javascript - Rack middleware to to prepend while(1); to all ajax/json requests -


i'd similar google/facebook in post: why google prepend while(1); json responses?

adding while(1); beginning of script , json posts, using rack middleware in rails app. way can go doing ajax requests (which may or may not have authentity_token or or sensitive data embedded in response).

we have api needs not use this, thinking url matching middleware not kick in.

can point me in right direction code might like? thanks!

there's quite lot of questions molded one, think.

the middleware something(haven't checked it, feels right) this:

class antihijackingmiddleware  def call(env)     status, headers, body = @app.call(env) # save initial state      if env["http_x_requested_with"] == "xmlhttprequest" && headers['content-type'].to_s.include?("application/json")         body = "while(1);"+body         headers['content-length'] = rack::utils.bytesize(body.to_s).to_s     end      [status, headers, body]  end end 

you can add additional conditions on env["request_uri"] url matching.

adding rails' middleware stack boilerplate.


Comments

Popular posts from this blog

wireshark - USB mapping with python -

c++ - nodejs socket.io closes connection before upgrading to websocket -

Deploying Qt Application on Android is really slow? -