Was using caldav to access icloud calendar, it was working fine. Today, all the requests in my postman collection started to get 401 from caldav.icloud.com
I am accessing my own personal account to test, double checked my password hundred times, still not working.
Request:
PROPFIND / HTTP/1.1
Host: caldav.icloud.com
Authorization: Basic xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Content-Type: application/xml
Cache-Control: no-cache
Postman-Token: 39b27b44-0a6f-b351-540f-f9446df618d0
<propfind xmlns='DAV:'>
<prop>
<current-user-principal/>
</prop>
</propfind>
Response was:
401 unauthorized
Header:
Connection →keep-alive
Content-Length →141
Content-Type →text/html;charset=utf-8
Date →Fri, 30 Jun 2017 14:23:34 GMT
Server →AppleHttpServer/2f080fc0
Strict-Transport-Security →max-age=31536000; includeSubDomains
WWW-Authenticate →x-mobileme-authtoken realm="MMCalDav", basic realm="MMCalDav"
X-Apple-Request-UUID →95e3a459-10b1-4d0a-a3ae-73f29b569481
X-Responding-Server →caldav:44101701:pv38p41ic-ztdg01080801:8001:17D70:375f9f89bf
X-Transaction-Id →95e3a459-10b1-4d0a-a3ae-73f29b569481
access-control-expose-headers →X-Apple-Request-UUID, Via
via →icloudedge:br30p01ic-zteu01122201:7401:17D30:Berlin
Body:
<html>
<head>
<title>Unauthorized</title>
</head>
<body>
<h1>Unauthorized</h1>
<p>You are not authorized to access this resource.</p>
</body>
</html>
Any ideas?
You cannot do a 3rd party login into iCloud with your regular login/password anymore (DAV, IMAP, etc). Since June 15, 2017 you need an "App specific password".
This page describes how to generate one: Using app-specific passwords. From that page:
Sign in to your Apple ID account page.
In the Security section, click Generate Password below App-Specific Passwords.
Follow the steps on your screen.
Related
I am trying to write requests to the server from the kernel using this lab
TDI based socket interface
Why is it that
when I TDISend the request for the address HTTPS://server.com:443/api/
I get this error:
Status 400
<head><title>400 The plain HTTP request was sent to HTTPS port</title></head>
<body>
<center><h1>400 Bad Request</h1></center>
<center>The plain HTTP request was sent to HTTPS port</center>
<hr><center>cloudflare</center>
</body>
</html>
when I TDISend the request for the address HTTP://server.com:80/api/
I get this error:
Status 301
Moved Permanently.
I would like to build an Email with Chilkat in .NET which would have three body contents: a HTML one, a plain text one and an AMP for Email one (with Content Type: "text/x-amp-html")
Current version on Chilkat (9.5.0.78) or the one I am using (9.5.0.68) doesn't support AMP for Email so it is not possible to build an email with the methods they provided. As a workaround I am editing the email via GetMime() which already has a Plain Body and Html Body and I am pasting the AMP part there.
Will Chilkat support AMP for Email?
EDIT:
With some more experiments I managed to make three bodies of a message although it's kind of ridicules:
var email = new Email();
email.Body = PlainContent;
email.AddHtmlAlternativeBody(HtmlContent);
email.RemoveHtmlAlternative();
email.SetTextBody(AmpHtmlContent, "text/x-amp-html");
email.AddHtmlAlternativeBody(HtmlContent);
The result is something like this:
[...]
X-Message-Type: test
--------------090501080304020500060805
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
some text some text some text some text some text some text some text some =
text some text some text some text=20
--------------090501080304020500060805
Content-Type: text/x-amp-html; charset=utf-8
Content-Transfer-Encoding: quoted-printable
<!doctype html>
<html amp4email>
<head>
<meta charset=3D"utf-8">
<script async src=3D"https://cdn.ampproject.org/v0.js"></script>
<style amp4email-boilerplate>body{visibility:hidden}</style>
</head>
<body>
Hello, AMP world.
