowed JSONP to only the URLs listed in angular.jsonp.inclusion_list.urls.

    More information

    Attribute Description
    Configuration name angular.jsonp.inclusion_list.enabled
    Configuration type System Properties (/sys_properties_list.do)
    Data type Boolean
    Recommended value true
    Default value true
    Category Access control
    Security risk
    • Severity score: Medium
    • CVSS score: 5.4
    • Security risk details: Setting this property to false enables JSONP requests to any URL.
    Dependencies and prerequisites None