Fix "X-Requested-With: XMLHttpRequest" error

Currently the bookmarklet on production is encountering an error 500 when loading a friend's quest. Here's my request for Kyle's quests, which makes an HTTP GET request to http://shopgab.com/bookmark/friend_quests/5). I spent my morning with cURL and found that setting the X-Requested-With header to XMLHttpRequest is causing the error.

X-Requested-With: XMLHttpRequest

curl 'http://shopgab.com/bookmark/friend_quests/5' -H 'Cookie: optimizelyEndUserId=oeu1380737465543r0.2715121707879007; old_user=true; admin_user=true; optimizelyCustomEvents=%7B%22oeu1380737465543r0.2715121707879007%22%3A%5B%22start_here_button%22%2C%22start_here_click_tracking%22%5D%7D; optimizelySegments=%7B%7D; optimizelyBuckets=%7B%22313362698%22%3A%22313461604%22%7D; _ga=GA1.2.655033951.1381949501; fuelcid=S3TsWcHfEIErhecfPLvpAy7OuH3b7CXG9Cwps6XV0x86AzMi1TuMnvRxAETdJZ9yBdE_wm52rfPBcQx9W9sa2Za6XnJsw_KSYcRk-hxkOe410at9mqProL7mgq8LxFCCKlQ1yncxuJAZTYODp57Osek_P8u_NwI8qiKgwDWnlXGSTMFEImP0MdduqbL5jSK0CbesAKow7KFljoTG2K6Np29krm2sLgrH6wKHucn1c9Oe7ytl0hFLPVehaWCKfF19HG0qYyo574yG3xNvrTdpkvb4UEh4xJfRUNrHeaDPlnfzjDWA9hwBnQYSdZIGPfspoYuBWcqEOfP02VmTaFd_E0xixdLc45o6VvkA6HIbzldiSCTet5dij8lJ7_xkEs_gChRQBtX2aHr8nAIh4_LdRm5KZBeph8l4MCTvIloclyE6Ksc_Uj67_wa0JoZPkrXaCPvpQ3jx1LCJdjSziTzN-Cpl7WyCBsDECFwdOVlAybA0iP5Qn1fdAxNk3QEPaql6E78iMvHijIpPKVw3Gjsv1JxRfT2s8Q8Ir2r9AM4a-2extyJHFg_Ilo7gxrSUJEXgAn-9sftY-E8XEB66simaB0nUfD29ojcQNbARCx115svEntx4aoaVehROGi7fLOBY7cFkZbSwNPCec0p06G3pI4-aLku0-sGLTwKBK9WsYqMZoOvCm0qfW7Gar1VMmK7zMWXvfC5wmg7_S6bUwaNJU3BKV3ZLUWlPTEZxcU01a1d1b1U0SGNvY3pOOXRYVHNXdkkzZU02czYwdGM; mp_0c06e22671690f1006e02a4d071839e9_mixpanel=%7B%22distinct_id%22%3A%20%22me%40christianbundy.com%22%2C%22%24initial_referrer%22%3A%20%22http%3A%2F%2Ftest.shopgab.com%2F%22%2C%22%24initial_referring_domain%22%3A%20%22test.shopgab.com%22%2C%22__mps%22%3A%20%7B%7D%2C%22__mpso%22%3A%20%7B%7D%2C%22__mpa%22%3A%20%7B%7D%2C%22__mpap%22%3A%20%5B%5D%7D' -H 'DNT: 1' -H 'Accept-Encoding: gzip,deflate,sdch' -H 'Host: shopgab.com' -H 'Accept-Language: en-US,en;q=0.8' -H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/30.0.1599.101 Safari/537.36' -H 'Accept: application/json, text/javascript, */*; q=0.01' -H 'Referer: http://shopgab.com/bookmark/view?cacheblock=7.57565688341856e+22' -H 'X-Requested-With: XMLHttpRequest' -H 'Connection: keep-alive' --compressed

