I developed a page that POSTs a form with an image to a WebAPI2 controller via AJAX.
I do this repeatedly; I let the user select a bunch of images, they add to a select box, then user can then add more from another location or they can remove items from the list. So, I submit the form they filled out with an image to the server. I do it specifically once per image so I can show the progress of each image upload. Once the image is on the server, it goes moved by my server-side code to a secured repository. The application pool is using a specific AD account to do it's work.
This works great for me, it works great for others who have tested it, but I have a single tester- out of 8- who is getting intermittent errors in IE. He wont try it in another browser (we don't have actual testers, just our users, and this one is stubborn)
My server-side web api code, which is part of the same project- is not even being hit. I log that we entered the method right off the bat. Further, there is no error being logged in the application logs for the server-side. The AJAX is returning "error" and "0". There is no response text. I am logging all AJAX errors to a server address (which submits just fine, BTW)
I initially wrote this with an MVC controller instead of a Web API but I switched hoping it would resolve the problem. It did not.
The button that "submits" the form is not a submit button. It is input="button". I do not have a submit button on my form. The form does not have an address to post to. I lock the entire form down so no buttons can be clicked, no elements can be edited, while the items are being uploaded. In conclusion, I can't see that e.preventDefault(); would be helpful.
This can't actually be cross-site scripting, and I can not find anything online that suggests that a cross-site scripting policy can be tripped randomly but it seems as if it is.
Sometimes, he submits the form and 1/3 of the images upload and the rest error. It's not the image type, the size, or any of that- I copied the images he was uploading and used them to verify.
We disabled cross-site scripting on the server side and I added a JSONP formatter on my side and he tested it without errors. We are going to continue to test to see if it actually resolved the issue, because he's had it work before and then the issue re-appeared.
If it really is the cross-site scripting that is causing it, why? Could there be something on the IIS server that is making it pick a different top level domain since I do not specify one in my ajax request?
$.ajax({
url: getBaseURL() + 'API/FileForm',
type: 'POST',
data: dataString,
cache: false,
contentType: false,
processData: false
})
Where getBaseURL() says:
function getBaseURL() {
var baseURL = $("#HiddenCurrentURL").val().trim();
if (baseURL != "/") {
baseURL += "/";
}
return baseURL;
}
With HiddenCurrentURL Being in my _layout:
@Html.Hidden("HiddenCurrentURL", Request.ApplicationPath)
Any help would be appreciated. I'm not really sure what to do now. Can browser settings do this?
Edit: He is using IE 11 - as am I and my other testers. I have, and so have a few others, tested in Chrome and Firefox as well.
Edit2: We disabled cross-site scripting and the issue continued. I think it's interesting to note that the issue seems to only happen late at night or early in the morning, during off-hours for work. I checked with the IIS group and they said that it's running as "always on" though...
