[SPR-10627] Configurable JSON prefix on MappingJackson2HttpMessageConverter and MappingJacksonHttpMessageConverter Created: 04/Jun/13  Updated: 15/Jan/19  Resolved: 19/Jul/13

Status: Closed
Project: Spring Framework
Component/s: Web
Affects Version/s: 3.2.3
Fix Version/s: 3.2.4, 4.0 M2

Type: New Feature Priority: Minor
Reporter: Halvard Skogsrud Assignee: Rossen Stoyanchev
Resolution: Complete Votes: 1
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
is related to SPR-10817 MappingJackson2HttpMessageConverter a... Closed
Days since last comment: 1 year, 25 weeks, 3 days ago
Last commented by a User: true
Last updater: Spring Issuemaster


Spring MVC currently prevents JSON hijacking by prefixing the response with "{} &&" if the prefixJSON bean property is set.

This has been made configurable in MappingJackson(2)JsonView (see SPR-10567), but not in MappingJackson(2)HttpMessageConverter.

Could we implement the same change in the message converters?

Comment by Halvard Skogsrud [ 24/Jul/13 ]

Thanks for doing this, much appreciated!

Comment by Maxime Falaize [ 10/Aug/13 ]

It is not resolved in the 3.2.4.RELEASE. You forgot to use the jsonPrefix variable in the writeRaw function !!

Comment by Maxime Falaize [ 10/Aug/13 ]

Sorry, I just saw that it was resolved 2 days ago for the next 3.2.5 release.
However I still cannot use the )]}',\n for AngularJS (http://docs.angularjs.org/api/ng.$http) because the \n is interpreted as a String.
A workaround is to create my own class inherited from the spring MappingJacksonHttpMessageConverter and to override the setJsonPrefix to unescape Java specials characters but can you add this functionality to the spring converter please ?

Comment by Rossen Stoyanchev [ 11/Aug/13 ]

See separate ticket created for 3.2.5 (SPR-10817).

Comment by Spring Issuemaster [ 14/Jan/19 ]

The Spring Framework has migrated to GitHub Issues. This issue corresponds to spring-projects/spring-framework#15255.

Generated at Fri Jul 10 05:11:40 UTC 2020 using Jira 8.5.4#805004-sha1:0444eab799707f9ad7b248d69f858774aadfd250.