Strange issue with order of paths and AJAX calls

32 views
Skip to first unread message

Kiddailey

unread,
Sep 22, 2012, 11:01:15 PM9/22/12
to securit...@googlegroups.com
I'm seeing a strange issue that didn't occur with the old WebPageSecurity.  Specifically, I've got the following paths defined:

<securitySwitch>
<paths>
<add path="~/register/" />
<add path="~/services/" security="Ignore" />
</paths>
</securitySwitch>

On my register page, I've got some AJAX calls to a script (via GET) in the services path.  With WebPageSecurity, this configuration worked fine.  With securitySwitch though, webservice calls fail and are reported as "Pending" by Chrome when the paths are configured as above.   I'm not yet sure if it's the request that isn't getting to the server or the response not coming back.

In any case, if I change the order so that the services folder is listed first like so:

<securitySwitch>
<paths>
<add path="~/services/" security="Ignore" />
<add path="~/register/" />
</paths>
</securitySwitch>

It seems to work okay.  A couple of notes:
  • Making the calls manually in the browser's URL field (ie. not AJAX) works fine in BOTH configurations -- I get a response from the server fine.

  • These particular calls are being performed synchronously.  Haven't tested to see if async calls have the same issue.

  • As I mentioned, this only started happening once I upgraded to SecuritySwitch.

I'm not sure if this is expected behavior (I do realize that path order is important), a server configuration issue, or just something beyond control, but I figured I'd mention it.

Matt S.

unread,
Sep 24, 2012, 10:11:42 AM9/24/12
to securit...@googlegroups.com
Hi again, Kiddailey.

The old WebPageSecurity made too many assumptions that you couldn't override. The new SecuritySwitch module does have a new flag you can set in configuration to have it ignore AJAX requests. Set ignoreAjaxRequests to "true" on the "securitySwitch" element (it defaults to "false"). You can see all the other flags here:  https://code.google.com/p/securityswitch/wiki/SecuritySwitchConfigSection.

Try that flag and let me know if that fixes the issue.


Thanks,

-Matt

Kiddailey

unread,
Sep 25, 2012, 4:57:19 AM9/25/12
to securit...@googlegroups.com
Oh crap.  Sorry.  I totally missed that in the documentation.  And yup, it does the trick :)  Thanks!

Matt S.

unread,
Sep 26, 2012, 10:11:42 AM9/26/12
to securit...@googlegroups.com
No worries! I'm glad that fixed it for you.
Reply all
Reply to author
Forward
0 new messages