Support » Plugin: Wordfence Security - Firewall & Malware Scan » WordFence corrupts JSON response from jQuery ajax if not 200

  • Resolved Manzoor Wani

    (@manzoorwanijk)


    I had previously raised the issue here, but it was not resolved. Now it’s annoying to deal with the issue which is not under my control as a plugin developer.

    Steps to reproduce:
    1. Open the console in wp-admin with Wordfence active.
    2. Run this code which results in an error (404), because of v1 instead of v2

    jQuery.ajax({
      type: 'GET',
      url: location.origin + '/wp-json/wp/v1/posts',
      contentType: 'application/json; charset=utf-8',
      dataType: 'json',
    })
    .then(data => console.log(data))
    .fail(jq => console.log(jq));

    3. Although the error handler .fail()is defined, you will still see the syntax error Uncaught Error: Syntax error, unrecognized expression: {"code":"rest_no_route","message":"No route was found matching the URL and request method","data":{"status":404}}

    Now if you deactivate Wordfence, the request error will gracefully be handled.

    After thorough debugging, I found that wordfenceAJAXWatcher watcher is the culprit. If you comment out this line, the error is gone.

    I dug even further to see that if you comment out this line, it goes away.

    I could not dig further as the code in the JS file is minified.

Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Support wfphil

    (@wfphil)

    Hi @manzoorwanijk

    I see that you have opened another topic for this issue so it would have been best to use the original topic, where we are still waiting for an answer from you.

    We hope to have a fix for this in the next couple of plugin releases.

    Plugin Support wfdave

    (@wfdave)

    Hi @manzoorwanijk,

    Nice detective work!

    I did a bit of snooping myself and found the exact line where the error is raised:

    var responseDOM = $(jqXHR.responseText);

    This is on line 17 of wordfence/js/admin.ajaxWatcher.js

    This occurs because when the server responds with a 404, jqXHR.responseText becomes {"code":"rest_no_route","message":"No route was found matching the URL and request method","data":{"status":404}}.

    Note that if you try to execute:

    jQuery('{"code":"rest_no_route","message":"No route was found matching the URL and request method","data":{"status":404}}'); in your console, you are met with the same error message you saw previously.

    I’ll report this to the developers and see what they can do about this.

    Thanks again for the debugging work on your part!

    Dave

    Manzoor Wani

    (@manzoorwanijk)

    @wfphil The original topic is closed to new replies.

    Plugin Support wfdave

    (@wfdave)

    Hi again,

    This has been fixed by the developers and you should start seeing the changing in upcoming releases. (Internal Ref: #FB2102)

    The change was to use DOM parsing instead of $( … ) – which will throw an error if not parsing on valid a DOM string.

    Dave

    @wfdave thank you for the update. I’m glad it’s fixed 🙂

Viewing 5 replies - 1 through 5 (of 5 total)
  • You must be logged in to reply to this topic.