For any developer who has used the Jive REST API, you may have run into a problem with a security measure we put in place a while back that prefixes API responses with the following line:
throw 'allowIllegalResourceCall is false.';
This aspect of the API as introduced to help prevent against JSON Hijacking back when web browsers were susceptible.
As modern browsers have matured, so has inherent protection from this type of attack. As such, Jive is looking into migration paths to allow us to remove this line from our API allowing the response to be pure JSON once again. Once we have cleared our browser support list of susceptible browsers, we can start taking active measures to remove this safety measure.
When it comes time to roll-out changes, it is always hard because you never know how developers have coded things to this point.
To best prepare yourself (and your code) for this change, of which timing or process has not yet been discussed, it is recommended that you:
Some example solutions include:
As we get closer to determining the approach for introducing movement on this, we'll let the community know, but for now it is recommended that developers prepare their existing and new code with similar patterns to be protected.
Stay tuned. You may now return to your IDE. =)