I have requested an api by postman but it didn't response required page, however it says: Request is missing required HTTP header ''
When I went to website developer section/Network tab in XHR, it shows required output.
Request Headers: Accept:application/json, text/plain, / Accept-Encoding:gzip, deflate Accept-Language:en-US,en;q=0.8 Connection:keep-alive Host:panthera.api.yuppcdn.net Origin:test.com Referer:test.com User-Agent:Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.101 Safari/537.36 Query String Parameters view source view URL encoded
How can I resolve this?
Please help.
Request an API contract from the developer who's API you are invoking. This API contract must contain what headers are required for the successful invocation of the API.
If it a public API it should also contain its contracts published or documented on the respective site from where you are referring the API specs.
Related
I have recently created an API for internal use in my company. Only my colleagues and I have the URL.
From a few days ago, I detected that random requests where occuring to a given method of the API (less than once per day), so I logged accesses to that method and this is what I am getting:
2017-06-18 17:10:00,359 INFO (default task-427) 85.52.215.80 - Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.75 Safari/537.36 Google Favicon
2017-06-20 07:25:42,273 INFO (default task-614) 85.52.215.80 - Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.75 Safari/537.36 Google Favicon
The request to the API is performed with the full set of parameters (I mean, it's not just to the root of the webservice)
Any idea of what could be going on?
I have several thesis:
A team member that has a browser tab with the method request URL open, that reloads every time he opens the browser. --> This is my favourite, but everybody claims not their fault
A team member having the service URL (with all parameters) in their browser History, with the browser randomly querying it to retrieve the favicon
A team member having the service service URL (with all parameters) in their browser Favourites/Bookmarks, with the browser randomly querying it to retrieve the favicon
Since the UserAgent (Google Favicon) seems to suggest one of the two latter options, the IP (located near our own city, with Orange Spain ISP) seem to suggest the first option: After a quick search on the Internet, I've found that everybody that is having such requests seem to have a California's Google IP.
I know I could just block that User Agent or IP, but I'd really would like to get to the bottom of this issue.
Thanks!
Edit:
Now I am getting User Agents as:
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko; Google Web Preview) Chrome/41.0.2272.118 Safari/537.36
as well :/
Both of these User Agents are associated with Google's Fetch and Render tool in Google Search Console. These user agents make request upon asking Google to Fetch and Render a given page for SEO validation. This really does not make sense considering you are asking about an API and not a page. But perhaps it is because a page that was submitted to the Fetch and Render service called the API?
I just want to know why django change requests header to uppercase ?
example :
i send headers
"User-Agent" : "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.71 Safari/537.36" ,
at backend django change it to
HTTP_USER_AGENT : Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.71 Safari/537.36
What's the need of this ?
Any helpful suggestion will be appreciated .
request.META is a dictionary containing django's constants as keys, not HTTP header names.
I am quoting:
With the exception of CONTENT_LENGTH and CONTENT_TYPE, as given above,
any HTTP headers in the request are converted to META keys by
converting all characters to uppercase, replacing any hyphens with
underscores and adding an HTTP_ prefix to the name. So, for example, a
header called X-Bender would be mapped to the META key HTTP_X_BENDER.
HTTP headers are case insensitive.
According to the Django docs, HTTP headers are converted to upper case, hyphens are converted to underscores, and the HTTP_ prefix is added. This means that you can use request.META['HTTP_USER_AGENT'] in your code, whether the request used User-Agent, USER-AGENT, or something else.
I'm using Jmeter to test my Jira instance. I recorded a login and a Scrumboard action.
When I want to replicate this using 2000 users I am getting an error.
I know this is because of the Token in needs.
How can I create a regex for finding the token?
I am doing a request to the server that looks like this
GET httb://SOMESERVERON.intranet:8080/secure/Dashboard.jspa
Cookie Data:
JSESSIONID=#IDNUMBER; atlassian.xsrf.token=#TOKENNUMBER
Request Headers: Connection: keep-alive Referer:
httb://SOMESERVERON.intranet:8080/plugins/servlet/gadgets/ifr?container=atlassian&mid=0&country=UK&lang=en&view=default&view-params=%7B%22writable%22%3A%22false%22%7D&st=atlassian%3AWYF9KCckTIxHKei%2BvMoCPKoa3LOkMGPilSEdaSqyqEFKIPnF0I3YcZDdKdElV0s%2B9%2FqBhMWhS2Qyvo7m0F2f3uTB3JBeKZF8Ou3EimeszE1Ms1IPMqDoYcVgPdF1CaQnnrANHwH1KhR1UxUlHed7VOyRPmfI26rO2FU65FQbvNuIZADHLRt1v8lF52vBeCqi6aSfyrfGau2lv3JDL4HVQv3dDmt%2FudFaX3a05CS94ncoGr0s&up_isPublicMode=false&up_isElevatedSecurityCheckShown=false&up_loginFailedByPermissions=false&up_externalUserManagement=false&up_loginSucceeded=false&up_allowCookies=true&up_externalPasswordManagement=&up_captchaFailure=false&up_isAdminFormOn=false&url=http%3A%2F%2Flrv142c3.europe.intranet%3A8080%2Frest%2Fgadgets%2F1.0%2Fg%2Fcom.atlassian.jira.gadgets%2Fgadgets%2Flogin.xml&libs=auth-refresh
Accept-Language: nl,en-US;q=0.7,en;q=0.3 Accept-Encoding: gzip,
deflate User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:34.0)
Gecko/20100101 Firefox/34.0 Accept:
text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Host:
http://SOMESERVERON.intranet:8080
So I know to look for this part
name="atlassian-token" content="TOKENKEY"
But what is the RegEx that I need to find the token and put it in a parameter that I can re use.
