jquery-sessionTimeout icon indicating copy to clipboard operation
jquery-sessionTimeout copied to clipboard

Published 20 hours ago verified publisher icon travishorn

POST request with Content-Length: 0

Open cfglife opened this issue 7 years ago • 0 comments

Hi,

We've implemented an application firewall in front of an application where we've used the sessionTimeout script. One of the anomalous behaviors that triggers a block rule on the firewall is POST requests with a content-length of 0. Apparently this is something that denial of service attacks may do?

The $.ajax() call made when a user clicks the keep-alive button also sends a POST with 0 bytes of content, so the firewall is now blocking our users from using the sessionTimeout script.

It would be easy to modify the script to send some small content in the POST so that we can keep the firewall rule enabled to stop actual suspicious requests, but that kind of change would be undesirable for most users. But would you consider adding some more configuration options to the plugin, so that developers could specify additional attributes of the $.ajax() call? That could benefit everyone, in addition to letting us solve our specific firewall problem by defining some contents for the request.

cfglife avatar Jun 19 '17 18:06 cfglife