running django locally and with firefox, i login with http://localhost:8000/admin/ and after that i can access http://localhost:8000/myCustomApi successfully.
on insomnia every time i login with http://localhost:8000/admin/ i get {"code": "csrf", "reason": "CSRF cookie not set."} on the response. i tried this but didn't work. is there any tutorial to what should i do?
Install this plugin: https://insomnia.rest/plugins/insomnia-plugin-default-headers
Click on your environment and then on "Manage Environments"
3. In your environment, add a new env var:
{
"DEFAULT_HEADERS": {
"X-CSRFToken": "wSYUpsSIkXxjA8wBiojsCU7YgJGYySGFWiDHNoGhEpCWGxoIyNfIvw7hr2Au1a9J"
}
}
Replace the value with one you can find in your browser.
Now, that was for sending data to forms. If you need to make a request while being loggued, click on Cookies and add a new cookie with a name sessionid and the value that you will find in your browser.
Enjoy
Setting the X-CSRFToken didn't worked for me.
So I tried to "copy" the same request in the Insomnia environment.
In my case, what I did was:
Go to your Browser and do at least one successful request.
Go to Network tab and copy the Request Header with name Cookie.
Go to Insomnia and set this same header with it values.
Try debbugging from Insomnia.
Insomnia:
But if something seems different to you, just keep the same core: copy the request environment from browser to insomnia.
Remember the server can't see difference between an Insomnia client and the Browser if all the headers are the same.
i am playing around with Postman to get some insight on how things work behind the curtain and ran into, what I believe, is an issue but wanted to ask before I create a new issue on GitHub.
I am intercepting the request from my browser to the same site using the Postman Interceptor to use the request values in the native app. I have cookies enabled and the site (the whole domain) whitelisted.
When I use the history to resend the same request that was captured I get an auth error that is caused by the fact that the cookies are not included in the request (found that out by checking the cURL code snippet). I believe the reason for that is, that the cookies are set under another sub domain than that the request is send to.
I will try to include some pictures to clarify. My question here is:
Am I missing something/did I set something up in the wrong way
or is this an issue and I should create an issue in the official Postman Github page
cURL request
Cookies in Postman Native App
you should see if cookie is being send not using code snippet but the console :
its indeed sending cookies ,
Need help on the following questions regarding cookie
I'm developing a standalone jar which access a http site inside the code. When i access the http site will the cookie will be stored in the client machine ??
When the cookie will be saved in client's machine ?
The cookie will be stored only when we access web application via browser or via any library and executing http request
When and how the cookie can be enabled or disabled in a client's machine.
Thanks.
Your java application will need create a cookie store and link it to the HttpClient. For example
CookieStore cookieStore = new BasicCookieStore();
// Populate cookies if needed
BasicClientCookie cookie = new BasicClientCookie("name", "value");
cookie.setDomain(".mycompany.com");
cookie.setPath("/");
cookieStore.addCookie(cookie);
// Set the store
CloseableHttpClient httpclient = HttpClients.custom()
.setDefaultCookieStore(cookieStore)
.build();
Reference: https://hc.apache.org/httpcomponents-client-ga/tutorial/html/statemgmt.html
I am trying to receive data via Autodesk Data Management API. So far I've created an Forge-App and connected it with a BIM360 Integration.
Then I wanted to get a list of all hubs, but when I do so, I receive an JSON-Object which contains a warning:
warnings: [{
"AboutLink":null,
"Detail":""You don't have permission to access this API",
"ErrorCode": "BIM360DM_ERROR",
"HttpStatusCode": "403",
...
}]
I called the webservice via AJAX wich looks like that:
this.getToken(function(token) {
$.ajax({
url: "https://developer.api.autodesk.com/project/v1/hubs",
beforeSend: function(xhr) {
xhr.setRequestHeader("Authorization", "Bearer "+token);
}
}).done(...);
The token is a 3-legged one. I am not sure which API I do not have permission for because I am pretty sure, that I have permission for BIM360.(I created the Integration as an administrator).
In addition to was ZHong mentioned, I would suggest you try this sample. It will ask you to provision your Forge Client ID under your BIM 360 settings, just follow the steps that the app will present.
On both 2- or 3-legged, the app accessing the data (Forge Client ID) needs authorization from the account admin. Without that, the Hubs endpoint will not return your BIM 360 hub, and inside that, the sample applies for Projects endpoint.
Does everything else work fine? For example, can you get all the hubs successfully? I just verified on my side, and I can see the response including the same warning as you mentioned, but the hubs are listed correctly, and you can get the projects/items/versions without problem. I pasted my postman response as follow.
If you check the blog https://forge.autodesk.com/blog/tutorial-using-curl-3-legged-authentication-bim-360-docs-upload, it also has the same warning, but seems no impact to the following operation. I am not exactly sure what the warning means, l will check and update the details, but so far, it seems you can ignore it for now.
