Website URL
http://matheusant.lovestoblog.com/
Error Message
Im trying to use the WPGraphQL to fetch the data of my blog in React.
{
"errors": {
"message": "Unexpected token '<', \"<html><bod\"... is not valid JSON",
"stack": "SyntaxError: Unexpected token '<', \"<html><bod\"... is not valid JSON"
}
}
Network Response:
<html>
<body>
<script type="text/javascript" src="/aes.js"></script>
<script>
function toNumbers(d) {
var e = [];
d.replace(/(..)/g, function(d) {
e.push(parseInt(d, 16))
});
return e
}
function toHex() {
for (var d = [], d = 1 == arguments.length && arguments[0].constructor == Array ? arguments[0] : arguments, e = "", f = 0; f < d.length; f++)
e += (16 > d[f] ? "0" : "") + d[f].toString(16);
return e.toLowerCase()
}
var a = toNumbers("f655ba9d09a112d4968c63579db590b4")
, b = toNumbers("98344c2eee86c3994890592585b49f80")
, c = toNumbers("935e6ea1c28b63c1ced7f4c257624e22");
document.cookie = "__test=" + toHex(slowAES.decrypt(c, 2, a, b)) + "; expires=Thu, 31-Dec-37 23:55:55 GMT; path=/";
location.href = "http://matheusant.lovestoblog.com/index.php?graphql&i=1";
</script>
<noscript>This site requires Javascript to work, please enable Javascript in your browser or use a browser with Javascript support</noscript>
</body>
</html>
Other Information
I send it to the owners of the plugin and their response are:
That code looks to be a poor implementation of a robots mitigation script and not part of WordPress or WPGraphQL.
If you indeed disabled all other plugins like you indicated in the issue description, and it’s not coming from custom code or your theme, then I suggest you contact your host and see how they change it so it only injects on actual frontend views and not API requests.