API: drop JSONP support

Mostly so we don't need to implement JSONP identifier sanitization
and we already support CORS here.

diff --git a/docs/markdown/httpapi/api_spec.md b/docs/markdown/httpapi/api_spec.md
index 1f93b06a51cad468e50c089ee07019ef60d195cc..2d2dedab476d64db33f1659eeb9362f0ed15af7b 100644 (file)
--- a/docs/markdown/httpapi/api_spec.md
+++ b/docs/markdown/httpapi/api_spec.md
@@ -16,10 +16,7 @@ Data format
 
 Input data format: JSON.
 
-Output data formats: JSON, JSONP
-
-All GET requests support appending a `_callback` URL parameter, which, if
-present, will turn the response into a JSONP response.
+Output data formats: JSON.
 
 The `Accept:` header determines the output format. An unknown value or
 `*/*` will cause a `400 Bad Request`.

diff --git a/pdns/webserver.cc b/pdns/webserver.cc
index 8223b50f1ad3777647c7f180e953c4d0d36c07e6..4776203fb456b4fb304217867dd101e25b873f18 100644 (file)
--- a/pdns/webserver.cc
+++ b/pdns/webserver.cc
@@ -155,13 +155,6 @@ static void apiWrapper(WebServer::HandlerFunction handler, HttpRequest* req, Htt
   resp->headers["X-XSS-Protection"] = "1; mode=block";
   resp->headers["Content-Security-Policy"] = "default-src 'self'; style-src 'self' 'unsafe-inline'";
 
-  string callback;
-
-  if(req->getvars.count("callback")) {
-    callback=req->getvars["callback"];
-    req->getvars.erase("callback");
-  }
-
   req->getvars.erase("_"); // jQuery cache buster
 
   try {
@@ -179,10 +172,6 @@ static void apiWrapper(WebServer::HandlerFunction handler, HttpRequest* req, Htt
     // No Content -> no Content-Type.
     resp->headers.erase("Content-Type");
   }
-
-  if(!callback.empty()) {
-    resp->body = callback + "(" + resp->body + ");";
-  }
 }
 
 void WebServer::registerApiHandler(const string& url, HandlerFunction handler) {