jsConnect V2 and Response Headers - Vanilla Success
<main> <article class="userContent"> <p>This article is for jsConnect V2 only. It is highly recommended that you upgrade to the much more robust jsConnect V3 which solves these types of connectivity issues. Please see <a href="https://success.vanillaforums.com/kb/articles/206-upgrading-jsconnect-to-version-3" rel="nofollow noreferrer ugc">Upgrading jsConnect To Version 3</a>.</p><p>In the past web browsers and web servers were pretty lax about small details in document headers. If your browser requested a JSON document from a web server, the webserver might send back the document but with Content-Type headers set to 'text' instead of JSON, since JSON <strong><em>is</em></strong> a text document. For example: <code class="code codeInline" spellcheck="false" tabindex="0">Content-Type: text/html; charset=UTF-8</code></p><p>Because browsers knew that the response headers coming from servers were not necessarily reliable, browsers employed a technique of reading a sample of the content of a file (or <a href="https://en.wikipedia.org/wiki/Content_sniffing" rel="nofollow noreferrer ugc">'sniffing'</a>) a document to try to determine what kind of document it really was and how it should be treated.</p><p>Recently browsers, web servers and server administrators are tightening things up -- which can cause problems with some set ups for jsConnect. </p><p>As part of the jsConnect workflow, a Vanilla Forum will call the authenticating server through AJAX expecting a JSONP response. In the past servers would send this JSONP response with a <code class="code codeInline" spellcheck="false" tabindex="0">Content-Type: text/html</code> and the browser would 'sniff' it to determine that it was not HTML. Server administrators, as part of routine tightening of security, can change a setting in their web server to send a <code class="code codeInline" spellcheck="false" tabindex="0">X-Content-Type-Options: nosniff</code> with all responses telling browsers to strictly apply the Content-Type sent in the header. Now the AJAX call will fail. </p><p><strong>The fix</strong>: Update your jsConnect library from one of our <a href="https://github.com/vanilla?utf8=%E2%9C%93&q=jsconnect" rel="nofollow noreferrer ugc">Github libraries</a>, depending on the programming language you use. If not, in your script that responds to the callback from Vanilla add the proper headers: <code class="code codeInline" spellcheck="false" tabindex="0">Content-Type: application/javascript; charset=utf-8</code></p> </article> </main>