kedoin
2007-Apr-04 02:08 UTC
Should Ajax.Base specify "encoding:''UTF-8'' for ''application/x-www-form-urlencoded''
I''m new to using Prototype, so please forgive me if this is a newbie
question.
My website is hosted on a virtual host which uses Apache and
mod_security. When I try to use Ajax.Updater to make a request, I get
a "403 Forbidden" message. Checking the server logs, it seems that
mod_security is to blame:
[Tue Apr 3 19:07:05 2007] [error] [client xxx] mod_security: Access
denied with code 403. Pattern match "!(^application/x-www-form-
urlencoded$|^multipart/form-data;)" at HEADER("Content-Type")
[severity "EMERGENCY"] [hostname "xxx"] [uri
"/ajax/zipCheck.php"]
It seems that mod_security ships with a core rule that matches a regex
against the Content-Type and expects the Content-Type to *end* after
"application/x-www-form-urlencoded". (Note the $ in the regex above.)
You can read more about mod_security in this Linux Journal article:
http://www.linuxjournal.com/article/8708
I found that by modifying my own local copy of Prototype to modify
Ajax.Base.setOptions to remove the initialization of
''encoding'' to
''UTF-8'', things began to work.
My questions are:
1) Should Prototype be setting a charset for application/x-www-form-
urlencoded content-types?
2) If so, does anyone know how to work around this problem with
mod_security?
Thank you for your time.
Robert Kedoin
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Spinoffs" group.
To post to this group, send email to
rubyonrails-spinoffs-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-spinoffs-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-spinoffs?hl=en
-~----------~----~----~----~------~----~------~--~---