<amp-img src=3D"https://images-na.ssl-images-amazon.com/images/I/41zetwwV=
h3L.jpg" alt=3D"Welcome" width=3D"382" height=3D"500">
</amp-img>
</body>
</html>
--------------090501080304020500060805
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: quoted-printable
<html><head><META http-equiv=3D"Content-Type" content=3D"text/html;charset=
=3Dutf-8"></head><body><h1>test fallback to html</h1> <h1>test fallback t=
o html</h1> <h1>test fallback to html</h1> </body></html>
--------------090501080304020500060805--
Here is an example that works for me:
https://www.example-code.com/csharp/amp_for_email.asp
It calls AddPlainTextAlternativeBody instead of setting the email.Body property.
I am trying to make an AJAX call to a Django function, but have started getting a CSRF Verification failed error in iOS 8. It works with the latest iOS and used to work with iOS 8.
This may be related to the recent updates to TLS. My host recently deprecated TLS 1.0 and TLS_RSA_WITH_3DES_EDE_CBC_SHA.
I add the CSRF token as a post parameter. If I make the function (server-side) #csrf_exempt then the call works, but I obviously don't want to take away the security.
I have only tested this in Safari. I'm using Django 1.5.2.
HTML:
# this creates an input with the CSRF token as its value
<div id = "csrf_token" class = "hidden">{% csrf_token %}</div>
Javascript:
csrfmiddlewaretoken = $('#csrf_token input').val();
$.ajax({
type: "POST",
url: "<my_url>",
data: {"csrfmiddlewaretoken":csrfmiddlewaretoken},
success: function(data){
alert("ok");
}
,error: function(xhr, status, error) {
alert("error " + xhr.responseText);
}
});
Is there any solution to this or must I stop supporting iOS 8? I still have some users who use it.
The problem turned out to be that referer wasn't being passed in iOS 8, which causes a CSRF fail. Referer wasn't being passed because the page was using the referrer meta tag.
<meta name="referrer" content="always">
<meta name="referrer" content="unsafe-url">
This doesn't work in iOS 8.
I have script to do API automation by fetching data from CSV file and comparing JSON response with the data in CSV file in POSTMAN. I have 12 scenarios/ iterations to verify and each scenario sends more than 20 data picking from CSV file and from JSON response compared more than 10 data. Everything is working fine.
Now Security feature implemented in code, so I have to send the request and Automate the script with ID/PWD. So I used NTML authentication with ID and PWD.
When I run the script with runner, initial two iteration gives perfect response and script passed, then from 3rd iteration all script failed and not getting response. In response it says Data unavailable when I checked in postman console it shows below details.
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/>
<title>401 - Unauthorized: Access is denied due to invalid credentials.</title>
<style type="text/css">
<!--
body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}
fieldset{padding:0 15px 10px 15px;}
h1{font-size:2.4em;margin:0;color:#FFF;}
h2{font-size:1.7em;margin:0;color:#CC0000;}
h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;}
#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;
background-color:#555555;}
#content{margin:0 0 0 2%;position:relative;}
.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}
-->
</style>
</head>
<body>
<div id="header"><h1>Server Error</h1></div>
<div id="content">
<div class="content-container"><fieldset>
<h2>401 - Unauthorized: Access is denied due to invalid credentials.</h2>
<h3>You do not have permission to view this directory or page using the credentials that you supplied.</h3>
</fieldset></div>
</div>
</body>
</html>
What could be the reason and any solution to solve this.
