NOTE: this is 2nd of 2 issues causing these bugs #86 and #73
I have noticed the code is using the call to $.getJSON(), I looked at the request and the response resulting from the code, and compared it with the regular "build" button request and response.
I'm attaching "sanitized" good and bad requests,
Basically - good one had:
the form data AND json urlencoded as form data
header Upgrade-Insecure-Requests set to 1
Accept is limited to a list of mime types
Content-Type is set to application/x-www-form-urlencoded
NOTE: this is 2nd of 2 issues causing these bugs #86 and #73
I have noticed the code is using the call to
$.getJSON()
, I looked at the request and the response resulting from the code, and compared it with the regular "build" button request and response. I'm attaching "sanitized" good and bad requests, Basically - good one had:Upgrade-Insecure-Requests
set to1
Accept
is limited to a list of mime typesContent-Type
is set toapplication/x-www-form-urlencoded
good_req.txt
Bad req.:
X-Requested-With
=XMLHttpRequest
.bad_req.txt
IF you guys wanna mess with it:
parameters
$.getJSON()
back to "basics" of$.ajax()
and set the missing headers on the wayBut maybe you can just detect and ignore parametrized jobs :)