javascript - Rack middleware to to prepend while(1); to all ajax/json requests -

- August 15, 2011

i'd similar google/facebook in post: why google prepend while(1); json responses?

adding while(1); beginning of script , json posts, using rack middleware in rails app. way can go doing ajax requests (which may or may not have authentity_token or or sensitive data embedded in response).

we have api needs not use this, thinking url matching middleware not kick in.

can point me in right direction code might like? thanks!

there's quite lot of questions molded one, think.

the middleware something(haven't checked it, feels right) this:

class antihijackingmiddleware  def call(env)     status, headers, body = @app.call(env) # save initial state      if env["http_x_requested_with"] == "xmlhttprequest" && headers['content-type'].to_s.include?("application/json")         body = "while(1);"+body         headers['content-length'] = rack::utils.bytesize(body.to_s).to_s     end      [status, headers, body]  end end

you can add additional conditions on env["request_uri"] url matching.

adding rails' middleware stack boilerplate.

Search This Blog

Shell

javascript - Rack middleware to to prepend while(1); to all ajax/json requests -

Comments

Post a Comment

Popular posts from this blog

javascript - Laravel datatable invalid JSON response -

java - Exception in thread "main" org.springframework.context.ApplicationContextException: Unable to start embedded container; -

sql server 2008 - My Sql Code Get An Error Of Msg 245, Level 16, State 1, Line 1 Conversion failed when converting the varchar value '8:45 AM' to data type int -