Screen short
Used NTLM Authentication [BETA] authorization option with ID/PWD
Here are the details for pass scenario
Request Headers:
content-type:"application/json"
cache-control:"no-cache"
user-agent:"PostmanRuntime/7.1.5"
accept:"*/*"
host:"xxxxxx"
accept-encoding:"gzip, deflate"
content-length:599
authorization:"NTLM TlRMTVNTUAADAAAAGAAYAFIAAAAYABgAagAAAAAAAABIAAAACgAKAEgAAAAAAAAAUgAAAAAAAACCAAAABYKIogUBKAoAAAAPUAAzAFcATABJAPxv7ESeMEwAAAAAAAAAAAAAAAAAAAAAAHZECYztsK+qnjG5K0DvDIPzQ09CFXWo0Q=="
Request Body:
Response Headers:
transfer-encoding:"chunked"
content-type:"application/json; charset=utf-8"
location:"xxxxxx/api/rate/zzz"
server:"Kestrel"
persistent-auth:"true"
date:"Wed, 06 Jun 2018 13:40:05 GMT"
Response Body:
rate:5
retailRateAttributes:
error:null
Here are the details of Failed scenario
Request Headers:
content-type:"application/json"
cache-control:"no-cache"
authorization:"NTLM TlRMTVNTUAADAAAAGAAYAFIAAAAYABgAagAAAAAAAABIAAAACgAKAEgAAAAAAAAAUgAAAAAAAACCAAAABYKIogUBKAoAAAAPUAAzAFcATABJAPxv7ESeMEwAAAAAAAAAAAAAAAAAAAAAAHZECYztsK+qnjG5K0DvDIPzQ09CFXWo0Q=="
user-agent:"PostmanRuntime/7.1.5"
accept:"*/*"
host:""xxxxxx""
accept-encoding:"gzip, deflate"
content-length:599
Request Body:
Response Headers:
content-type:"text/html"
server:"Microsoft-IIS/10.0"
www-authenticate:
0:"Negotiate"
1:"NTLM"
date:"Wed, 06 Jun 2018 13:40:05 GMT"
content-length:"1293"
Response Body:
While Postman errors are not the most descriptive, this error typically occurs because your API endpoint does not exist. You may want to check that you are correctly calling the appropriate endpoint
You say that the two first iterations work fine but when you get to the third iteration, get the error. That sounds like the auth/token/session expired.
I got the Postman error message
JSONError: Unexpected token '<' at 1:1<!doctype html>^ today.
I realized that the problem (in my case) was that I tried to access an API that
I had written myself, but forgotten to upload. - Thus, I tried to call an API
that did not exist. (!)
As soon as I uploaded the API, the error went away.
I'm attempting to use the web service to retrieve data from server. I follow the tutorial specified in http://googcloudlabs.appspot.com/codelabexercise5.html, of course I've modified the original code to satisfied my demands.
Now I'm getting an error like this: Unsupported Content-Type: text/html; charset=UTF-8 Supported ones are: [text/xml]
To see the full error, I write a new error function when getting data:
var errorFn = function(e){
for(var p in e){
alert(e[p]);
}
}
var successFn = function(resp){
var data='';
if(resp){
//getting the data from the response object
data=resp.data;
}
//Some other code here...
}
getData("/entity",null,successFn,errorFn);
And the browser alert the error object:
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"/>
<title>Error 500 Unsupported Content-Type: text/html; charset=UTF-8 Supported ones are: [text/xml]</title>
</head>
<body><h2>HTTP ERROR 500</h2>
<p>Problem accessing /vehicle. Reason:
<pre> Unsupported Content-Type: text/html; charset=UTF-8 Supported ones are: [text/xml]</pre></p><h3>Caused by:</h3><pre>com.sun.xml.internal.ws.server.UnsupportedMediaException: Unsupported Content-Type: text/html; charset=UTF-8 Supported ones are: [text/xml]
at com.sun.xml.internal.ws.encoding.StreamSOAPCodec.decode(Unknown Source)
at com.sun.xml.internal.ws.encoding.StreamSOAPCodec.decode(Unknown Source)
at com.sun.xml.internal.ws.encoding.SOAPBindingCodec.decode(Unknown Source)
at com.sun.xml.internal.ws.transport.http.client.HttpTransportPipe.process(Unknown Source)
at com.sun.xml.internal.ws.transport.http.client.HttpTransportPipe.processRequest(Unknown Source)
at com.sun.xml.internal.ws.transport.DeferredTransportPipe.processRequest(Unknown Source)
at com.sun.xml.internal.ws.api.pipe.Fiber.__doRun(Unknown Source)
at com.sun.xml.internal.ws.api.pipe.Fiber._doRun(Unknown Source)
at com.sun.xml.internal.ws.api.pipe.Fiber.doRun(Unknown Source)
at com.sun.xml.internal.ws.api.pipe.Fiber.runSync(Unknown Source)
at com.sun.xml.internal.ws.client.Stub.process(Unknown Source)
at com.sun.xml.internal.ws.client.sei.SEIStub.doProcess(Unknown Source)
at com.sun.xml.internal.ws.client.sei.SyncMethodHandler.invoke(Unknown Source)
at com.sun.xml.internal.ws.client.sei.SyncMethodHandler.invoke(Unknown Source)
at com.sun.xml.internal.ws.client.sei.SEIStub.invoke(Unknown Source)
at $Proxy32.getAllVehicles(Unknown Source)
