Verified Commit 12b4269b authored by Kevin Morris's avatar Kevin Morris
Browse files

feat(rpc): support jsonp callbacks

This change introduces alternate rendering of text/javascript
JSONP-compatible callback content. The `examples/jsonp.html`
HTML document can be used to test this functionality against
a running aurweb server.

Signed-off-by: Kevin Morris's avatarKevin Morris <>
parent 05e6cfca
Pipeline #12745 waiting for manual action with stages
in 8 minutes and 34 seconds
......@@ -67,7 +67,8 @@ async def rpc(request: Request,
type: Optional[str] = Query(default=None),
by: Optional[str] = Query(default=defaults.RPC_SEARCH_BY),
arg: Optional[str] = Query(default=None),
args: Optional[List[str]] = Query(default=[], alias="arg[]")):
args: Optional[List[str]] = Query(default=[], alias="arg[]"),
callback: Optional[str] = Query(default=None)):
# Create a handle to our RPC class.
rpc = RPC(version=v, type=type)
......@@ -84,17 +85,28 @@ async def rpc(request: Request,
# Serialize `data` into JSON in a sorted fashion. This way, our
# ETag header produced below will never end up changed.
output = orjson.dumps(data, option=orjson.OPT_SORT_KEYS)
content = orjson.dumps(data, option=orjson.OPT_SORT_KEYS)
# Produce an md5 hash based on `output`.
md5 = hashlib.md5()
etag = md5.hexdigest()
# Finally, return our JSONResponse with the ETag header.
# If `callback` was provided, produce a text/javascript response
# valid for the jsonp callback. Otherwise, by default, return
# application/json containing `output`.
# Note: Being the API hot path, `content` is not defaulted to
# avoid copying the JSON string in the case callback is provided.
content_type = "application/json"
if callback:
print("callback called")
content_type = "text/javascript"
content = f"/**/{callback}({content.decode()})"
# The ETag header expects quotes to surround any identifier.
return Response(output.decode(), headers={
"Content-Type": "application/json",
headers = {
"Content-Type": content_type,
"ETag": f'"{etag}"'
return Response(content, headers=headers)
<!DOCTYPE html>
<!-- This file can be navigated to in a browser and used to
test JSONP callback functionality in aurweb's RPC. -->
<html lang="en">
<meta content="text/html;charset=utf-8" http-equiv="Content-Type">
<meta content="utf-8" http-equiv="encoding">
<title>JSONP Callback Test</title>
.container {
width: 460px;
margin: 0 auto;
.intro {
font-size: 14px;
.prefix-label, .search-label {
display: inline-block;
width: 200px;
text-align: right;
.button-wrapper {
text-align: center;
width: 460px;
margin-top: 10px;
<script type="text/javascript">
function rpcCallback(data) {
function createJSONP(event) {
let input = document.getElementById("arg").value;
let rpc = document.getElementById("prefix").value;
let s = document.createElement("script");
s.src = rpc + "?v=5&type=search&arg="+ input + "&callback=rpcCallback";
return false;
<div class="container">
<p class="intro">
Searching with the following form uses a JSONP callback
to log data out to the javascript console.
<label class="prefix-label" for="prefix">RPC URL Prefix:</label>
<input id="prefix" type="text" name="prefix"
value="https://localhost:8444/rpc" />
<label class="search-label" for="arg">Search:</label>
<input id="arg" type="text" name="arg" />
<div class="button-wrapper">
<button type="submit" onclick="return createJSONP(event)">
Search via JSONP
import re
from http import HTTPStatus
from unittest import mock
......@@ -610,3 +612,15 @@ def test_rpc_search_checkdepends():
def test_rpc_incorrect_by():
response = make_request("/rpc?v=5&type=search&by=fake&arg=big")
assert response.json().get("error") == "Incorrect by field specified."
def test_rpc_jsonp_callback():
""" Test the callback parameter.
For end-to-end verification, the `examples/jsonp.html` file can be
used to submit jsonp callback requests to the RPC.
response = make_request(
assert response.headers.get("content-type") == "text/javascript"
assert'^/\*\*/jsonCallback\(.*\)$', response.text) is not None
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment