I am trying to upload a file using CommonsMultipartFile or MultipartFile
and its working fine in local but not working once pushed into cloudfoundry.
I am testing using Postman.
Here is the sample code:
#ResponseBody
#RequestMapping(value = "/api/stw/upload1", method = RequestMethod.POST)
public String upload1(#RequestParam(name="text",required=true) MultipartFile text){
return "done";
}
Here is the response in Postman when I am trying to call CF URL.
{
"timestamp": 1494397075418,
"status": 400,
"error": "Bad Request",
"exception": "org.springframework.web.bind.MissingServletRequestParameterException",
"message": "Required MultipartFile parameter 'text' is not present",
"path": "/api/stw/upload1"
}
Note: I am passing in form-data the key value required in postman.Its working on local but not on CF.
eg: text(Key) - uploadfile(Value)
**Request Header**
Accept:*/*
Accept-Encoding:gzip, deflate, br
Accept-Language:en-US,en;q=0.8,kn;q=0.6
Cache-Control:no-cache
Connection:keep-alive
Content-Length:32354
Content-Type:multipart/form-data; boundary=----WebKitFormBoundary10QktAWiD1GCsBKF
DNT:1
Host:<CF Service URL>
Origin:chrome-extension://fhbjgbiflinjbdggehcddcbncdddomop
Postman-Token:d22500e6-f0d9-0f29-b981-78a45b6e4524
Pragma:no-cache
User-Agent:Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36
**Request Payload**
------WebKitFormBoundary10QktAWiD1GCsBKF
Content-Disposition: form-data; name="uploadFile"; filename="error.txt"
Content-Type: text/plain
------WebKitFormBoundary10QktAWiD1GCsBKF--
The problem was commons-upload pom dependency.
I was using commons-upload for upload files that was working fine into local but its gave multipart error when pushed to Predix. So after removing it and respective bean configuration and then pushed to Predix it worked fine.
Related
I have an application where I am trying to send a post request with an added header.
resp=make_response(redirect(returnFilter(request.args,forms)))
resp.headers.add('foo','foo')
return resp
the returnFilter function is a custom function to make a link for the redirect and that works fine. I added a breakpoint at return resp to make sure it was adding the header after I noticed the problem and it does.
I caught the request it would send and it confirmed it did not actually add the header but I do not know why.
You are adding the foo: foo header to the response headers, but it looks like your screenshot is from request headers, did you look at the correct headers?
Some example code i wrote to test headers.add(...) method:
from flask import Flask, redirect, url_for, make_response
app = Flask(__name__)
#app.get('/')
def index():
return 'Hello'
#app.get('/header-test')
def header_test():
response = make_response(redirect(url_for('index')))
response.headers.add('foo', 'foo')
return response
app.run()
Request headers:
GET /header-test HTTP/1.1
Host: 127.0.0.1:5000
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: fi-FI,fi;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
Response headers:
HTTP/1.1 302 FOUND
Server: Werkzeug/2.1.1 Python/3.10.4
Date: Mon, 02 May 2022 00:53:07 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 208
Location: /
foo: foo
As you can see foo: foo is there in response headers just like it should be.
Browser is ignoring reponse cookies (csrftoken + seesionid). document.cookie() returns empty string and chrome developer tool shows this site has no cookies
How to solve this ?
