Closed wd closed 13 years ago
ngx_xss will not work with ngx_echo's subrequest interfaces, due to the underlying limitations imposed by subrequests' "postponed chain" mechanism in the nginx core. The standard ngx_addition module also falls into this category. I'll document this limitation.
You're recommended to use ngx_lua as the content handler to issue subrequests and ngx_xss to do JSONP, because ngx_lua's ngx.location.capture() interface does not utilize the "postponed chain" mechanism. We're taking this approach in production and it works great.
On Sun, May 29, 2011 at 10:58 PM, wd reply@reply.github.com wrote:
With following nginx configuration location = /test { default_type application/json;
echo_location /php/test.php; #will return json string like '[['xx', 'yy']] #echo_location_async /php/test.php;
xss_get on; xss_callback_arg 'c'; } request http://abc.com/test?c=fff will get something like '[['xx','yy']]fff()
If add 'echo "";' before and after echo_location, the result will work as expect.
May be a bug?
This issue has just been fixed in master HEAD. Would you mind trying it out on your side?
Thanks! -agentzh
BTW, the fix is included in the ngx_echo module, not this one.
With following nginx configuration location = /test { default_type application/json;
request http://abc.com/test?c=fff will get something like '[['xx','yy']]fff()
If add 'echo "";' before and after echo_location, the result will work as expect.
May be a bug?