at com.google.appengine.codelab.soap.client.VehicleServlet.doGet(VehicleServlet.java:52)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:617)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
at org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:511)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1166)
at com.google.appengine.tools.development.HeaderVerificationFilter.doFilter(HeaderVerificationFilter.java:35)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157)
at com.google.appengine.api.blobstore.dev.ServeBlobFilter.doFilter(ServeBlobFilter.java:60)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157)
at com.google.apphosting.utils.servlet.TransactionCleanupFilter.doFilter(TransactionCleanupFilter.java:43)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157)
at com.google.appengine.tools.development.StaticFileFilter.doFilter(StaticFileFilter.java:125)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157)
at com.google.appengine.tools.development.BackendServersFilter.doFilter(BackendServersFilter.java:97)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157)
at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:388)
at org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:216)
at org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:182)
at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:765)
at org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:418)
at com.google.appengine.tools.development.DevAppEngineWebAppContext.handle(DevAppEngineWebAppContext.java:94)
at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152)
at com.google.appengine.tools.development.JettyContainerService$ApiProxyHandler.handle(JettyContainerService.java:370)
at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152)
at org.mortbay.jetty.Server.handle(Server.java:326)
at org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:542)
at org.mortbay.jetty.HttpConnection$RequestHandler.headerComplete(HttpConnection.java:923)
at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:547)
at org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java:212)
at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:404)
at org.mortbay.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:409)
at org.mortbay.thread.QueuedThreadPool$PoolThread.run(QueuedThreadPool.java:582)
</pre>
<hr /><i><small>Powered by Jetty://</small></i><br/>
<br/>
<br/>
<br/>
<br/>
<br/>
<br/>
<br/>
<br/>
<br/>
<br/>
<br/>
<br/>
<br/>
<br/>
<br/>
<br/>
<br/>
<br/>
<br/>
</body>
</html>
Somebody help me with this problem ??
Thank in advance!
Add the following code in the head of the class:
#BindingType("http://java.sun.com/xml/ns/jaxws/2003/05/soap/bindings/HTTP/")
Then restart your server.
This error has happend to me and the reason was that the call to the webservices was made to an invalid host, so the web server responds with a http error message instead of an xml soap message.
I my case, same error, but different reason:
The Port wasn't specified in the wsdl, which the Server gave back to the Java Service "Generator".
Therefore the Webserver answered the SOAP call, with a Homepage, which of course wasn't text/XML but text /html.
Adding the Port to the wsdl solved the Problem.
Simple: your client (browser?) is sending data as Content-Type: text/html while it should be Content-Type: application/soap+xml (for old SOAP also Content-Type: text/xml).
So if you are making requests by hand you should add the Content-Type header to your HTTP requests.
This error can also occur when composing SOAP request and the content provided is improperly encoded/formated/inaccessible. This is probably not the case of yours, but if someone else encounters identical error before sending the request, it means that the data used to compose the message itself or it's attachments are improperly encoded, formated or generally inaccessible.
Try other clients .
in my case the problem occurs in jdeveloper 11.1.2.0 (Http analyser as client) and solved by Jdeveloper 11.1.2.3 (Http analyser as client)
This problem comes from request Content-Type
I had also encountered this problem, and finally I found out that was caused by the server.
The server is built on Node.js, and was concurrently using two packages multer and formidable to parse 'multipart/form-data' type form data. That caused the conflict: the actual form parser formidable can't get the raw form data because of multer has already processed that and got a clean content. We removed multer, then the problem was solved.