Regular Expression: name="atlassian-token" content="(.+?)"
Hope this will help.
For handling both JSESSIONID and atlassian-token cookies just add a HTTP Cookie Manager, JMeter is smart enough to deal with them automatically.
I am trying to send form data to a webservice but below "Request Header" in the "Network" of the Chrome DOM I got the origin evil.example and referer "localhost:8080".
Accept:application/json, text/plain, */*
Accept-Encoding:gzip, deflate
Accept-Language:nb-NO,nb;q=0.8,no;q=0.6,nn;q=0.4,en-US;q=0.2,en;q=0.2
Connection:keep-alive
Content-Length:91
Content-Type:application/x-www-form-urlencoded; charset=UTF-8;
Host:office.insoft.net:9091
Origin:http://evil.example/
Referer:http://localhost:8080/
User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2230.0 Safari/537.36
I want to change to another origin and "localhost:8080" would be the best origin.
How do I resolve that problem?
The overwrite of the header origin is caused by Allow-Control-Allow-Origin: * chrome extension.
Link to the extension
Try disabling this extension in order to solve your problem.
To create a jupyter_notebook_config.py file if it is not there, , you can use the following command line from ~/.jupyter:
$ jupyter notebook --generate-config
Uncomment this
c.NotebookApp.allow_origin = '*'
I have been wrestling with this issue for several hours:
I have a Single-Page Application written in Angular which communicates with a DjangoREST backend. I am trying to implement an auth fonction with session Cookies. The way I see it is:
1/ Show any unlogged visitor a login page
2/ Make a POST to url/login with the credentials
3/ Obtain a "sessionid" cookie and writing in a service that the user is logged
4/ Redirect vistor towards reserved content and used get & post to access contents with the cookie
The login endpoint is already set and works. When I make a post, I receive a HTTP 200 response with user info and a Set-Cookie, but subsequent calls do not contain the Cookie:
Request URL: ...
Request Method:POST
Status Code:200 OK
Request Headersview source
Accept:application/json, text/plain, */*
Accept-Encoding:gzip,deflate,sdch
Accept-Language:fr-FR,fr;q=0.8,en-US;q=0.6,en;q=0.4
Connection:keep-alive
Content-Length:38
Content-Type:application/x-www-form-urlencoded; charset=UTF-8
Host:devinify1.herokuapp..
Origin:http://mobilevinify.herokuapp...
Referer:http://mobilevinify.herokuapp...
User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36
Form Dataview sourceview URL encoded
username:felix#vinify.co
password:test
Response Headersview source
Access-Control-Allow-Origin:*
Connection:keep-alive
Content-Length:189
Content-Type:application/json
Date:Sat, 14 Dec 2013 20:45:14 GMT
Server:gunicorn/18.0
Set-Cookie:sessionid=ijz27zy655qn0cwmlnvr66609hsyvdub; expires=Sat, 28-Dec-2013 20:45:14 GMT; Max-Age=1209600; Path=/
Vary:Cookie
My code is a very simple adaptation of the angular-app example:
https://github.com/FelixLC/MobileWebApp/blob/master/app/scripts/security/security.js
I have tried this on localhost et on heroku. The server and the client are on different domains, CORS are allowed.
When I try to make calls, I receive an error from Django
TypeError at /vinibarwines/
int() argument must be a string or a number, not 'AnonymousUser'
Should I try to get this cookie and put it in the headers with angularJS?
You can try to login at http://mobilevinify.herokuapp.com/#/login with felix#vinify.co & test. Then Click on Vinibar, there is a 500 internal error on the GET request
Any help much appreciated
Felix
Here is the full layout of how I actually do my authentication. Django/Angular Authentication. It's a pretty extensive response, I'm more than happy to answer further questions you might have.