Koala use koa-safe-jsonp for JSONP response.
By default, jsonp is disabled.
To enable jsonp, install set options.jsonp = {jsonp options} at initialization.
See jsonp options.
const app = koala({
jsonp: {
callback: 'callback'
}
})Send the jsonp response.
app.use(function* () {
this.jsonp = { name: 'fengmk2' }
})Koala will handle all the security problems, like CVE-2014-4671.