I am implementing consuming a REST API. My development environment is not C#, cURL, PHP, or any other commonly-used environment. I am using a Postman collection furnished by the API's developers as a base for my implementation. Issuing the request works:
Postman screen capture
Automatically added cookies
When I disable the Cookie Jar, the request no longer works in Postman.
I believe that what I need to do is to imitate whatever Postman is doing to retrieve those cookies and include them in the header of my request. How is Postman retrieving those server-side cookies?
Related
I have an application which uses websso for authentication and I want to test my APIs using Postman. I used Postman Chrome App and Postman Interceptor to capture requests. These requests work fine in Chrome App. Then I've opened my saved requests in Postman Standalone App however they are not working because cookies are not transferred. Is there a way to use those requests in standalone app together with their saved cookies?
#canan,
Postman supports capturing requests and cookies from the v7.14. Install Postman interceptor extension and postman version above v7.14 and start capturing requests and cookies.
For more information on how to use interceptor go through this learning center
I have stored my JWT token in dynamodb, from a step function used to generate it.
I have fetched the token using api gateway to my static site hosted in s3.
Does anyone know how to save it in cookie?
I am using the serverless framework to deploy my lambdas, if that is any help.
Thanks
To save this (or anything else, really) in a cookie, you need to either respond to a browser request with Set-Cookie HTTP header, see:
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie
or to set it with client-side JavaScript, see:
https://developer.mozilla.org/en-US/docs/Web/API/Document/cookie
How you do it exactly depends on:
do you want to set it with HTTP headers or client-side JavaScript?
what framework do you use?
how your application is accessed?
how do you want to use that cookie?
Remember that cookie is client-side state and all you tell us about is how you get the data that you want to be stored in a cookie (which doesn't matter) and not how the client-server interaction is done (which is what matters here).
I am trying to use Session auth in Django with React. All my GET REST calls are being reject with status 403. I probably have to send sessionidin headers, but sessionid cookie is HTTP only, so my JS code gets a null value when reading it. If I set the cookie to not be HTTP-only anymore, I can read it and send it in headers, but still seing the same problem.
Note: the view which includes the React app has a path /app, the REST api path is /api. Could this be the problem?
This is actually related to the fetch library I am using for making API calls. In order to send the sessionid automatically, credentials: include must be added in options.
I want to implement a Facebook login on my website that runs with Django. I have found a really good post explaining how to use the Facebook Javascript SDK here: https://www.sammyk.me/best-practice-for-facebook-login-with-the-javascript-sdk-and-php-sdk-v4-1
My problem is that I need to be able to access the facebook token from server side code. It seems this token is encrypted in a cookie and we can decrypt this cookie using the PHP SDK (as stated in the part "Using the JavaScript SDK and PHP SDK together" from the article).
However, I don't use PHP. Is there a simple way in Python to get this access token? Can I get it using the javascript SDK and maybe send an AJAX request to my server?
If not, do I need to manualy build a login flow?
It turns out I can get the token using only javascript using var access_token = FB.getAuthResponse()['accessToken'];. I can then send it to my server.
While developing a phonegap application, I can see the SetCookie header in responses from XHR login requests to an API I am using. As expected, when I inspect subsequent requests, I see the cookie being sent. I can also see that it is an httpOnly cookie, so I can't store it using scripts.
However, in the Chrome dev tools "Resources" I have no trouble deleting the cookie if I want to.
Yet, when I am running the application on an external iOS or Android device, using the Safari or Chrome Web Inspectors for each respective device, I can't see the cookies in the "Resources" panel. I don't see the cookie headers in requests or responses, either, yet somehow my requests are fine.
Is this a security measure, or is there an bug in my app/API to do with cookies?