I'm attempting to modify a saved flow's cookie and resend it, but the captured flow has multiple "cookie" headers.
cookie: uuid=3AF89B5E-1162-4236-B60D-6E4B05177A14
cookie: fp_token_7c6a6574-f011-4c9a-abdd5l05EcWM3T5o/whEw=
cookie: _gsid=84c8326882b6a81bad5
The goal is to update just one of the three values. Attempts to set the cookie via flow.request.headers["cookie"]="NEWVALUEHERE;fp_token_7c6a6574-f011-4c9a-abdd5l05EcWM3T5o/whEw=;_gsid=84c8326882b6a81bad5;" results in the flow collapsing the three different cookie headers into one header, which the server doesn't accept.
print(flow.request.headers)
Headers[(b'cookie', b's=3AF89B5E-1162-4236-B60D-6E4B05177A14'), (b'cookie', b'fp_token_7c6a6574-d-9894a102cOA5l05EcWM3T5o/whEw='), (b'cookie', b'_gsid=84c83268866a81bad5')]
Any help would be appreciated. Thanks!
You can use Headers.set_all:
flow.request.headers.set_all(
"cookie",
["first cookie", "second cookie", "third cookie"]
)
Related
When I request a webpage, it sets a cookie:
{
"name": "",
"value: "test",
"domain": "foo.bar.com",
# ... there are more fields here, but not important
}
As you see, the "name" is not set. How must I handle this cookie in my further requests? Options:
Ignore this cookie and do not use/set it it my further requests.
Try to send this cookie as is, but the problem is that the most of packages (I use Python) do not allow cookies with an empty name.
Set a random name to that cookie and use. I am afraid to do this because I do not know whether a website will recognize that cookie.
We are running a classic ASP website, and having issues with Cookies in Chrome browser. Chrome is enforcing the cookie to be set securely (https://www.chromestatus.com/feature/5633521622188032)
We are setting a cookie as follows:
Response.AddHeader "Set-Cookie", "TestCookie=This is a Test; path=/; SameSite=None; Secure"
Response.Cookies("TestCookie").Expires = Date + 1
However, this has issues with Chrome, where sessions end abruptly when a resource of a different domain is called.
Chrome's cookie details show this:
Send for
Same-site connections only
Note there is no mention of "secure" as I think there should be.
What is the correct way of setting the Cookie in classic ASP for this?
There is a problem with your current approach to setting the Response Cookie.
By using Response.Cookies after setting the header using Set-Cookie you are in effect creating a new empty cookie called "TestCookie". Instead, you want to incorporate the expiry into the existing Set-Cookie header.
Testing your code, this is the Response header contents:
<%
Function FormatCookieDateTime(interval, value, tz)
Dim dt: dt = DateAdd(interval, value, Date())
Dim tm: tm = Time()
Dim result: result = WeekDayName(WeekDay(dt), True) & ", " & _
Right("00" & Day(dt), 2) & "-" & _
MonthName(Month(dt), True) & "-" & _
Year(dt) & " " & _
Right("00" & Hour(Time()), 2) & ":" & _
Right("00" & Minute(Time()), 2) & ":" & _
Right("00" & Second(Time()), 2) & " " & tz
FormatCookieDateTime = result
End Function
Response.AddHeader "Set-Cookie", "TestCookie=This is a Test; path=/; SameSite=None; Secure; expires=" & FormatCookieDateTime("d", 1, "GMT")
%>
Built a function that makes setting the expiry using the correct format easier.
Remember Secure is for Secure Connections
Because you are setting two cookies (one via AddHeader() and one via Response.Cookie) it might not be clear but the first cookie with Secure set will be ignored by chrome if the connection is not using HTTPS. In fact, if you look at the request in Chrome Dev Tools you should see a warning symbol next to the Set-Cookie header that says (when hovered over) something along the lines of;
This set-cookie had the "Secure" attribute but was not received over a secure connection.
The standard Response.Cookies method doesn't work reliably with cookies set by using the more low-level Reponse.Addheader. I have experienced the same thing.
I'm not able to test, but you might want to try two things:
don't use these two instructions in the same ASP codeblock. My guess is that setting the cookie using AddHeader() will bypass classic ASP's cookie collection. So Classic ASP will not know that this cookie has been set. What you could try is setting this cookie on one page, sending it to the browser, and on a different page set the expiration.
Try and set the expiration using the same AddHeader() instruction. You will have to look up how this is done on a header level, but it should certainly be possible.
I have some example code online that sets a secure and HTTPOnly cookie, using Response.AddHeader(), but it doesn't set an expiration, which results in a cookie that expires when the browser(tab) is closed:
https://gitlab.com/erik4/classic-asp-book-examples/-/blob/master/global.asa
typo3 9.5.8
we are implementing a newsletter subscription flow with multiple steps, on submit of the second step we query graphQL in a finisher to see if the Email is valid to subscribe or not - and we set a cookie with the "state" of the email address.
setcookie("isEmailSubscribable", ($content->data->isEmailSubscribable) ? "1" : "0", time() - 3600, "/", "x.at", false);
we have to display a message on the third step based on that "state" written into a cookie. but no matter what i try the cookie does not get set (i guess).
whats the deal with cookies and typo3? is it to late to set a cookie inside a form finisher? but if yes how could i solve this?
help is much appreciated
Inside the Finisher:
// Set a cookie
$this->getTypoScriptFrontendController()->fe_user->setKey('ses', 'value', 'test');
// Get the cookie
$this->getTypoScriptFrontendController()->fe_user->getKey('ses', 'test');
ses are Session cookies
user This cookies require a fe_user to be logged in
Value can be an array, it will be stored serialized in the Database fe_sessions.ses_data
UPDATE:
Or you can try it with an PSR-15 Middleware: https://docs.typo3.org/m/typo3/reference-coreapi/master/en-us/ApiOverview/RequestHandling/Index.html
In your Middleware Class you get a $request and $response and use them to set or read a cookie:
// Write a cookie
$response = $response->withAddedHeader(
'Set-Cookie',
$cookieName . '=' . $yourValue . '; Path=/; Max-Age=' . (time()+60*60*24*30)
);
// Read a cookie
$request->getCookieParams()[$cookieName];
You just have to check request for email address and maybe an hidden field to detect that your for was submitted.