FRONT : Angular 2 (localhost:4200)
Back : Django/DRF (localhost:8000)
Login route : [post] /login
Response header :
Access-Control-Allow-Credentials:true
Access-Control-Allow-Origin:http://localhost:4200
Allow:POST, OPTIONS
Date:Wed, 05 Apr 2017 07:38:24 GMT
Server:WSGIServer/0.2 CPython/3.5.2
Set-Cookie:sessionid=d5v1mri12bniyvyqqt55ar8mfl9mr2jk; expires=Wed, 19-Apr-2017 07:38:24 GMT; HttpOnly; Max-Age=1209600; Path=/
Set-Cookie:csrftoken=5PcTF8aQ1O79gdrylZcGchnmKyRy6zwS3kL2jR5dY2CMdjPfEYyhkoJjOzsDZuvj; expires=Wed, 04-Apr-2018 07:38:24 GMT; Max-Age=31449600; Path=/
Vary:Accept, Cookie, Origin
X-Frame-Options:SAMEORIGIN
Request header :
Accept:application/json, text/plain, */*
Accept-Encoding:gzip, deflate, br
Accept-Language:en-US,en;q=0.8,fr;q=0.6
Connection:keep-alive
Content-Length:51
content-type:application/json
Cookie:sessionid=d5v1mri12bniyvyqqt55ar8mfl9mr2jk; csrftoken=sml3uocRIeiB3KfHSnNkJXBJn3QAFN3p7lLtdvhrALgUwoVnfNjGM5PIy2L3UHls
Host:127.0.0.1:8000
Origin:http://localhost:4200
Referer:http://localhost:4200/
User-Agent:Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/56.0.2924.76 Chrome/56.0.2924.76 Safari/537.36
Cookies are not shared among different ports of a host (localhost in your case). The browser shows you content from localhost:4200, but the cookies are set to localhost:8000. They are correctly set and used, as can be seen in your second listing titled "Request header". So to see them in the browser, you would have to open a URL from localhost:8000. Even then the sessionid would not be listed in document.cookie(), because it's marked as "HttpOnly" (which means not available to JavaScript).
If you are use angular cli you could set proxy.
ng serve --proxy-config proxy.conf.json
sample of proxy.conf.json
{
"/api": {
"target": "http://localhost:3000",
"secure": false
}
}
Or local development use
https://chrome.google.com/webstore/detail/allow-control-allow-origi/nlfbmbojpeacfghkpbjhddihlkkiljbi
Trying out Content Security Policy and using the Report Only method and the data is sending a POST (See edits, supposed to be POST, but Request Headers say GET) to my page which I then use to email myself. In the browser developer tools I can see the data in the Request Payload, but I don't know how to access this scope. The FORM scope is empty and the GetHttpRequestData() doesn't show a Payload key.
How do I access the data in the Request Payload in ColdFusion?
EDIT: In the dev tools I can see in the network tab a POST to the page with 4 sections: General, Response Headers, Request Headers and Request Payload. I need to access the Request Payload data.
Request Headers:
GET /campuses/content-report/ HTTP/1.1
Host: domain.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.130 Safari/537.36
Accept: */*
Referer: http://domain.com/page/
Accept-Encoding: gzip, deflate, sdch
Accept-Language: en-US,en;q=0.8
Cookie: **[Removed]**
Request Payload:
{
"csp-report":{
"document-uri":"http://domain.com/page/",
"referrer":"http://domain.com/",
"violated-directive":"default-src 'self' 'sha256-L2Tc50iUaBz2udc-dnkwO-FKzrsl5cLnzkFu5LgX5ao=' https://stats.g.doubleclick.net http://netdna.bootstrapcdn.com http://www.google-analytics.com https://www.google.com https://fonts.gstatic.com https://ajax.googleapis.com https://cdn.jsdelivr.net https://maxcdn.bootstrapcdn.com http://www.etutoring.org",
"effective-directive":"img-src",
"original-policy":"default-src 'self' 'sha256-L2Tc50iUaBz2udc-dnkwO-FKzrsl5cLnzkFu5LgX5ao=' https://stats.g.doubleclick.net http://netdna.bootstrapcdn.com http://www.google-analytics.com https://www.google.com https://fonts.gstatic.com https://ajax.googleapis.com https://cdn.jsdelivr.net https://maxcdn.bootstrapcdn.com;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com;script-src 'self' https://www.google-analytics.com https://ajax.googleapis.com https://cdn.jsdelivr.net 'nonce-3E89EBDB49F712C7D90D1B39E348BBBF';report-uri /campuses/content-report;",
"blocked-uri":"https://www.google-analytics.com",
"status-code":200
}
}
GetHttpRequestData contains Request Headers but not Request Payload. I did notice that the website I read said the Security policy would send the data via POST but the Headers say GET. Would that cause the issue? Should they be in the URL scope? Not at my machine at the moment.
