NOTE: this is 2nd of 2 issues causing these bugs #86 and #73
I have noticed the code is using the call to $.getJSON(), I looked at the request and the response resulting from the code, and compared it with the regular "build" button request and response.
I'm attaching "sanitized" good and bad requests,
Basically - good one had:
the form data AND json urlencoded as form data
header Upgrade-Insecure-Requests set to 1
Accept is limited to a list of mime types
Content-Type is set to application/x-www-form-urlencoded
NOTE: this is 2nd of 2 issues causing these bugs #86 and #73
I have noticed the code is using the call to
$.getJSON(), I looked at the request and the response resulting from the code, and compared it with the regular "build" button request and response. I'm attaching "sanitized" good and bad requests, Basically - good one had:Upgrade-Insecure-Requestsset to1Acceptis limited to a list of mime typesContent-Typeis set toapplication/x-www-form-urlencodedgood_req.txt
Bad req.:
X-Requested-With=XMLHttpRequest.bad_req.txt
IF you guys wanna mess with it:
parameters$.getJSON()back to "basics" of$.ajax()and set the missing headers on the wayBut maybe you can just detect and ignore parametrized jobs :)