How to enable X-Frame-Options in WSO2 5.4.1? - wso2

I tried to configure my jaggery.conf file as stated in the documentation to allow framing as follows :
"filters":[
{
"name":"HttpHeaderSecurityFilter",
"class":"org.apache.catalina.filters.HttpHeaderSecurityFilter",
"params" : [
{"name" : "hstsEnabled", "value" : "false"},
{ "name": "antiClickJackingOption", "value": "SAMEORIGIN" }
]
},
{
"name": "ContentTypeBasedCachePreventionFilter",
"class": "org.wso2.carbon.ui.filters.cache.ContentTypeBasedCachePreventionFilter",
"params":[
{"name": "patterns", "value": "text/html\" ,application/json\" ,plain/text"},
{"name": "filterAction", "value": "enforce"},
{"name": "httpHeaders", "value": "Cache-Control: no-store, no-cache, must-revalidate, private"}
]
}
],
Despite, in my client app, I still get a message saying that framing isn't allowed.
Load denied by X-Frame-Options: https://localhost:9444/authenticationendpoint/oauth2_error.do?oauthErrorCode=invalid_callback&oauthErrorMsg=Registered+callback+does+not+match+with+the+provided+url. does not permit framing.

Since this issue is coming from authenticationendpoint, you have to configure HttpHeaderSecurityFilter filter in the file <IS_HOME>/repository/deployment/server/webapps/authenticationendpoint/WEB-INF/web.xml as follows.
<filter>
<filter-name>HttpHeaderSecurityFilter</filter-name>
<filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class>
<init-param>
<param-name>hstsEnabled</param-name>
<param-value>false</param-value>
</init-param>
<init-param>
<param-name>antiClickJackingOption</param-name>
<param-value>SAMEORIGIN</param-value>
</init-param>
</filter>
Btw, the error in the shared URL is Registered+callback+does+not+match+with+the+provided+url, you can check whether the redirect_uri defined in the request URL is matching with the one configured in the service provider.

Related

Getting InvalidInput : Amazon SP-API: DELETE /listings/2021-08-01/items/{sellerId}/{sku}

I am calling amazon SPI-API delete listing endpoint in Celigo integration data flow.
Here is my http method :
http Method : Delete
URI:
https://sellingpartnerapi-na.amazon.com/listings/2021-08-
01/items/ANRRIZ***sellerAccount/{{record.SKU}}?marketplaceIds=ATVPDKIKX**marketplaceId
header : {
"accept": "application/json",
"x-amz-access-token": "********",
"Host": "sellingpartnerapi-na.amazon.com",
"Content-Type": "application/x-www-form-urlencoded; charset=utf-8",
"Content-Length": 298,
"X-Amz-Date": "20221017T165222Z",
"Authorization": "AWS4-HMAC-SHA256 Credential=AKIA4QUUOLH***/20221017/us-east-
1/execute-api/aws4_request, SignedHeaders=accept;content-length;content-type;host;x-amz-
access-token;x-amz-date,
Signature=fd9a396bbca14ce1fcbf52baad46b2076cd85dea1c9ca097b6***",
"accept-encoding": "gzip, deflate"
}
And I am just receiving
{
"errors": [
{
"code": "InvalidInput",
"message": "Invalid Input",
"details": ""
}
]
}
without any details.
Did anyone ran into this? Appreciate your guidance here. Thank you in Advance.
Just incase if someone is looking for an answer - It was because, Celigo was sending request body by default and there was no control from the front end to remove the request body object. Celigo said, they will release an update to remove request body when not needed. Celigo worked with me to remove the requestbody for the delete request and it worked.

Ho to fix aws-cli cloudfront update distribution command?

