Implement content-type whitelist for CWebLogRoute #2165

Closed
bwoester opened this Issue Mar 4, 2013 · 3 comments

Comments

Projects
None yet
3 participants
@bwoester

bwoester commented Mar 4, 2013

As long as I can remember, CWebLogRoute (and its derived classes like CProfileLogRoute) causes problems when generating non-html output. Most often, it seems to break ajax calls that are meant to return json data, but it really affects everything that is not html.

One solution might be to implement a content-type whitelist. With this feature, the logroute should only generate output, if the application generated content, that is whitelisted. Then, when a developer generates json data, or xml, or returns a generated image, that content would not be found on the whitelist and the output wouldn't be messed up with the html generated by the web log route (given the developer set a content-type header for his data).

As a reference, take a look at yii-debug-toolbar, which implements such a whitelist:

@samdark

This comment has been minimized.

Show comment Hide comment
@samdark

samdark Mar 4, 2013

Member

AJAX isn't a problem since we're checking for XMLHttpRequest headers and ActionScript headers.

Member

samdark commented Mar 4, 2013

AJAX isn't a problem since we're checking for XMLHttpRequest headers and ActionScript headers.

@samdark

This comment has been minimized.

Show comment Hide comment
@samdark

samdark Mar 4, 2013

Member

Images and all other resources problem is valid.

Member

samdark commented Mar 4, 2013

Images and all other resources problem is valid.

@acorncom

This comment has been minimized.

Show comment Hide comment
@acorncom

acorncom Mar 5, 2013

Contributor

Ajax is still a problem depending on the browser. I ran into this bug last week with IE 8 doing an Ajax load using jQuery. Of course, every other browser works fine ;-)

Contributor

acorncom commented Mar 5, 2013

Ajax is still a problem depending on the browser. I ran into this bug last week with IE 8 doing an Ajax load using jQuery. Of course, every other browser works fine ;-)

@samdark samdark closed this Nov 17, 2015

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment