WP GraphQL doesnt work

omatheusant · February 22, 2024, 8:16pm

Website URL

http://matheusant.lovestoblog.com/

Error Message

Im trying to use the WPGraphQL to fetch the data of my blog in React.

{
  "errors": {
    "message": "Unexpected token '<', \"<html><bod\"... is not valid JSON",
    "stack": "SyntaxError: Unexpected token '<', \"<html><bod\"... is not valid JSON"
  }
}

Network Response:

<html>
    <body>
        <script type="text/javascript" src="/aes.js"></script>
        <script>
            function toNumbers(d) {
                var e = [];
                d.replace(/(..)/g, function(d) {
                    e.push(parseInt(d, 16))
                });
                return e
            }
            function toHex() {
                for (var d = [], d = 1 == arguments.length && arguments[0].constructor == Array ? arguments[0] : arguments, e = "", f = 0; f < d.length; f++)
                    e += (16 > d[f] ? "0" : "") + d[f].toString(16);
                return e.toLowerCase()
            }
            var a = toNumbers("f655ba9d09a112d4968c63579db590b4")
              , b = toNumbers("98344c2eee86c3994890592585b49f80")
              , c = toNumbers("935e6ea1c28b63c1ced7f4c257624e22");
            document.cookie = "__test=" + toHex(slowAES.decrypt(c, 2, a, b)) + "; expires=Thu, 31-Dec-37 23:55:55 GMT; path=/";
            location.href = "http://matheusant.lovestoblog.com/index.php?graphql&i=1";
        </script>
        <noscript>This site requires Javascript to work, please enable Javascript in your browser or use a browser with Javascript support</noscript>
    </body>
</html>

Other Information

I send it to the owners of the plugin and their response are:

That code looks to be a poor implementation of a robots mitigation script and not part of WordPress or WPGraphQL.

If you indeed disabled all other plugins like you indicated in the issue description, and it’s not coming from custom code or your theme, then I suggest you contact your host and see how they change it so it only injects on actual frontend views and not API requests.

lovebug · February 22, 2024, 10:02pm

this is the infinityfree free subdomain security system

only web browsers that can process javascript and cookies can access the web site

Greenreader9 · February 23, 2024, 1:32am

It’s not just for subdomains, it’s for every domain using InfinityFree namservers.

See more:

lovebug · February 23, 2024, 3:22am

oO my brain said domains and my fingers typed subdomains ! oops

Admin · February 23, 2024, 9:43am

Are you using React to build a Single Page Application in Javascript? If so, you should host it here with a GraphQL API.

However, the frontend application and backend application MUST be on the same hostname. So if your website is on www.example.com, then the API must be on www.example.com too. It can be in a subdirectory, like www.example.com/api/, but it cannot be on api.example.com, api.www.example.com, example.net or any other domain if the backend application is hosted with us.

system · March 1, 2024, 9:43am

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.