I have been trying to execute below command but it resulted in an error
aws cloudfront update-distribution --id E29BDBENPXM1VE \
--Origins '{ "Items": [{
"OriginPath": "",
"CustomOriginConfig": {
"OriginSslProtocols": {
"Items": [
"TLSv1",
"TLSv1.1",
"TLSv1.2"
],
"Quantity": 3
}
}
}
]
}'
ERROR::: Unknown options: { "Items": [{
"OriginPath": "",
"CustomOriginConfig": {
"OriginSslProtocols": {
"Items": [
"TLSv1",
"TLSv1.1",
"TLSv1.2"
],
"Quantity": 3
}
}
}
]
}, --Origins
I have to remove cloudfront : OriginSslProtocols:SSLv3
aws cloudfront update-distribution --id E29BDBENPXM1VE \
--Origins '{ "Items": [{
"OriginPath": "",
"CustomOriginConfig": {
"OriginSslProtocols": {
"Items": [
"TLSv1",
"TLSv1.1",
"TLSv1.2"
],
"Quantity": 3
}
}
}
]
}'
1) How to fix above code,if not possible if there any command other than below command to disable/remove OriginSslProtocols:SSLv3
aws cloudfront update-distribution --id E29BDBENPXM1VE --distribution-config file://secure-ssl.json --if-match E35YV3CGILXQDJ
You are using the right command and it should be possible to do what you want.
However, it is slightly more complicated.
The corresponding reference page for the cli command aws cloudfront update-distribution says:
When you update a distribution, there are more required fields than when you create a distribution.
That is why you must follow the steps which are given in the cli reference [1]:
Submit a GetDistributionConfig request to get the current configuration and an Etag header for the distribution.
Update the XML document that was returned in the response to your GetDistributionConfig request to include your changes.
Submit an UpdateDistribution request to update the configuration for your distribution:
In the request body, include the XML document that you updated in Step 2. The request body must include an XML document with a DistributionConfig element.
Set the value of the HTTP If-Match header to the value of the ETag header that CloudFront returned when you submitted the GetDistributionConfig request in Step 1.
Review the response to the UpdateDistribution request to confirm that the configuration was successfully updated.
Optional: Submit a GetDistribution request to confirm that your changes have propagated. When propagation is complete, the value of Status is Deployed .
Fore info about the correct xml format is given in the CloudFront API Reference [2].
References
[1] https://docs.aws.amazon.com/cli/latest/reference/cloudfront/update-distribution.html
[2] https://docs.aws.amazon.com/cloudfront/latest/APIReference/API_UpdateDistribution.html

Inserting cookie in stubbed response from wiremock

I have a simple wiremock stub for an endpoint. The library that invokes this stub expects a cookie to be present in the response. Is there an easy way to supply a cookie in the wiremock configured response
Sample code for stubbing an endpoint:
stubFor(post(urlPathEqualTo("/endpoint"))
.willReturn(aResponse()
.withStatus(OK.getStatusCode())
//with a cookie;
Is this doable? I am using the following wiremock version
<dependency>
<groupId>com.github.tomakehurst</groupId>
<artifactId>wiremock</artifactId>
<version>2.19.0</version>
</dependency>
A cookie is nothing more than an HTTP header with the attribute name: "Set-Cookie". The below example is for the JSON variant, but should translate easily to the Java style: .withHeader("Set-Cookie", "JSESSIONID=dcba")));
{
"metadata": {
"title": "Cookie example",
"description": "Example to return a Cookie",
},
"request": {
"method": "ANY",
"urlPath": "/returnCookie"
},
"response": {
"status": 200,
"headers": {
"Set-Cookie": ["JSESSIONID=ABSCDEDASDSSDSSE.oai007; path=/; Secure; HttpOnly"]
},
"body": "This stores a cookie";
}
}

How to PATCH a version of an item in BIM360 on Postman

https://forge.autodesk.com/blog/how-patch-apis-work-and-some-tips-using-patch-apis
https://forge.autodesk.com/en/docs/data/v2/reference/http/projects-project_id-versions-version_id-PATCH/
I have followed the two links above explaining how to PATCH a version of an item and update the name of it but I am getting errors. Below is what I inputted into Postman (version_id inside the URI has been already encoded):
URI: https://developer.api.autodesk.com/data/v1/projects/:project_id/versions/:version_id
Authorization: Bearer *****************************
Content-Type: application/vnd.api+json
Body:
{
"jsonapi": {
"version": "1.0"
},
"data": {
"type": "versions",
"id": *********************************************,
"attributes": {
"name": "AAA - My PDF file.pdf",
"displayName": "AAA - My PDF file.pdf"
}
}
}
The item version I am trying to update is already named AAA - My PDF file.pdf so nothing should be updated. But when I send the request I get the following error.
Error:
{
"jsonapi": {
"version": "1.0"
},
"errors": [
{
"id": "30043cce-cfbe-4766-933c-fd9d888e574d",
"status": "400",
"code": "BAD_INPUT",
"title": "One or more input values in the request were bad",
"detail": "Request input is invalid for this operation."
}
]
}
Are there any ideas why I am getting this error and how can I fix it?
Unfortunately at the moment PATCHing for BIM360 Doc items is unsupported and hence the error. The error message could have been more specific rather than a general validation failure message and I will let Engineering know to update accordingly.
Try PATCHing with A360 hub and it should work as expected.