I'm using Amazon SNS. Notifications work well, but sometimes I get this error:
{
"message": "Endpoint is disabled",
"code": "EndpointDisabled",
"name": "EndpointDisabled",
"statusCode": 400,
"retryable": false
}
Maybe you know why.
You can create a new SNS topic such as push-notification-failures and then associate your APNS/APNS_SANDBOX applications' "Delivery Failures" event to it. Subscribe to the event via email (and confirm) and you'll get useful debugging information about failures. This can all be accomplished through the SNS console and doesn't require API calls to perform.
It is probably worth it to subscribe an HTTP endpoint to this SNS topic and record all delivery failures so you have historical data to work from and debug production issues.
For example a delivery FailureMessage of "Platform token associated with the endpoint is not valid" means that you're sending a message from APNS_SANDBOX to an APNS registered device or vice versa. This can mean that you have the wrong APNS settings for your build system. (We have a frustrating problem of developer built binaries using APNS_SANDBOX vs. TestFlight built binaries using APNS for local testing and QA which is what led me down this path.)
I have found 3 reasons so far:
Sometimes we mixed tokens from sandbox app.
User turn off notifications in phone settings.
User uninstalled the app.
These are regarding Iphons/Ipads.
There are few reasons why an end point can be disabled. I didn't see it documented anywhere (might have missed it), here's what I got from support:
You push to an endpoint but the token is invalid/expired. Tokens become invalid if:
It belongs to an app that is no more installed on the device.
If device has been restored from backup. This renders token invalid and your app should request a new token and update SNS endpoint token accordingly.
App has been re-installed on the same device. In case of Android, the app is assigned a new token. This happens as well with APNs but more often with Android.
In case of APNs, a wrong provisioning profile is selected in xCode. In this case notifications fail and device becomes disabled later after APNs feedback.
If mistakenly use a token for IOS development to IOS production app and vice versa.
If Apple for any reason invalidates your IOS push cert or someone revokes the push cert from itunes connect portal. This takes a few hours before device gets disabled.
Same with GCM if you update API key from Google developer console without updating the Platform application credentials in SNS.
You push to an APNs device endpoint but application has been disabled due to expired push certificate.
You push to GCM device endpoint however API key has been updated in Google developer console but not the SNS platform application credentials accordingly.
For Details, I recommend this excellent article which solves my problem
According to http://docs.aws.amazon.com/sns/latest/APIReference/API_Publish.html that means that the endpoint is disabled.
From http://docs.aws.amazon.com/AWSJavaSDK/latest/javadoc/com/amazonaws/services/sns/model/SetEndpointAttributesRequest.html:
Enabled -- flag that enables/disables delivery to the endpoint. Message Processor will set this to false when a notification service indicates to SNS that the endpoint is invalid. Users can set it back to true, typically after updating Token.
"notification service" in this case is referring to Google's GCM, Apples APNS or Amazon's ADM.
I had the same issue.
This is what I did:
export the FULL CERTIFICATE from Keychain Access to a .p12 file
export the PRIVATE KEY from Keychange Access to a *private.p12 file
use openssl with the downloaded .cer file (from iOS Developer MemberCenter) to create a public .pem certificate
use openssl with the generated *private.p12 file to create a private .pem keyfile
In AWS SNS create a new Application. Give it a name. Choose Apple Development.
Choose the FULL CERTIFICATE from Keychain Access with a .p12 extension, and type in the passphrase you chose when exporting from Keychain Access
Copy the content of the public CERTIFICATE .pem file, to the textarea labelled "Certificate", including the starting and ending lines:
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
Copy only the part of the private key .pem file starting and ending with the following lines, to the textarea labelled "Private Key":
-----BEGIN RSA PRIVATE KEY-----
-----END RSA PRIVATE KEY-----
I use Cordova with phonegap-plugin-push 1.4.4, but it my issue had nothing to do with phonecap. Apart from a bit of confusion about the above, what finally did the trick for me, was to open up my project in XCode, find the Target for my project, and then enable Push Notifications. This automatically adds the "Push Notifications" entitlement to the app ID.. The next time the app is installed on your device, push notification should work. At least it did for me.
I hope this can save someone experiencing the same issue as me a 1/2 day of work! :)
Quick checklist before taking drastic measures:
Generate the Certificate Signing Request (CSR) using Keychain App.
Export the APNS certificate and its private key into a single p12 file using Keychain App.
When you create a new application in Amazon SNS, the platform must match the APNS environment (Development/Production on both sides).
When you request a device token, you must be in the right application (the application's bundle identifier matches the APNS certificate).
When you create a new platform endpoint in AWS SNS, the device token must be added to the right application (the good application certificate and the good Development/Production platform).
In my case I generated the CSR using a third party SSL tool. I obtained a valid certificate from Apple developer portal but without the private key. Then I tried Windows' certificate tool to export without great success. Waste of time. Start your Mac.
