joshdick
commented
6 years ago It looks like this is happening because miniProxy is somehow not properly handling the CSRF_TOKEN cookie set by the application (even when using the cookie support branch/#69). The behavior you're seeing is probably happening because the csrftoken XML attribute isn't set when chart data is requested through the proxy, but it is set when the application is loaded without the proxy, and has nothing to do with POST handling.
Here's sample request data (the proxy always supplies an empty string where {GUID HERE} appears, which is what I think is causing the issue you're seeing):
<zadata csrftoken='{GUID HERE}' >
<dbobj dispname='11652000000004294' desc='' type='WIDGET' dbId='11652000000004017' objId='11652000000004294' pvId='11652000000004002' >
<zaav gt='TABLE_CHART' sgt='DEF' title='' merge='false' lp='RIGHT' lt='' ltm='false' lf='true' rgs='true' cgs='true' rst='true' ast='true' jt='1' cinfo='false' >
</zaav>
</dbobj>
</zadata>All of that said, I'm not sure how to fix it. 😅
Hi !
I am trying to get miniProxy working. However, for XMLHttpRequest POST requests the origin server insists on throwing HTTP status code 400 at me.
I have two versions of my page: https://signer.cnlovematch.com/reportdemo/index4.php where the included IFRAME does NOT USE MINIPROXY and the contents/application in the IFRAME works correctly.
Another version: https://signer.cnlovematch.com/reportdemo/index5.php sends the IFRAME's src through miniProxy and the contents/application in the IFRAME does not work. Apparently, this is due to the fact that XMLHttpRequest POST requests from within the IFRAME throws HTTP status 400 (Bad request)
NOTE: To get miniProxy to better handle XMLHttpRequest GET requests, I have changed miniProxy slightly. The source of the file used can be viewed here:
https://signer.cnlovematch.com/reportdemo/source.php?file=proxy.php
I think that part of the problem is that the original server seems to send either text/plain, application/json or text/xml as Content-Type in responses that are actually all JSON responses.
Does anybody have any ideas ?