I am trying to invoke the service which was in another domain from the javascript itself. I could able to request the cross domain service . But I cant retrieve the information from the service. Some how I have been blocked by the same origin policy. Please help me to find the errors in the code.
My Client side Javascript Code :
var requestJsonData;
function crossDomainCall(){ ** It will be called by button click **
requestJsonData = createCORSRequest('POST', 'IPAddress/servicePath');
if (requestJsonData){
requestJsonData.onreadystatechange = handler;
requestJsonData.send();
}
else {
alert('Cross Domain Call is not invoked');
}
}
function handler(evtXHR) {
if(requestJsonData.readyState == 4) {
if(requestJsonData.status == 200) {
var response = requestJsonData.responseText;
}
else {
alert(" Invocation Errors Occured " + requestJsonData.readyState + " and the status is " + requestJsonData.status);
}
}
else {
alert("currently the application is at " + requestJsonData.readyState);
}
}
function createCORSRequest(method, url){
var xhr;
xhr = new XMLHttpRequest();
if ("withCredentials" in xhr){
xhr.open(method, url, true);
xhr.setRequestHeader('X-PINGOTHER', 'pingpong');
} else if (typeof XDomainRequest != "undefined"){
xhr = new XDomainRequest();
xhr.open(method, url);
} else {
xhr = null;
}
return xhr;
}
Service code :
#OPTIONS
#Path("/servicePath")
#Produces("*/*")
#Consumes("*/*")
public Response corsRequest() {
Response response = null;
ResponseBuilder builder = null;
builder = Response.ok();
builder.header("Access-Control-Allow-Headers", "X-PINGOTHER");
builder.header("Access-Control-Max-Age","1728000");
builder.header("Access-Control-Allow-Origin","Origin_Ip_Address");
builder.header("Access-Control-Allow-Methods", "POST, GET, OPTIONS");
builder.header("Content-Type","text/plain");
builder.header("Connection", "Keep-Alive");
response = builder.build();
System.out.println("Exited from Options method");
return response;
}
#POST
#Path("/servicePath")
#Produces("application/json")
public String drawRegions() {
System.out.println("Entered inside Post method");
// Some calculation to arrive jsonObject.
return jsonObject;
}
From the code, I have received the following as a results.
OPTIONS Method Request and Response Headers
Request Headers :
OPTIONS /SolartisGeoCodeLookUpService/Service/drawRegions HTTP/1.1
Host: Cross_Domain_IP_Address
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:25.0) Gecko/20100101 Firefox/25.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Origin: Origin_IP_Address
Access-Control-Request-Method: POST
Access-Control-Request-Headers: x-pingother
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Response Headers
HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Access-Control-Allow-Headers: X-PINGOTHER
Connection: Keep-Alive
access-control-allow-origin: Origin_IP_Address
Access-Control-Max-Age: 1728000
Access-Control-Allow-Methods: POST, GET, OPTIONS
Content-Type: text/plain
Content-Length: 0
Date: Thu, 12 Dec 2013 12:39:27 GMT
Response Cache Header
Response Headers From Cache
Access-Control-Allow-Head... X-PINGOTHER
Access-Control-Allow-Meth... POST, GET, OPTIONS
Access-Control-Max-Age 1728000
Connection Keep-Alive
Content-Length 0
Content-Type text/plain
Date Thu, 12 Dec 2013 12:39:27 GMT
Server Apache-Coyote/1.1
access-control-allow-original Origin_IP_Address
POST Method Request and Response Headers
Request Headers
POST /servicePath HTTP/1.1
Host: crossDomain_IP_Address
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:25.0) Gecko/20100101 Firefox/25.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-PINGOTHER: pingpong
Origin: Origin_IP_Address
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0
Response Headers
HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: text/json
Content-Length: 128
Date: Thu, 12 Dec 2013 12:39:27 GMT
ADDITIONAL INFO
From the javascript two times the handler method has been called. At the First time, It is comeup with "currently the application is at 2" - readyState value. At the Second time, It is comeup with "Invocation Errors Occured 4(readyState value) and status code is 0 (response status code)". The second time response clearly says, invoking the service has been stopped by the same origin policy. But I dont know How to overcome from this problem and have to access the resource. Please help me by correcting my code.
Instead of dealing with X domain calls in javascript, why don't you develop a service local to your application that consumes the web service in the other domain, then you can call you local service from javascript.
I would suggest also, and alternatively, that you use jQuery to perform that Cross Domain Ajax call, see this link: http://www.pureexample.com/jquery/cross-domain-ajax.html.
There is no need to deal with XHR directly since you have jQuery to do it for you.
Hope this helps,
Regards.
Related
I have an application where I am trying to send a post request with an added header.
resp=make_response(redirect(returnFilter(request.args,forms)))
resp.headers.add('foo','foo')
return resp
the returnFilter function is a custom function to make a link for the redirect and that works fine. I added a breakpoint at return resp to make sure it was adding the header after I noticed the problem and it does.