So I was looking in the right spot, GetHttpRequestData but what I didn't realize was I setup the url to not have a trailing slash and my IIS Rewrite rules was redirecting to the / version of the page and the header data was being lost in the process.
now I am using play framework 2.3, how to share cookie on cors (cross domain)
i have play application on port localhost:9000 and i want to share cookies to my client running on localhost:5000
client cannt get the cookies
i try with this in play framework app:
response().setCookie(AUTH_TOKEN, authToken); //with setting on application.conf (session.domain="http://localhost:5000") cookies sent but cannt read by javascipt /failed
response().setCookie(AUTH_TOKEN, authToken,10000,"localhost:5000","/"); //fail
response().setCookie(AUTH_TOKEN, authToken,10000,"127.0.0.1:5000","/*"); //fail
response().setCookie(AUTH_TOKEN, authToken,10000,"127.0.0.1:5000","/*"); //fail
and this is response on chrome :
Remote Address:127.0.0.1:9000
Request URL:http://localhost:9000/common/login
Request Method:POST
Status Code:200 OK
Request Headersview source
Accept:application/json, text/javascript, */*; q=0.01
Accept-Encoding:gzip,deflate,sdch
Accept-Language:en-US,en;q=0.8,id;q=0.6,ms;q=0.4
Connection:keep-alive
Content-Length:33
Content-Type:application/x-www-form-urlencoded; charset=UTF-8
Host:localhost:9000
Origin:http://localhost:5000
Referer:http://localhost:5000/index-login.html
User-Agent:Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
Form Dataview sourceview URL encoded
username:adilramdan
password:1234
Response Headersview source
Access-Control-Allow-Headers:X-Requested-With, Content-Type, X-AUTH-TOKEN
Access-Control-Allow-Origin:*
Content-Length:52
Content-Type:application/json; charset=utf-8
Set-Cookie:authToken=8cd7d5cc-600a-42a0-ab79-d7ff2b4f71b0; Expires=Tue, 15 Jul 2014 02:30:09 GMT; Path=/
<------COOKIES IS AVAILABLE ON RESPONSE SERVER BUT JAVA SCRIPT CLIENT SAY NO COOKIES FOUND
how the right way?
any one can help me?
You may need to use the Access-Control-Allow-Credentials header. If you are using AJAX/JQuery you must set
withCredentials = true
In your request. The server must also respond with header
Access-Control-Allow-Credentials: true
Note that if you do this you must specify a value for Access-Control-Allow-Origin. The browser will not accept Access-Control-Allow-Credentials header while Access-Control-Allow-Origin is a wildcard.
See the resources here:
https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS#Access-Control-Allow-Credentials
http://www.html5rocks.com/en/tutorials/cors/
I am trying to invoke the service which was in another domain from the javascript itself. I could able to request the cross domain service . But I cant retrieve the information from the service. Some how I have been blocked by the same origin policy. Please help me to find the errors in the code.
