Remove &securitytoken=guest from Ajax call

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • Andrew Milner
    New Member
    • May 2015
    • 13
    • 5.1.x

    Remove &securitytoken=guest from Ajax call

    I have created a hook that sits at the bottom of the page and calls a asp.net webservice and returns an email address. But it also appends &securitytoken=guest to my payload that i send, how do i get it not to send this data as it produces a json error.? and fails the request.
  • glennrocksvb
    Former vBulletin Developer
    • Mar 2011
    • 4011
    • 5.7.X

    #2
    Do you own or have access to the source code of the webservice? If so, you can probably fix it on its end. I would fix there if possible.

    If not, then consider this fix on vB side by adding this script in your hook:

    Code:
    $.ajaxPrefilter(function (options, originalOptions, xhr) {
        //if ajax request is for external domain, remove securitytoken parameter
        if (options.url.indexOf(document.domain) === -1) {
            if (options.data) { //remove from GET data
                var qs = vBulletin.parseQueryString('?' + options.data),
                    newData = [];
    
                delete qs.securitytoken;
    
                //options.data is URL-encoded so we cannot use $.param() to transform back to querystring format
                //otherwise, it will be double URL-encoded
                $.each(qs, function(key, value) {
                    newData.push(key + '=' + value);
                });
                options.data = newData.join('&');
    
                if (typeof options.formData !== 'undefined' && $.isArray(options.formData)) {
                    $.each(options.formData, function(index, obj) {
                        if (obj.name === 'securitytoken') {
                            options.formData.splice(0, 1, obj);
                            return false;
                        }
                    });
                }
    
            }
            else if (window.FormData && options.data instanceof FormData) { //remove from POST data
                options.data.delete('securitytoken');
            }
        }
    });
    Make sure the hook location is footer_before_body_end.

    This is untested. Please let me know if this works or not.
    Last edited by glennrocksvb; Fri 9 Oct '15, 9:24am. Reason: Updated code again

    Flag Icon Postbit Insert GIPHY Impersonate User BETTER INITIALS AVATAR Better Name Card Quote Selected Text Bookmark Posts Post Footer Translate Stop Links in Posts +MORE!

    Comment

  • Andrew Milner
    New Member
    • May 2015
    • 13
    • 5.1.x

    #3
    Thanks for the code. Should I put this after my script or ? . This is my script

    Code:
    $(function () {
        $('#regDataEmail').on('blur', function () {
            var name = $(this).val();
            var obj = {
                email: name
            };
            $.ajax({
                type: "POST",
                url: "https://www.somedomain.co.uk/forum-email-service/CheckEmail.asmx/ReturnUserEmail",
                data: '{email:' + JSON.stringify(obj) + '}',
                contentType: "application/json; charset=utf-8",
            }).done(function (data) {
                console.log(JSON.parse(data.d));
            }).fail(function (jqHXR, textstatus, error) {
                console.log(jqHXR);
    
            });
        });
    });
    Where should I put your code, I will try it straight away.

    Comment


    • Andrew Milner
      Andrew Milner commented
      Editing a comment
      I put the code in front of the function and it returned with an '=' on the end
      {email:{"email":"[email protected]"}}=
  • glennrocksvb
    Former vBulletin Developer
    • Mar 2011
    • 4011
    • 5.7.X

    #4
    Ok, try this one:

    Code:
    $.ajaxPrefilter(function (options, originalOptions, xhr) {
        //if ajax request is for external domain, remove securitytoken parameter
        if (options.crossDomain) {
            if (options.data) { //remove from ajax data
    
                if (options.contentType.indexOf('json') !== -1) {
                    options.data = options.data.replace(/&securitytoken=.*/, '');
                } else {
                    var qs = vBulletin.parseQueryString('?' + options.data),
                        newData = [];
    
                    delete qs.securitytoken;
    
                    //options.data is URL-encoded so we cannot use $.param() to transform back to querystring format
                    //otherwise, it will be double URL-encoded
                    $.each(qs, function(key, value) {
                        newData.push(key + '=' + value);
                    });
                    options.data = newData.join('&');
    
                    if (typeof options.formData !== 'undefined' && $.isArray(options.formData)) {
                        $.each(options.formData, function(index, obj) {
                            if (obj.name === 'securitytoken') {
                                options.formData.splice(0, 1, obj);
                                return false;
                            }
                        });
                    }
                }
    
            }
            else if (window.FormData && options.data instanceof FormData) { //remove from POST data
                options.data.delete('securitytoken');
            }
        }
    });
    The appending of security token parameter to ajax requests done by vB has a bug when the ajax contentType is json. The ajax data parameter becomes:

    Code:
    "{email:{"email":"[email protected]"}}[COLOR=#FF0000]&securitytoken=1444423832-3aeffb8c560568e5c678e182c8d24d819177893e[/COLOR]"
    This causes the json data to be invalid json. That is why the webservice call fails.

    Flag Icon Postbit Insert GIPHY Impersonate User BETTER INITIALS AVATAR Better Name Card Quote Selected Text Bookmark Posts Post Footer Translate Stop Links in Posts +MORE!

    Comment

    • Andrew Milner
      New Member
      • May 2015
      • 13
      • 5.1.x

      #5
      Thank so much, this has worked ....

      Comment

      • glennrocksvb
        Former vBulletin Developer
        • Mar 2011
        • 4011
        • 5.7.X

        #6
        Glad to help.

        Flag Icon Postbit Insert GIPHY Impersonate User BETTER INITIALS AVATAR Better Name Card Quote Selected Text Bookmark Posts Post Footer Translate Stop Links in Posts +MORE!

        Comment

        Related Topics

        Collapse

        Working...