I have a onRequestCapture interceptor that looks for a sub-domain URL and pulls account info if present and redirects user to account customized login screen.
My problem is after the user is logged in, and sends an AJAX request (to populate a modal window), the interceptor sees no account info in the request, and insert the login screen into the modal. I’ve tested this by adding:
if(not event.isAJAX()){ ...intercept as normal... }
around the interceptor so it ignores all AJAX calls.
Is this the proper thing to do? Does it present any security risks? Any help is appreciated.
Thank you.
-Chris
Full interceptor:
`
var prc = event.getCollection(private=true);
// find appmaping
var appMapping = ( len( controller.getSetting( 'AppMapping' ) ) ? controller.getSetting( 'AppMapping' ) & "/" : "" );
// Setup base URL
event.setSESBaseURL( "http" & ( event.isSSL() ? "s" : "" ) & "://#cgi.HTTP_HOST#/#appMapping#index.cfm" );
var thisServer = #cgi.HTTP_HOST#;
if(not event.isAJAX()){
if (listLen(thisServer,".") gt 2){
var subDomain = listFirst(thisServer,".");
prc.Account = AccountService.getCurrentAccount(subDomain);
if(not StructIsEmpty(prc.Account)){
if(event.getCurrentHandler() eq ''){
setNextEvent( event='portal.login');
}
}
else{
writeDump('Client portal domain has been suspended, or does not exist');abort;
}
}
}
`