0

For about two weeks, customers complain that our site is broken. After debugging and asking customers for screenshots of the error, we found out that Kaspersky Internet Security blocks AJAX requests, necessary for the site to work.

Console writes this error:

TypeError: ns.GetCommandSrc is not a function

What makes Kaspersky block certain requests?

Our site is on www.mysite.example and makes requests to api.mysite.example. access-allow-origin headers are set and work for us and most of the other customers.

flecki89
  • 599
  • 2
  • 4
  • 15

2 Answers2

3

I found that in KAV Settings/Additional/Network, there is an "Inject script into web traffic to interact with web pages" option.

Try turning that off to see if stops the problem.

Simon Hewitt
  • 1,391
  • 9
  • 24
  • Yes i have this issue too, and i always have to do a remote session to turn this off client by client, its boring and unproductive. We recommend to remove that antivirus brand all together actually. It breaks many websites. – Miguel Jan 12 '21 at 11:26
0

I have the same issue. The block is intermittent. It looks to me that KAV tries to get some info from its servers to deal with the request, and if that fails, it breaks the AJAX call.

Luckily for me, I have a fallback action, providing default information to the app when the AJAX fails.

In another thread someone suggested that the issue is with the URL or parameters of the call. If it has keywords that can indicate a sensitive operation (banking and such), KAV gives it some extra attention. In my case the call has "license" in the URL, so it may be a correct guess. I'm planning to change the URL to something unremarkable, but it will take some time.

Vladimir Dyuzhev
  • 18,130
  • 10
  • 48
  • 62
  • I also noticed that if I delay the call for a second or so, the issue doesn't happen. That could be a workaround, too. – Vladimir Dyuzhev Jan 02 '20 at 00:50
  • Hi Vladimir. Thank you. I'll give it a try. As we have a paid-content service named "Premium" the url contains "/premium/". Maybe this triggers KAV :) – flecki89 Jan 07 '20 at 10:21
  • Since we deployed this change (I renamed "/premium/" to "/pp/") we got no complaints anymore. I marked your answer as resolved. – flecki89 Jan 28 '20 at 14:51
  • Kaspersky also fixed this issue: https://community.kaspersky.com/kaspersky-internet-security-13/kis-2020-remains-with-the-bug-main-js-ns-getcommandsrc-does-not-function-closed-7051 – flecki89 Oct 06 '20 at 15:04