UmbracoAuthorizedJsonController adds garbled json to front of all results
So i recently noticed some plugins throwing errors and finally found out that it seems that calls to controllers using UmbracoAuthorizedJsonController, for some reason gets some garbled json added in front of all responses.
All responses gets this added: )]}',
Even on errors, i get results like this:
)]}',
{"Message":"The requested resource does not support http method 'GET'."}
Normally you see that error message when there are redirects in place, such as stripping of trailing / or forcing lowercase urls.
These redirects can easily change a Post request to a Get request and then errors get thrown behind the scenes.
If you have any of these sorts of redirects, I advise excluding the /Umbraco and /App_Plugins paths from them. I think there might be another path to exclude but I can never remember what it is sorry.
Did anyone find an answer to this? I'm getting the same characters at the beginning of my "PostLogin" request trying to login to Umbraco, but only on localhost.
UmbracoAuthorizedJsonController adds garbled json to front of all results
So i recently noticed some plugins throwing errors and finally found out that it seems that calls to controllers using UmbracoAuthorizedJsonController, for some reason gets some garbled json added in front of all responses.
All responses gets this added: )]}',
Even on errors, i get results like this: )]}', {"Message":"The requested resource does not support http method 'GET'."}
Any suggestions? This is an 7.5.13 Umbraco.
Hi Christian,
Normally you see that error message when there are redirects in place, such as stripping of trailing / or forcing lowercase urls.
These redirects can easily change a Post request to a Get request and then errors get thrown behind the scenes.
If you have any of these sorts of redirects, I advise excluding the /Umbraco and /App_Plugins paths from them. I think there might be another path to exclude but I can never remember what it is sorry.
Nik
Just to make it clear. The error is not that im getting a GET error.
The issue is the ")]}'," that is in front of the response. It's also in front of any returned data when i dont get an error.
All results get prepended ")]}',"
Hey Christian,
did you ever resolve this?
This appeared to me today (Umbraco 8.0.2) with all my UmbracoAuthorizedJsonController in a new project, fresh install.
Thanks, Marc
Ok, this seems to be some "JSON Hijacking protection" thing (like prepending "while(1);" and such).
I though browsers "fixed" that (honestly never looked up how exactly!) vulnerability already.
Normally I always return JSON with an object on the outside, but I didn't in this case so the "auto protection" kicks in and prepends the JSON.
Did anyone find an answer to this? I'm getting the same characters at the beginning of my "PostLogin" request trying to login to Umbraco, but only on localhost.
is working on a reply...