We have a Windows 2008 Server with IIS on it. We have an asp.net site running on IIS. We first noticed the problem on our Default.aspx page where we have some javascript that looks like:
<script language="javascript" type="text/javascript">
... ...
function removeBodyListener() {
//remove the onclick event listener so that no more pages can be opened
document.body.setAttribute('onclick', '');
}
... ...
</script>
For some reason this was being sent to the clients as something like this:
<script language="javascript" type="text/javascript">
... ...
function removeBodyListener() {
//HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/plain; chars document.body.setAttribute('onclick', '');
}
... ...
</script>
By removing the comment from our javascript, we stopped the replacement from happening on the default.aspx. We thought that would be ok, but now we have found that there are cases where our JSON responses to AJAX calls are having bits replaced with this http header information which breaks the JSON and and causes us to no longer be able to process the data correctly.
What makes it strange is that we can't duplicate the issue when viewing the site on the server, but we get the issue when viewing the site from Client PC's.
We've tried disabling all firewalls, and antivirus software. We've checked it on IE and Firefox, and we've checked that there is no proxy specified in the browsers. Unfortunately the server is on a client's network so we have very little control over the environment that is being used. Anyone have any suggestions?
Turns out "Symmantec End Point protection" was the problem. Uninstalled that and everything works. I'm not sure why telling Symmantec to disable all of its features didn't work, but uninstalling it did. I'm guessing when you tell Symmantec to disable itself completely it just doesn't listen to you and does its own thing anyway.