SSPR - AJAX - Asynchronous Requests

[GBS-IT]

Hi,

We currently present the Password Reset portal externally through an f5 and have brute force protection on PIN Validation attempts, on failure we (the f5) TRY to* (edit) inject CAPTCHA into the responses.

But they don't work properly and are unusable.

 

Now please excuse my ignorance of coding or web page development (I have no idea what the meaning of this is or what the impact is to the Password Rest Portal site\function).

The f5 product development team have come back saying that their Single Page Architecture (SPA) features only supports Asynchronous AJAX requests.

Their Response:

 

The "Step 2:Verify" page triggers an AJAX request (/account/LoginTempPincode) when user submits a PIN Number after clicking the "Next" button. Following code also suggest request for "/account/LoginTempPincode" is AJAX synchronous request.

===================================================

$.ajax({

                url: "/account/LoginTempPincode",

                data: { Username: myUserID, PinNumber: myPinNumber, setPin: $('#mykey').val(), FirstName: $('#FirstName').val(), Surname: $('#Surname').val() },

                dataType: "json",

                type: "POST",

                async: false,    <<<<===================================== tweak this to true (i.e. asynchronous)

                success: function (data) {

                    if (data.Success) {

                        $msg.hide();

                        window.location.href = '/Account/Reset';

===================================================

 

Tweaking "async: false" to "async: true" is expected to address this specific issue.

Edited February 19, 2020 by GBS-IT
wording