Ok, so my new problem in Elixir is that I can't set the explicit domain while creating cookies.
In this case:
HTTPoison.get("httpbin.org/cookies", [{"User-agent", #userAgent}], hackney: [
cookie: "cookie1=1 cookie2=2"] ) do
When I create a cookie it will store a domain like .httpbin.org but for dummy reason I need to set domain value like httpbin.org (without previous dot) .
I tried also with:
HTTPoison.get("httpbin.org/cookies", [{"User-agent", #userAgent}], hackney: [
cookie: "cookie1=1 domain=httpbin.org cookie2=2"] ) do
But of course the syntax expects domain as a cookie name and httpbin.org as a cookie value.
Thank you!
What's the reason you want to remove the dot in the beginning? It's optional and it should match the entire domain with/without the dot.
How do browser cookie domains work?
Also, I think the domain attribute would be for the Set-Cookie header returned from HTTP server rather than requesting from the client. The httpbin (https://httpbin.org/cookies/set) returns the Set-Cookie header, but it doesn't specify domain attribute (just Path=/). It would be taken as .httpbin.org by clients like browsers.
iex(25)> response = HTTPoison.get!("https://httpbin.org/cookies/set?k2=v2&k1=v1")
%HTTPoison.Response{body: "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 3.2 Final//EN\">\n<title>Redirecting...</title>\n<h1>Redirecting...</h1>\n<p>You should be redirected automatically to target URL: /cookies. If not click the link.",
headers: [{"Server", "nginx"}, {"Date", "Fri, 18 Dec 2015 23:49:46 GMT"},
{"Content-Type", "text/html; charset=utf-8"}, {"Content-Length", "223"},
{"Connection", "keep-alive"}, {"Location", "/cookies"},
{"Set-Cookie", "k2=v2; Path=/"}, {"Set-Cookie", "k1=v1; Path=/"},
{"Access-Control-Allow-Origin", "*"},
{"Access-Control-Allow-Credentials", "true"}], status_code: 302}
iex(26)> :hackney.cookies(response.headers)
[{"k1", [{"k1", "v1"}, {"Path", "/"}]}, {"k2", [{"k2", "v2"}, {"Path", "/"}]}]
Sorry if I'm missing the point.
I am trying to send mails with attachment by using Amazon SES
HttpRequest httpReq = new HttpRequest();
httpReq.setMethod('POST');
httpReq.setEndpoint('https://email.us-east-1.amazonaws.com');
Blob bsig = Crypto.generateMac('HmacSHA256', Blob.valueOf(awsFormattedNow), Blob.valueOf(secret));
httpReq.setHeader('X-Amzn-Authorization','AWS3-HTTPS AWSAccessKeyId='+key+', Algorithm=HmacSHA256, Signature='+EncodingUtil.base64Encode(bsig));
httpReq.setHeader('Date',awsFormattedNow);
httpReq.setHeader('From','sample#gmail.com');
httpReq.setHeader('To','sample#gmail.com');
httpReq.setHeader('Subject','Hello');
httpReq.setHeader('Accept-Language','en-US');
httpReq.setHeader('Content-Language','en-US');
httpReq.setHeader('Content-Type','multipart/mixed;boundary=\"_003_97DCB304C5294779BEBCFC8357FCC4D2\"');
httpReq.setHeader('MIME-Version','1.0');
// httpReq.setHeader('Action','SendRawEmail');
String email = 'Action=SendRawEmail';
email += '--_003_97DCB304C5294779BEBCFC8357FCC4D2 \n Content-Type: text/plain; charset="us-ascii" \n Content-Transfer-Encoding: quoted-printable \n';
email +='Hi Andrew. Here are the customer service names and telephone numbers I promised you.';
httpReq.setBody(email);
System.debug(httpReq.getBody());
Http http = new Http();
HttpResponse response = http.send(httpReq);
I am getting error like
<AccessDeniedException>
<Message>Unable to determine service/operation name to be authorized</Message>
</AccessDeniedException>
Kindly please help me where i am doing wrong .Thanks in advance
Take another look at the documentation. There are several issues with your code.
SES expects an HTTP POST with all of the parameters strung together consistent with application/x-www-form-urlencoded POST requests.
Your HTTP request needs to be Content-type: application/x-www-form-urlencoded, not multipart/mixed... -- that's part of the raw message you're trying to send.
You are mixing up things that should be in the body, and setting HTTP request headers, instead. For example, these are also incorrect:
httpReq.setHeader('From','sample#gmail.com');
httpReq.setHeader('To','sample#gmail.com');
httpReq.setHeader('Subject','Hello');
These should go in the request body, not in the HTTP request headers. Also, the values are urlencoded. From the example code:
Action=SendEmail
&Source=user%40example.com
&Destination.ToAddresses.member.1=allan%40example.com
The line breaks were added for clarity.
Your interests might be best served by trying to successfully send a simple e-mail, first, and then later attempting to modify your code to support attachments, because you have numerous errors that will need to be corrected before this code will work properly.
http://docs.aws.amazon.com/ses/latest/DeveloperGuide/query-interface-requests.html
http://docs.aws.amazon.com/ses/latest/APIReference/API_SendRawEmail.html