jsConnect V2 and Response Headers - HL Vanilla Community
<main> <article class="userContent"> <div class="blockquote"><div class="blockquote-content"><p class="blockquote-line"><strong><em>This article is for jsConnect V2 only</em></strong><em>. We highly recommend upgrading to the more robust jsConnect V3, which solves these types of connectivity issues. To learn how, see </em><a href="https://success.vanillaforums.com/kb/articles/206-upgrading-jsconnect-to-version-3" rel="nofollow noreferrer ugc"><em>Upgrading jsConnect To Version 3</em></a><em>.</em></p></div></div><p>In the past, web browsers and web servers were lax about small details in document headers. If your browser requested a JSON document from a web server, it might send back the document but with Content-Type headers set to 'text' instead of JSON, since JSON <strong><em>is</em></strong> a text document. </p><ul><li>For example: <code class="code codeInline" spellcheck="false" tabindex="0">Content-Type: text/html; charset=UTF-8</code></li></ul><p>Because browsers knew that the response headers coming from servers were not necessarily reliable, browsers employed a technique of reading a sample of the content of a file (or <a href="https://en.wikipedia.org/wiki/Content_sniffing" rel="nofollow noreferrer ugc">'sniffing'</a>) a document to try to determine what kind of document it really was and how it should be treated.</p><p>Recently browsers, web servers and server administrators are tightening things up -- which can cause problems with some set ups for jsConnect. </p><p>As part of the jsConnect workflow, a Vanilla community will call the authenticating server through AJAX expecting a JSONP response. In the past, servers would send this JSONP response with a <code class="code codeInline" spellcheck="false" tabindex="0">Content-Type: text/html</code> and the browser would 'sniff' it to determine that it was not HTML. Server administrators, as part of routine tightening of security, can change a setting in their web server to send a <code class="code codeInline" spellcheck="false" tabindex="0">X-Content-Type-Options: nosniff</code> with all responses telling browsers to strictly apply the Content-Type sent in the header. Now the AJAX call will fail. </p><p><strong>The fix</strong>: Update your jsConnect library from one of our <a href="https://github.com/vanilla?utf8=%E2%9C%93&q=jsconnect" rel="nofollow noreferrer ugc">Github libraries</a>, depending on the programming language you use. If not, in your script that responds to the callback from Vanilla, add the proper headers: <code class="code codeInline" spellcheck="false" tabindex="0">Content-Type: application/javascript; charset=utf-8</code></p> </article> </main>