Should Ajax.Base specify "encoding:'UTF-8' for 'application/x-www-form-urlencoded'
kedoin
question.
My website is hosted on a virtual host which uses Apache and
mod_security. When I try to use Ajax.Updater to make a request, I get
a "403 Forbidden" message. Checking the server logs, it seems that
mod_security is to blame:
[Tue Apr 3 19:07:05 2007] [error] [client xxx] mod_security: Access
denied with code 403. Pattern match "!(^application/x-www-form-
urlencoded$|^multipart/form-data;)" at HEADER("Content-Type")
[severity "EMERGENCY"] [hostname "xxx"] [uri "/ajax/zipCheck.php"]
It seems that mod_security ships with a core rule that matches a regex
against the Content-Type and expects the Content-Type to *end* after
"application/x-www-form-urlencoded". (Note the $ in the regex above.)
You can read more about mod_security in this Linux Journal article:
http://www.linuxjournal.com/article/8708
I found that by modifying my own local copy of Prototype to modify
Ajax.Base.setOptions to remove the initialization of 'encoding' to
'UTF-8', things began to work.
My questions are:
1) Should Prototype be setting a charset for application/x-www-form-
urlencoded content-types?
2) If so, does anyone know how to work around this problem with
mod_security?
Thank you for your time.
Robert Kedoin