i'm trying to call my api flask on postman or on google chrome and i always get this:
POSTMAN :
Could not get any response
There was an error connecting to 192.168.1.178:5000/.
Why this might have happened:
The server couldn't send a response:
Ensure that the backend is working properly
Self-signed SSL certificates are being blocked:
Fix this by turning off 'SSL certificate verification' in Settings > General
Proxy configured incorrectly
Ensure that proxy is configured correctly in Settings > Proxy
Request timeout:
Change request timeout in Settings > General
Google chrome
Ce site est inaccessible
192.168.1.178 a mis trop de temps à répondre.
This looks like an issue with your flask server or could be related to the authentication method or missing data in your request.
What you can do is use the Postman Console to debug your outgoing request to the server.
What you can look for is:
Check the URL (in your case I think it's an IP address) of the request
Check the request method, for eg. 'GET', 'POST' - you might be calling the request with the wrong method.
Check the authentication method and credentials
Check the request body and headers.
And so on.. make sure you fulfill all the requirements of a complete request.
You can also put print statements in your flask server and see if the endpoints are being called (if it's a local server).
Related
I am consuming PCC API, There are two way by using different URLs:
https://connect.pointclickcare.com/auth/token
https://connect2.pointclickcare.com/auth/token
Both using same haeder and bodey excpet onre thinh that is 2nd URLs need two SSL Authentication.
I am able to consume with 1st URL.
Now I added client certificate to try to consume 2nd URL, however I am facing error and also two less value are being sent in header(Same Request
parameter is being used I only change URL for both request.)
Error: INCORRECT_PASSWORD
Screenshot is attached.
I finally found the problem, Passphrase was not added for Client Certificate being sent with http request. so I added with passphrase and now it worked fine.
I have a non-simple cross-origin HTTP request to my POST method in API Gateway.
I have set up CORS support as per : https://docs.aws.amazon.com/apigateway/latest/developerguide/how-to-cors.html
The POST request succeeds from Postman/AWS console but fails from a local development server where the origin is of type localhost.
After browsing through many answers and trying to debug i have concluded that all the required headers are present on the integration response of both POST and OPTIONS. However when making a call to OPTIONS from postman i see that it returns 500 Internal server error. This looks like a configuration issue with OPTIONS. How do i fix it? I don't have a serverless yaml, the gateway has been configured manually. Any way of resolving this via the console ?
I am trying to log into my WSO2 management console. It is containerized and hosted in an AWS EC2 instance. I can navigate to the console login page, but when I try to login I get a 403 Forbidden message.
Navigation to login page is okay
Forbidden error
I know that the cause of this issue is that my login page is not posting the X-CSRF-Token.
Example of the form data posted in my "bad" request:
The console of my WSO2 instance prints an error like this:
WARN {org.owasp.csrfguard.log.JavaLogger} - potential cross-site request forgery (CSRF) attack thwarted (user:<anonymous>, ip:IP_ADDRESS, method:POST, uri:/carbon/admin/login_action.jsp, error:required token is missing from the request)
Example of the form data posted in a "good" request in a local WSO2 instance:
What I have tried:
I have tried turning compression "off" as suggested by this post: wso2 api manger carbon page gives 403 Forbidden
I am not using JDK 1.8.0_151 which is labeled as a version with a bug.
I am able to circumvent the issue if I disable the csrfguard in Owasp.CsrfGuard.Carbon.properties but this is a security risk.
I have sticky sessions enabled
Any ideas on why the posting to the login_action.jsp page would return a 403?
EDIT
I failed to mention in the post that I am using TLS termination with an AWS load balancer. I am almost certain that my issue has something to do with that. This line from my console output details what my error is:
Referer domain https:LOAD_BALANCER_URL/carbon/admin/login.jsp does not match request domain: http://LOAD_BALANCER_URL/carbon/admin/js/csrfPrevention.js
You can see that the referer is using https but the request is using http. I believe that I want the request domain to be https, but I'm not sure how to do that. I think that the first page is making a call to login.jsp with https and the login.jsp page is making a call to the csrfPrevention.js page but changing the protocol to http.
Please refer the OS and JDK incompatibilities matrix and make sure you are not using one of these OS JDK pairs.
Do you have a load balancer fronting your Identity Server? If so, please verify that you have enabled sticky sessions in your LB. You can find sample NGINX the configurations in the guide - docs.wso2.com/display/CLUSTER44x/Configuring+NGINX
Lower the version of java JDK to 1.8.0_144.If it's not worked go to this location
wso2Servers/wso2is-5.5.0/repository/conf/security .
There is a file name Owasp.CsrfGuard.Carbon.properties.
In that file, there is a line
org.owasp.csrfguard.JavascriptServlet.refererMatchDomain = true
set this to
org.owasp.csrfguard.JavascriptServlet.refererMatchDomain = false
This worked for me.
So I am using a burp suite to intercept a request to
stage.training.com/ats/getAllStates.html?countryCode=CR
Once Intercepted I change the Hostname to localhost:4502
The localhost uses an authentication which I have already added to Platform Authentication under
User Options --> Platform Authentication
However I keep getting a 400 Bad Request response.
Any idea whats going wrong here
Firstly, we need to understand why 400 Http Bad Request is causing the response.
400 - Bad request. The request could not be understood by the server due to malformed syntax. The client should not repeat the request without modifications.
You can check the following operations from inside the burp suite for authentication.
User options > Connections > Platform Authentication > Add
Destination host: target URL
Authentication type: Basic, NTLMv1, NTLMv2 or Digest
Username and Password
Both sides need updating. from both intercept and user options. Otherwise, you will continue to receive errors.
Here's our current setup: (assume everything is using https)
Web Services server running a simple asp.NET Web API 2 application that returns only JSON. (api.example.com/controller/blah)
Primary web server that's going to contain scripts that use AJAX to access resources through our Web Services.
My end goal is to not have to deal with CORS because IE is being problematic. (I've tried several jQuery plugins to resolve problems with XDomainRequest, on top of our domain security settings causing IE to deny the requests anyways... it's just a mess.)
Route requests from www.example.com/api/* to api.example.com/* and return the JSON response.
However, when I've attempted to set this up with IIS + URL Rewrite + Application Request Routing (ARR) I get the following message when attempting to load up my url:
502 - Web server received an invalid response while acting as a gateway or proxy server.
There is a problem with the page you are looking for, and it cannot be
displayed. When the Web server (while acting as a gateway or proxy)
contacted the upstream content server, it received an invalid response
from the content server.
My setup in IIS is the following:
In ARR, I just ticked the Enable proxy option.
In URL Rewrite, I set up a rule with:
Match PRL Pattern = api/* (Using wildcards)
Action type = Rewrite
Rewrite URL: = api.example.com/{R:1}
I've made sure I can access the web services and data is returned correctly from the context of my web server. I've made sure the actual URL Rewrite rule is being triggered and forwarding the request correctly... but after that, I'm stuck. Any ideas?