My Client side Javascript Code :
var requestJsonData;
function crossDomainCall(){ ** It will be called by button click **
requestJsonData = createCORSRequest('POST', 'IPAddress/servicePath');
if (requestJsonData){
requestJsonData.onreadystatechange = handler;
requestJsonData.send();
}
else {
alert('Cross Domain Call is not invoked');
}
}
function handler(evtXHR) {
if(requestJsonData.readyState == 4) {
if(requestJsonData.status == 200) {
var response = requestJsonData.responseText;
}
else {
alert(" Invocation Errors Occured " + requestJsonData.readyState + " and the status is " + requestJsonData.status);
}
}
else {
alert("currently the application is at " + requestJsonData.readyState);
}
}
function createCORSRequest(method, url){
var xhr;
xhr = new XMLHttpRequest();
if ("withCredentials" in xhr){
xhr.open(method, url, true);
xhr.setRequestHeader('X-PINGOTHER', 'pingpong');
} else if (typeof XDomainRequest != "undefined"){
xhr = new XDomainRequest();
xhr.open(method, url);
} else {
xhr = null;
}
return xhr;
}
Service code :
#OPTIONS
#Path("/servicePath")
#Produces("*/*")
#Consumes("*/*")
public Response corsRequest() {
Response response = null;
ResponseBuilder builder = null;
builder = Response.ok();
builder.header("Access-Control-Allow-Headers", "X-PINGOTHER");
builder.header("Access-Control-Max-Age","1728000");
builder.header("Access-Control-Allow-Origin","Origin_Ip_Address");
builder.header("Access-Control-Allow-Methods", "POST, GET, OPTIONS");
builder.header("Content-Type","text/plain");
builder.header("Connection", "Keep-Alive");
response = builder.build();
System.out.println("Exited from Options method");
return response;
}
#POST
#Path("/servicePath")
#Produces("application/json")
public String drawRegions() {
System.out.println("Entered inside Post method");
// Some calculation to arrive jsonObject.
return jsonObject;
}
From the code, I have received the following as a results.
OPTIONS Method Request and Response Headers
Request Headers :
OPTIONS /SolartisGeoCodeLookUpService/Service/drawRegions HTTP/1.1
Host: Cross_Domain_IP_Address
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:25.0) Gecko/20100101 Firefox/25.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Origin: Origin_IP_Address
Access-Control-Request-Method: POST
Access-Control-Request-Headers: x-pingother
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Response Headers
HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Access-Control-Allow-Headers: X-PINGOTHER
Connection: Keep-Alive
access-control-allow-origin: Origin_IP_Address
Access-Control-Max-Age: 1728000
Access-Control-Allow-Methods: POST, GET, OPTIONS
Content-Type: text/plain
Content-Length: 0
Date: Thu, 12 Dec 2013 12:39:27 GMT
Response Cache Header
Response Headers From Cache
Access-Control-Allow-Head... X-PINGOTHER
Access-Control-Allow-Meth... POST, GET, OPTIONS
Access-Control-Max-Age 1728000
Connection Keep-Alive
Content-Length 0
Content-Type text/plain
Date Thu, 12 Dec 2013 12:39:27 GMT
Server Apache-Coyote/1.1
access-control-allow-original Origin_IP_Address
POST Method Request and Response Headers
Request Headers
POST /servicePath HTTP/1.1
Host: crossDomain_IP_Address
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:25.0) Gecko/20100101 Firefox/25.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-PINGOTHER: pingpong
Origin: Origin_IP_Address
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0
Response Headers
HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: text/json
Content-Length: 128
Date: Thu, 12 Dec 2013 12:39:27 GMT
ADDITIONAL INFO
From the javascript two times the handler method has been called. At the First time, It is comeup with "currently the application is at 2" - readyState value. At the Second time, It is comeup with "Invocation Errors Occured 4(readyState value) and status code is 0 (response status code)". The second time response clearly says, invoking the service has been stopped by the same origin policy. But I dont know How to overcome from this problem and have to access the resource. Please help me by correcting my code.
Instead of dealing with X domain calls in javascript, why don't you develop a service local to your application that consumes the web service in the other domain, then you can call you local service from javascript.
I would suggest also, and alternatively, that you use jQuery to perform that Cross Domain Ajax call, see this link: http://www.pureexample.com/jquery/cross-domain-ajax.html.
There is no need to deal with XHR directly since you have jQuery to do it for you.
Hope this helps,
Regards.