Sending a file to an API using Postman form-data - postman

I'm attempting to send a file to an API I've been developing through Postman, but the API has repeatedly failed to receive it. I initially thought this was a middleware issue, and attempted to use different modules to fix it. However, I have since realized that this is actually an issue in Postman itself
When I send the request and then review the request body in the Postman console, I can see that it fails to send the file at all, listing it as undefined.
I have seen a few people having this same issue, but was not able to find a solution that worked for me. I have already tried unchecking the Content-Type header, as well as closing and reopening the tab and Postman.
EDIT: I did not receive an answer to this, but I was able to find a workaround - coding a super basic html form that made a post request to the relevant endpoint. This did work, so I'm going to say this is likely a bug or settings issue in Postman itself, rather than something to do with my server's code.

Pretty sure you were in this thread already, but just in case,
this answer, and this one might be what you need.

Related

XSRF and SOP, different outcome with apparently similar requests

I'm trying to learn more about XSRF and thus about SOP, I'm reading a lot and I have a more or less clear idea about what should happen and what should not, but I can't figure out why i'm obtaining different result while performing the same thing (I assume) in two different ways.
Same basic scenario of may similar questions, goodsite.com and badsite.com; badsite would like to make a GET request on goodsite.com using user's cookies.
I was able to make this work in a few different ways, a form with an onload send, a button with with an onclick function, they are all working correctly, the query is issued (and ofc i cannot see the response due to SOP).
However i can't figure out why this is not working
xhReq = new XMLHttpRequest();
xhReq.open("GET", "https://goodsite.com/doStuff");
xhReq.withCredentials=true;
xhReq.send();
This code, with the same settings/parameters of all the other working solutions is blocked by my browser with this error.
Access to XMLHttpRequest at 'https://goodsite.com/doStuff' from origin 'https://badguy.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
What am I missing? Thanks.
Is the javascript CORS policy. Servers send a header to tell browsers "Hey, i don't want anyone outside my white list to send me requests using javascript".
Is a security mechanism to avoid things like read the request cookie headers etc.
You can avoid it using a server. There are some online like https://cors-anywhere.herokuapp.com/
Just add the url to this link if you are feching some content cross origen.
Extended: https://portswigger.net/web-security/cors

setNextRequest() in Postman

I am trying to set a request after a certain request in postman, but It is not working as I want it to be. I have read through Postman documentation but got no luck. Plus, how do I get postman's request ID?
I am using the given JavaScript in the Test tab, and in postman documentation it says it should work. But no luck.
postman.setNextRequest('Login');
postman.setNextRequest('Login') will work only inside the Runner. Also, the requests need to be in the same Collection.
Even if the request is in another folder (while still in the same collection), you can reference it in setNextRequest(), without having to specify any folder.
And to answer your second question, "how to get the Postman Request Id?"
Use this pm.info.requestId which will return string value, you may set that in environment variable as well, like pm.environment.set("rID", pm.info.requestId)

Issue connecting SOAP through Postman

I’m stuck with trying to connect to my SOAP API. The goal is to retrieve a quote via the “Getquote” function which is available in our webservice and use that quote in an application in Bubble.is. Therefore, I want to make it work through form-data so I can reuse the keys and values in Bubble. I get a succesfull quote through the raw method. See picture
Raw method:
You can see that all my fields are in the body so with the form-data method I put all the individual fields in key and value but I get the error message you see below.
Form data method:
Can someone see what I'm doing wrong? Excuses me for I am just starting. There might be some beginner mistakes in there. Thanks for the help!
SOAP encodes messages by using XML. Form data uses a completely different encoding, which the SOAP server doesn't understand, hence the error.
Although I've never used it, there is a Chrome extension called Boomerang that supports SOAP requests, and which may suit you better.

OAuthException (#368) The action attempted has been deemed abusive or is otherwise disallowed

I'm trying to post a feed on my wall or on the wall on some of my friends using Graph API. I gave all permissions that this application needs, allow them when i make the request from my page, I'm having a valid access token but even though this exception occurs and no feed is posted. My post request looks pretty good, the permissions are given. What do I need to do to show on facebook app that I'm not an abusive person. The last think I did was to dig in my application Auth Dialog to set all permission I need there, and to write why do I need these permissions.
I would be very grateful if you tell me what is going on and point me into the right direction of what do I need to do to fix this problem.
Had the same problem. I figured out that Facebook was refusing my shortlinks, which makes me a bit mad...but I get the point because its possible that shortlinks can be used to promote malicious content...so if you have shortlinks as part of your test, replace them w the full url...
I believe this message is encountered for one of the two reasons :
Your post contains malicious links
You are trying to make a POST request over a non-https connection.
The second one is not confirmed but I have seen that behavior. While same code in my heroku hosted app worked fine, it gave this #368 error on my 000webhost hosted .tk domain which wasn't secured by SSL
Just in case anyone is still struggling with this, the problem occurs when you put URLs or "action links" that are not in your own app domain, if you really need to post to an extarnal page, you'll have to post to your app first, then redirect from there using a script or something. hope that helps.
also it's better in my opinion to use HTTPS links, as sometimes i've seen a behaviour where http links would be rejected, but that's intermittent.
I started noticing that recently as well when running my unit tests. One of the tests I run is submitting a link that I know Facebook has blocked to verify that I handle the error correctly. I used to get this error:
Warning: This Message Contains Blocked Content: Some content in this message has been reported as abusive by Facebook...
But starting on July 4th, I started receiving this error instead:
(#368) The action attempted has been deemed abusive or is otherwise disallowed'
Both errors indicate that Facebook doesn't like what you're publishing.

Server sending Set-Cookie with different value on every request

Our Zope server is sending a different value for the same cookie every time I request a page. I'm not sure why it would be doing this. Does it sound like it would be intentional or a misconfiguration issue we have? It seems to only start doing this after someone logs in.
It looks like the Extensible User Folder add-on we are using is responsible for doing it.
It looks like exUserFolder is doing this intentionally. Probably for the purpose of attempting to add more security.
In order to figure out offending software sending cookies I suggest to add a debugger call into the ZPublisher setCookie() method. At least a debugging message will tell you when a cookie is send. And if necessary you can investigate with pdb.set_trace() the call stack to figure out the code actually calling setCookie().