Uploaded image for project: 'XWiki Platform'
  1. XWiki Platform
  2. XWIKI-23252

com.xpn.xwiki.web.Utils#isAjaxRequest is missing use cases

    XMLWordPrintable

Details

    • Bug
    • Resolution: Unresolved
    • Major
    • None
    • 17.4.0
    • Old Core
    • None
    • Unknown

    Description

      Currently, it relies (or more accurately XWikiAction#execute relies) on an explicit "?ajax=true" request parameter, but that's obviously not the definition of an ajax request, and it would be better to use a more reliable criterion.

      For example, MichaelHamann suggested checking the presence of the request header XWiki-Form-Token, which is automatically added to every same-origin ajax requests since 14.10.8.

      Attachments

        Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. OIDC-234 The authenticator should not redirect in the case of an ajax request

          • Major - Major loss of function.
          • Closed

          Activity

            People

              Unassigned Unassigned
              tmortagne Thomas Mortagne
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

                Created:
                Updated: