For about two weeks, customers complain that our site is broken. After debugging and asking customers for screenshots of the error, we found out that Kaspersky Internet Security blocks AJAX requests, necessary for the site to work.
Console writes this error:
TypeError: ns.GetCommandSrc is not a function
What makes Kaspersky block certain requests?
Our site is on www.mysite.example and makes requests to api.mysite.example. access-allow-origin headers are set and work for us and most of the other customers.
I have the same issue. The block is intermittent. It looks to me that KAV tries to get some info from its servers to deal with the request, and if that fails, it breaks the AJAX call.
Luckily for me, I have a fallback action, providing default information to the app when the AJAX fails.
In another thread someone suggested that the issue is with the URL or parameters of the call. If it has keywords that can indicate a sensitive operation (banking and such), KAV gives it some extra attention. In my case the call has "license" in the URL, so it may be a correct guess. I'm planning to change the URL to something unremarkable, but it will take some time.