Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[Juniper WebApp Secure] AJAX call with "x-requested-with" header fails when going through JWAS

0

0

Article ID: KB28324 KB Last Updated: 02 Apr 2019Version: 2.0
Summary:
HTTP requests can fail when the relevant header is missing in the Predefined Request Headers list of Juniper WebApp Secure (JWAS) (aka Mykonos)

 
Symptoms:
When running a page containing an AJAX call, a check for the header variable "X-Requested-With: XMLHttpRequest" is performed to prevent direct access. When the request is through JWAS, the call fails.
Cause:
The AJAX calls fails as JWAS strips off the unknown headers. This causes the call to fail since this check fails and is believed to be an invalid request by the end server.
 
Solution:
The issue occurs as this header is missing from the JWAS standard header request list; thus the request doesn’t go through.

The solution is to add the header via JWAS WebUI. 
  1. Select: Configuration > Processors > Header Processor > Known Request Headers
  2. Click on Add and add "x-requested-with" as the header name
  3. Set:
    • Order to 1
    • Allow Multiple to True
    • Required to False
    • Illegal to False
    • Removable to False
  4. Save the configuration and thereafter the request goes through fine.
Modification History:
2019-03-25: content reviewed for accuracy
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search