Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ajax: 根据请求类型来决定返回 html、json 还是 xml #118

Closed
CaledoniaProject opened this issue Mar 29, 2018 · 1 comment

Comments

Projects
None yet
1 participant
@CaledoniaProject
Copy link
Collaborator

commented Mar 29, 2018

由QQ群用户 @有多少爱可以胡来 反馈,当ajax请求被拦截,希望主页面能跳转。

暂定方案

如果是浏览器发出的非攻击请求,除非是误报了,否则不会触发跳转;如果是真实攻击,那主页面是否跳转都所谓了。

我们增加三个配置项目,当返回类型为 json/xml 时,输出特定的响应数据;其他情况下输出 html

block.json={"error":true, "reason": "Request blocked by OpenRASP", "request_id": "$REQUEST_ID$"}
block.xml=<?xml version="1.0"?><doc><error>true</error><reason>Request blocked by OpenRASP</reason><request_id>$REQUEST_ID$</request_id></doc>
block.html=</script><script>location.href="https://rasp.baidu.com/blocked2/?request_id=$REQUEST_ID$"</script>

另外在输出的时候,需要将 $REQUEST_ID$ 替换为当前的 request_id

@CaledoniaProject CaledoniaProject changed the title 根据请求类型来决定返回 html、json 还是 xml ajax: 根据请求类型来决定返回 html、json 还是 xml Jun 1, 2018

@CaledoniaProject

This comment has been minimized.

Copy link
Collaborator Author

commented Aug 28, 2018

已在 v0.41 里实现。

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.