Prevent Episerver ContentDelivery to hijack all application/json requests

In one of my projects where we are using the Content Delivery API from Episerver, we also have some custom logic in the templates for some Ajax posting.

A JavaScript makes a POST request to the current url and expects a json response, therefore the request has an Accept Header with the value: application/json.

contentdeliveryapi post request

Issue

This will respond with a 405 error with the message HTTP verb used to access this page is not allowed.

405 error.PNG

This might not be best practise to shoot XHR requests to the same request and manage the response in the same code that also handles the HTML rendering, but that is how it was build back then.

Looking into the binaries, I managed to find that this is caused by something in the EPiServer.ContentApi.Cms.dll binary.

Cause

I used DotPeek to look what’s going on in that file and could see that on initialization, the ContentDelivery attaches to the RoutedContent event on the IContentRouteEvents interface.

When content is Routed the method ContentApiRouteService.ShouldRouteRequest is used to check whether or not this request should be rewritten to use the ContentDelivery API instead.

The default implementation of ContentApiRouteService checks whether the Accept Header contains “application/json”. Which is the case for of our current implementation.

With rewritten I mean that instead of the normal request destination which usually is your WebForms ASPX template or MVC Controller, the request should be routed to the ContentDelivery API at /api/episerver/v2.0/.

Solution

As we are depending on the request to reach our template, we need to disable this. The best way I could find is to override the ContentApiRouteService .ShouldRouteRequest method.

I replaced it with a method that just returned false. I never want the request to be routed to the ContentDelivery API. When I use the ContentDelivery API, I use the endpoint found at /api/episerver/v2.0.

You can find how I override the implementation of ContentApiRouteService at GitHub together with how I replace it in the IoC container using a Configurable Module.

Personally I think this is a case where Episerver disturbs our default rendering and I would prefer that

1) the ContentDelivery routing for requests with Accept Header “application/json” is an opt-in configuration as it is interfering with our

2) or that the routing is configurable so that I can opt-out without having to write code that overrides the default behaviour

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: