Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Christian Bekker Andersen 16 posts 126 karma points c-trib
    Dec 21, 2018 @ 15:47
    Christian Bekker Andersen
    1

    UmbracoAuthorizedJsonController adds garbled json to front of all results

    So i recently noticed some plugins throwing errors and finally found out that it seems that calls to controllers using UmbracoAuthorizedJsonController, for some reason gets some garbled json added in front of all responses.

    All responses gets this added: )]}',

    Even on errors, i get results like this: )]}', {"Message":"The requested resource does not support http method 'GET'."}

    Any suggestions? This is an 7.5.13 Umbraco.

  • Nik 1617 posts 7263 karma points MVP 7x c-trib
    Dec 21, 2018 @ 22:35
    Nik
    0

    Hi Christian,

    Normally you see that error message when there are redirects in place, such as stripping of trailing / or forcing lowercase urls.

    These redirects can easily change a Post request to a Get request and then errors get thrown behind the scenes.

    If you have any of these sorts of redirects, I advise excluding the /Umbraco and /App_Plugins paths from them. I think there might be another path to exclude but I can never remember what it is sorry.

    Nik

  • Christian Bekker Andersen 16 posts 126 karma points c-trib
    Dec 21, 2018 @ 22:52
    Christian Bekker Andersen
    0

    Just to make it clear. The error is not that im getting a GET error.

    The issue is the ")]}'," that is in front of the response. It's also in front of any returned data when i dont get an error.

    All results get prepended ")]}',"

  • Marc Stöcker 104 posts 560 karma points c-trib
    May 30, 2019 @ 20:49
    Marc Stöcker
    0

    Hey Christian,

    did you ever resolve this?

    This appeared to me today (Umbraco 8.0.2) with all my UmbracoAuthorizedJsonController in a new project, fresh install.

    Thanks, Marc

  • Marc Stöcker 104 posts 560 karma points c-trib
    May 30, 2019 @ 21:04
    Marc Stöcker
    0

    Ok, this seems to be some "JSON Hijacking protection" thing (like prepending "while(1);" and such).

    I though browsers "fixed" that (honestly never looked up how exactly!) vulnerability already.

    Normally I always return JSON with an object on the outside, but I didn't in this case so the "auto protection" kicks in and prepends the JSON.

  • Alan Draper 57 posts 140 karma points
    Mar 23, 2023 @ 17:12
    Alan Draper
    0

    Did anyone find an answer to this? I'm getting the same characters at the beginning of my "PostLogin" request trying to login to Umbraco, but only on localhost.

Please Sign in or register to post replies

Write your reply to:

Draft