MPGS (mastercard): How to tokenize a transaction (how to create token)?

I'm trying to create token with MPGS.
I'm following this guide:
https://sample-sub.domain.mastercard.com/api/documentation/integrationGuidelines/supportedFeatures/pickAdditionalFunctionality/tokenization/tokenization.html?locale=en_US#x_tokenConfiguration
In the section "Token Operations" > "Tokenize", it says:
You can use this operation to create or update a token by storing
payment details against the token. ...
I'm posting this to help people who are frustrating like me with MPGS. I faced series of issues, and pulled my hair off many times. So here's the issues I faced and how to solve them (I'm stuck with issue #4).
Issue #1: Invalid credentials.
Fix: Make sure you're hitting the correct URL.
https://example-subdomain.mastercard.com/..
https://some.other-example.mastercard.com/..
https://MILLION-OTHER-POSSIBILITIES.mastercard.com/..
Even the documentation guide link have these same sub-domains, so make sure you're hitting the correct URL, and make sure you're following the correct documentation link.
Issue #2: Invalid parameters, or server asking for parameters although you've provided them.
Fix: If using Postman, make sure you set the parameters in "Body" > "raw" as JSON, like so:
{
"sourceOfFunds": {
"provided": {
"card": {
"expiry": {
"month": "05",
"year": "21"
},
"number": "5123456789012346"
}
},
"type": "CARD"
}
}
Issue #3: Authorization required
Fix: If using Postman, click on "Authorization", set "Type" it to Basic Auth, for "Username" set it to merchant.YOUR_MERCHANT_ID, for "Password" set it to YOUR_API_PASSWORD
Issue #4 (stuck here): Value '9999999999999999' is invalid. Card token must not be supplied
Method: PUT
URL: https://test-my.sample.gateway.mastercard.com/api/rest/version/46/merchant/MY_MERCHANT_ID/token/9999999999999999
Authorization: set correctly in Authorization tab
Body > raw:
{
"sourceOfFunds": {
"provided": {
"card": {
"expiry": {
"month": "05",
"year": "21"
},
"number": "5123456789012346"
}
},
"type": "CARD"
}
}
Response:
{
"error": {
"cause": "INVALID_REQUEST",
"explanation": "Value '9999999999999999' is invalid. Card token must not be supplied",
"field": "tokenid",
"validationType": "INVALID"
},
"result": "ERROR"
}
Q: Not sure what to do to tokenize the transaction..?! I'm stuck with issue #4.
Ok, finally figured it out. MPGS has 2 ways to create/update tokens:
Tokenization where YOU provide the token (notice: PUT method)
Tokenization where MPGS generate the token for you (notice: POST method)
They're very similar.
I got it working with the 2nd option.
Note: This is POST method !!
Method: POST
URL: https://SUBDOMAIN_YOU_SHOULD_BE_USING.mastercard.com/api/rest/version/50/merchant/YOUR_MERCHANT_ID/token
In postman, set Authorization (as described in the question, in issue #3).
Sample data to send (in postman, this should be in Body > raw):
{
"sourceOfFunds": {
"provided": {
"card": {
"expiry": {
"month": "05",
"year": "21"
},
"number": "5123456789012346"
}
},
"type": "CARD"
}
}
Sample response:
{
"repositoryId": "1000000000002",
"response": {
"gatewayCode": "BASIC_VERIFICATION_SUCCESSFUL"
},
"result": "SUCCESS",
"sourceOfFunds": {
"provided": {
"card": {
"brand": "MASTERCARD",
"expiry": "0521",
"fundingMethod": "CREDIT",
"issuer": "BANCO DEL PICHINCHA, C.A.",
"number": "512345xxxxxx2346",
"scheme": "MASTERCARD"
}
},
"type": "CARD"
},
"status": "VALID",
"token": "9717501974559694",
"usage": {
"lastUpdated": "2019-02-25T09:36:54.928Z",
"lastUpdatedBy": "1015",
"lastUsed": "2019-02-25T09:36:54.928Z"
},
"verificationStrategy": "BASIC"
}