Then I used the AmazonMobilePush sample app to get a device token. Because the demo's bundle identifier doesn't match my certificate, the endpoint was invalid. At each SNS sending the endpoint became disabled (false). At the end the cause was obvious, but I still lose precious time.
If you get the error End Point is Disabled, use the code below to enable the endPoint and then Push Notification using Amazon credentials:
*//Enable Device*
var sns = new AmazonSimpleNotificationServiceClient("AwsAccesskeyId", "AwsSecrteAccessKey", RegionEndpoint.USWest1);
Dictionary<string, string> objDictCheckEndpointEnable = new Dictionary<string, string>();
objDictCheckEndpointEnable.Add("Enabled", "False");
sns.SetEndpointAttributes(new SetEndpointAttributesRequest
{
Attributes = objDictCheckEndpointEnable,
EndpointArn = "AwsEndPointArn" //This is Device End Point Arn
});
*//End*
For me, I was getting the "Platform token associated with the endpoint is not valid" because my SNS Platform Application Endpoints were not set up correctly. Specifically, the SNS console was not reading the credentials correctly from my .p12 file even though it contained the correct cert and private key. The solution, based on this post, was to create a second .p12 file that contained the cert and no key. I loaded the credentials from the first .p12 file, and then loaded the credentials second .p12 file. I could see the cert string change when I did so, and afterward I had no problems.
If you are creating a production endpoint, SNS will warn you about mismatched certs, but it does no such checking for development endpoints. The only way you will know that the endpoint is borked is when you get the platform token error.
I sure hope this helps somebody out there, as it drove me to distraction.
I am using this. If the get endpoint response finds the NotFound error, it creates an endpoint (this should never happen, but hell, it's on AWS SNS documentation website).
If that doesn't happen, it means you're getting the info for the endpoint. It can either be ok (tokens match and enabled is true), or the other way around (in which case you need to update it).
- (void)getEndpointDetailsWithResponse:(void(^)(AWSSNSGetEndpointAttributesResponse *response, AWSTask *))handleResponse {
NSString * deviceTokenForAWS = [self deviceTokenForAWS];
AWSSNS *manager = [AWSSNS SNSForKey:#"EUWest1SNS"];
AWSSNSGetEndpointAttributesInput *input = [AWSSNSGetEndpointAttributesInput new];
input.endpointArn = self.endpointArn;
AWSTask *getEndpointAttributesTask = [manager getEndpointAttributes:input];
[getEndpointAttributesTask continueWithBlock:^id(AWSTask *task) {
NSLog(#"%# Error: %#", task.result, task.error);
AWSSNSGetEndpointAttributesResponse *result = task.result;
NSError *error = task.error;
if (error.code == AWSSNSErrorNotFound) {
[self createEndpointWithResponse:^(AWSSNSCreateEndpointResponse *createResponse) {
dispatch_async(dispatch_get_main_queue(), ^{
if (handleResponse != nil) {
handleResponse(result, task);
}
});
}];
} else {
NSLog(#"response for get endpoint attributes : %#", result);
NSString *token = [result.attributes valueForKey:#"Token"];
NSString *enabled = [result.attributes valueForKey:#"Enabled"];
NSLog(#"token : %#, enabled : %#", token, enabled);
BOOL wasSuccessful = [token isEqualToString:deviceTokenForAWS] && ([enabled localizedCaseInsensitiveCompare:#"true"] == NSOrderedSame);
if (!wasSuccessful) {
NSLog(#"device token does not match the AWS token OR it is disabled!");
NSLog(#"Need to update the endpoint");
AWSSNSSetEndpointAttributesInput *seai = [AWSSNSSetEndpointAttributesInput new];
seai.endpointArn = self.endpointArn;
NSDictionary *attributes = [NSDictionary dictionaryWithObjectsAndKeys:deviceTokenForAWS, #"Token", #"true", #"Enabled", nil];
seai.attributes = attributes;
AWSTask *setEndpointAttributesTask = [manager setEndpointAttributes:seai];
[setEndpointAttributesTask continueWithBlock:^id(AWSTask *task) {
NSLog(#"response : %#, error: %#", task.result, task.error);
dispatch_async(dispatch_get_main_queue(), ^{
if (handleResponse != nil) {
handleResponse(result, task);
}
});
return nil;
}];
} else {
NSLog(#"all is good with the endpoint");
dispatch_async(dispatch_get_main_queue(), ^{
if (handleResponse != nil) {
handleResponse(result, task);
}
});
}
}
return nil;
}];
}
This is the exact replica of the AWS SNS token management documentation found here: https://mobile.awsblog.com/post/Tx223MJB0XKV9RU/Mobile-token-management-with-Amazon-SNS
I can attach the rest of my implementation if needed, but this part is the most important one.