Refused to get unsafe header "X-JSON"

Forum Moderators: open

Message Too Old, No Replies

Refused to get unsafe header "X-JSON"

I am getting the above message when I try and do an ajax call

oslicku

9:55 am on Sep 15, 2009 (gmt 0)

I was wondering if anyone can help or shed any light on this problem. I expect it's something trivial but I'm not sure of the root cause.

I have a form that submits to a page where I do an ajax call . The ajax call returns successfully but then the browser chokes giving the following error message:

Refused to get unsafe header "X-JSON"

If I refresh the page then the page updates correctly but I then get

Resource interpreted as other but transferred with MIME type text/html.

I guess this is to do with the response headers that my server side script is outputting or something to do with the server setup but I can't seem to find the answer on Google.

The js lib is Prototype 1.6.0.2 and the server is IIS7 on vista. The server is running coldfusion 8.

Can anyone shed any light on this? Help much appreciated.

Thanks,

Adam

brotherhood of LAN

10:10 am on Sep 15, 2009 (gmt 0)

Welcome to the forums Adam,

Without knowing the software that's generating it, it sounds like the AJAX header contains characters the client doesn't like, perhaps newlines?

If you can, try and make an HTTP request to the AJAX requested page to view the headers. cURL is ideal for this; so you can see what the X-JSON header contains.

oslicku

10:21 am on Sep 15, 2009 (gmt 0)

Thanks for the reply...

Here is the header from the page if I browse directly to the URL

[127.0.0.1...]

GET /search-results.cfm HTTP/1.1
Host: 127.0.0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.14) Gecko/2009082707 Firefox/3.0.14 GTB5 (.NET CLR 3.5.30729)
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-gb,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Cookie: CFID=3000; CFTOKEN=46294724; __utma=96992031.575311435966982800.1251194305.1252971185.1253008584.22; __utmz=96992031.1252971185.21.10.utmcsr=localhost¦utmccn=(referral)¦utmcmd=referral¦utmcct=/search-hotels.cfm; __utmc=96992031; __utmb=96992031.2.10.1253008584
Cache-Control: max-age=0

HTTP/1.x 200 OK
Transfer-Encoding: chunked
Content-Type: text/javascript
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Tue, 15 Sep 2009 10:16:37 GMT

The contents of the search results script is currently:

I guess this is an issue with IIS...

whoisgregg

5:44 pm on Sep 15, 2009 (gmt 0)

I don't see an X-JSON header being served at all... When you request that URL via AJAX are you adding additional GET or POST parameters that cause the script to produce an X-JSON header?

oslicku

6:20 pm on Sep 15, 2009 (gmt 0)

I had this in my template:

which was causing the problem. As soon as I remove that the whole thing works as it should do.

I still see these kind of warnings though:

Resource interpreted as other but transferred with MIME type text/html.

which I guess could be fixed (ideally) but doesn't cause anything to break so at least I can get on with what I was supposed to be doing!