search

kaltura / all-in-one-video-pack.wordpress

A Wordpress Plugin to simplify adding Kaltura to your Blog
https://wordpress.org/plugins/all-in-one-video-pack/
19 stars 31 forks source link

Use native wp_send_json #55

Closed jdub233 closed 7 years ago

jdub233 commented 7 years ago

The native wp_send_json function correctly sets the Content-Type header to application/json rather than text/html. This is important for a couple of reasons:

  1. The JSON response contains large chunks of XML
  2. The XML contains body tags

Without the correct content type header, any tools that might be automatically scanning output can see the embedded body tag and consider the payload to be a web page. For example, an application monitoring tool like Newrelic is designed to scan all outgoing web pages and inject a performance monitoring javascript after the body tag. The injected script will render the JSON un-parseable and prevents the video players from loading.

Setting the content type correctly will let any injection scanners know that they shouldn’t interfere with the JSON data stream.

kaltura-hooks commented 7 years ago

Hi @jdub233, Thank you for contributing this pull request! Please sign the Kaltura CLA so we can review and merge your contribution. Learn more at http://bit.ly/KalturaContrib

jdub233 commented 7 years ago

Thanks, I've signed the Kaltura CLA.

rkreich commented 7 years ago

Thanks @jdub233