Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Q and A on cross site request forgeries and breaking into sessions. It's one of the attacks that XSS enables and the attack of the future. For Session, fixations, hijacking, lockout, replay, session riding etc.... 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
AJAX 'gziped' response error
Posted by: Xinstict
Date: October 21, 2007 05:13PM

I apologize if i started thread in wrong section.

There is problem with ajax, when is 'ajax' XMLHttpRequest get request made to server which is gzip enabled.

Server response gzip-inflated data. But 'XMLHttpRequest' doesn't decompress it
at all and silent error happen which responds nothing and status bar in fx just stays loading but doing nothing. But with 'mitm' tool between serv. and browser there is 'gzip inflated' data junk from server sent to browser and then nothing. [and js code to be executed after our request isnt executed just "stays loading" bar like i said]

So is there some header trick which says to the server that we dont accept gzip responses, to get normal response.

Or if anybody know for "ajax framework" which supports gzip, for which I doubt.

Any help?? [I dont expect answer from somebody who would write like disable gzip on server]
I'm lost. I googled but find nothing. I thought this is known and expected scenario, must be solution, but is there:)?

Xinstict



Edited 3 time(s). Last edit at 10/21/2007 05:27PM by Xinstict.

Options: ReplyQuote
Re: AJAX 'gziped' response error
Posted by: kuza55
Date: October 21, 2007 10:35PM

I'm not 100% sure, but I think modifying the Accept-Encoding header to just "deflate" should work.

----------------------------------------------------------
Don't forget our IRC: irc://irc.irchighway.net/#slackers
[kuza55.blogspot.com]

Options: ReplyQuote
Re: AJAX 'gziped' response error
Posted by: Anonymous User
Date: October 22, 2007 12:06AM

setRequestHeader("Accept-Encoding","gzip,deflate");

What I thought also, still I like to know what filetype are requesting?

Options: ReplyQuote
Re: AJAX 'gziped' response error
Posted by: kuza55
Date: October 22, 2007 12:53AM

@Ronald:

Wouldn't it be
setRequestHeader("Accept-Encoding","deflate");
rather than what you posted, since you _don't_ want gziped data?

----------------------------------------------------------
Don't forget our IRC: irc://irc.irchighway.net/#slackers
[kuza55.blogspot.com]

Options: ReplyQuote
Re: AJAX 'gziped' response error
Posted by: Anonymous User
Date: October 22, 2007 04:57AM

Yeah thats why I asked what he requested.

Options: ReplyQuote


Sorry, only registered users may post in this forum.