X-Requested-With: abcdefghijklmnopqrstuvwxyz

curl 'http://shopgab.com/bookmark/friend_quests/5' -H 'Cookie: optimizelyEndUserId=oeu1380737465543r0.2715121707879007; old_user=true; admin_user=true; optimizelyCustomEvents=%7B%22oeu1380737465543r0.2715121707879007%22%3A%5B%22start_here_button%22%2C%22start_here_click_tracking%22%5D%7D; optimizelySegments=%7B%7D; optimizelyBuckets=%7B%22313362698%22%3A%22313461604%22%7D; _ga=GA1.2.655033951.1381949501; fuelcid=S3TsWcHfEIErhecfPLvpAy7OuH3b7CXG9Cwps6XV0x86AzMi1TuMnvRxAETdJZ9yBdE_wm52rfPBcQx9W9sa2Za6XnJsw_KSYcRk-hxkOe410at9mqProL7mgq8LxFCCKlQ1yncxuJAZTYODp57Osek_P8u_NwI8qiKgwDWnlXGSTMFEImP0MdduqbL5jSK0CbesAKow7KFljoTG2K6Np29krm2sLgrH6wKHucn1c9Oe7ytl0hFLPVehaWCKfF19HG0qYyo574yG3xNvrTdpkvb4UEh4xJfRUNrHeaDPlnfzjDWA9hwBnQYSdZIGPfspoYuBWcqEOfP02VmTaFd_E0xixdLc45o6VvkA6HIbzldiSCTet5dij8lJ7_xkEs_gChRQBtX2aHr8nAIh4_LdRm5KZBeph8l4MCTvIloclyE6Ksc_Uj67_wa0JoZPkrXaCPvpQ3jx1LCJdjSziTzN-Cpl7WyCBsDECFwdOVlAybA0iP5Qn1fdAxNk3QEPaql6E78iMvHijIpPKVw3Gjsv1JxRfT2s8Q8Ir2r9AM4a-2extyJHFg_Ilo7gxrSUJEXgAn-9sftY-E8XEB66simaB0nUfD29ojcQNbARCx115svEntx4aoaVehROGi7fLOBY7cFkZbSwNPCec0p06G3pI4-aLku0-sGLTwKBK9WsYqMZoOvCm0qfW7Gar1VMmK7zMWXvfC5wmg7_S6bUwaNJU3BKV3ZLUWlPTEZxcU01a1d1b1U0SGNvY3pOOXRYVHNXdkkzZU02czYwdGM; mp_0c06e22671690f1006e02a4d071839e9_mixpanel=%7B%22distinct_id%22%3A%20%22me%40christianbundy.com%22%2C%22%24initial_referrer%22%3A%20%22http%3A%2F%2Ftest.shopgab.com%2F%22%2C%22%24initial_referring_domain%22%3A%20%22test.shopgab.com%22%2C%22__mps%22%3A%20%7B%7D%2C%22__mpso%22%3A%20%7B%7D%2C%22__mpa%22%3A%20%7B%7D%2C%22__mpap%22%3A%20%5B%5D%7D' -H 'DNT: 1' -H 'Accept-Encoding: gzip,deflate,sdch' -H 'Host: shopgab.com' -H 'Accept-Language: en-US,en;q=0.8' -H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/30.0.1599.101 Safari/537.36' -H 'Accept: application/json, text/javascript, */*; q=0.01' -H 'Referer: http://shopgab.com/bookmark/view?cacheblock=7.57565688341856e+22' -H 'X-Requested-With: abcdefghijklmnopqrstuvwxyz' -H 'Connection: keep-alive' --compressed

As you can see, the first throws an error, whereas the second works as intended.

Moving our way down the rabbit hole, it looks like that's coming from fuel/app/classes/controller/bookmark.php:11.

public function before()
    {
        parent::before();

        if (! Input::is_ajax())
        {
            $child_js = File::file_info(DOCROOT . 'assets/js/bookmark/child.js');
            $this->template->last_modified = $child_js['time_modified'];
        }

        //Config::set('profiling', false); // not working
    }

We haven't changed anything here for a while, so the ! Input::is_ajax() seems valid.

Checking the error logs, it looks like we're passing an object to the second parameter of method_exists(), which expects a string – all of this is happening in /fuel/core/classes/controller/rest.php:126.

At this point I'm pretty stumped, hopefully you have a better idea of what's going on.

kyledjoseph / shopgab

Fix "X-Requested-With: XMLHttpRequest" error #330