I caught the request it would send and it confirmed it did not actually add the header but I do not know why.
You are adding the foo: foo header to the response headers, but it looks like your screenshot is from request headers, did you look at the correct headers?
Some example code i wrote to test headers.add(...) method:
from flask import Flask, redirect, url_for, make_response
app = Flask(__name__)
#app.get('/')
def index():
return 'Hello'
#app.get('/header-test')
def header_test():
response = make_response(redirect(url_for('index')))
response.headers.add('foo', 'foo')
return response
app.run()
Request headers:
GET /header-test HTTP/1.1
Host: 127.0.0.1:5000
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: fi-FI,fi;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
Response headers:
HTTP/1.1 302 FOUND
Server: Werkzeug/2.1.1 Python/3.10.4
Date: Mon, 02 May 2022 00:53:07 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 208
Location: /
foo: foo
As you can see foo: foo is there in response headers just like it should be.
Consider this view that generates an ico image:
from django.http import HttpResponse
from app.somewhere import Favicon
# View URL: `/<str:colour>.ico`
def favicon( request, colour ):
response = HttpResponse(
Favicon.render( colour ),
status=200
)
response['Content-Type'] = 'image/x-icon'
response['Cache-Control'] = 'public, max-age=31536000'
return response
Favicon.render() returns a valid byte stream, do not pay any attention on that.
Here is a link element in head of my HTML document:
<link rel=icon href=/7f9fa4.ico>
Now comes the question: why each time I reload the page, my browser, Chromium 73, makes a request to /7f9fa4.ico, instead of retrieving the icon from cache? If I will open /7f9fa4.ico in a new tab, first time request to the server would be sent, further my browser will retrieve an image from cache; now tell me what's wrong with the browser-caching system.
Here is a request (cookies and preferences are omitted):
GET /7f9fa4.ico HTTP/1.1
Host: localhost:8000
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36
Referer: http://localhost:8000/
And these are response headers:
HTTP/1.1 200 OK
Date: Mon, 03 Jun 2019 07:03:58 GMT
Server: WSGIServer/0.2 CPython/3.6.8
Content-Type: image/x-icon
Cache-Control: public, max-age=31536000
X-Frame-Options: SAMEORIGIN
Content-Length: 196
Console output (if it somehow could help):
[05/Jun/2019 09:17:42] "GET /7f9fa4.ico HTTP/1.1" 200 196
Also, if I will remove link element from head, browser will make requests to /favicon.ico (which in my case just mirrors /ffffff.ico) each time I reload the page with the same effect.
What you may find is that this request is being made to validate the cached content. I noticed that the request you sent to the server has Cache-Control: no-cache and Pragma: no-cache.
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cache-Control#Cacheability
no-cache
Forces caches to submit the request to the origin server for validation before releasing a cached copy.
So it forces caches to submit the request for validation.
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Pragma#Directives
no-cache
Same as Cache-Control: no-cache. Forces caches to submit the request to the origin server for validation before releasing a cached copy.
These state that the browser would be expected to send a request to your server for "validation" before it uses the cache icon.
I have an API name loginUser, which generates the authorization Token, that is to be passed in other subsequent APIs.
Below is the response:-
HTTP/1.1 200 OK
Date: Sat, 10 Nov 2018 07:08:45 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 71
Connection: keep-alive
Server: nginx/1.10.3 (Ubuntu)
X-Powered-By: Express
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: date, authorization, x-powered-by, connection, server, access-control-allow-origin, content-type, content-length, x-final-url
authorization: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VySWQiOiIyYmEyYjc1My03NWEwLTQxNGYtYWFiOC0zZGY1M2I4YmIwMDEiLCJpc0Nvb2siOnRydWUsImlhdCI6MTU0MTgzMzcyNX0.3FRVpHm4EF2Ahzzy-OjbZ2EeZto6-hSFKHNtG5wcjBs
Where I want to fetch the authorization.
I'm using Regular Expression Extractor, but it is throwing below error (URISyntaxException: illegal character in the path)
Snapshots:-
Step_1
Step_4
I have seen couple of queries related to this Error but not in Jmeter,
And i tried using % also, to get rid out of this error, but that didn't work out.
Thanks in advance.
Authorization is sent/receive in headers,
Change Step 2, Field to check should be Response Headers to get the value
I'm trying to implement an app with access to google drive in beast boost C++ usingoauth2 authentication.
https://developers.google.com/identity/protocols/OAuth2ForDevices
I try to get the user code in Postman with the following POST request:
POST /o/oauth2/device/code HTTP/1.1
Host: accounts.google.com
Content-Type: application/x-www-form-urlencoded
Cache-Control: no-cache
scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fdrive.file&client_id=610490019085-l1v2mv7lv95lu7cr111vbtqmp1bigv42.apps.googleusercontent.com
And it works perfectly fine, returning:
{
"verification_url": "https://www.google.com/device",
"expires_in": 1800,
"interval": 5,
"device_code": "AH-1Ng0IgBnIXIUeltwDoL7AwNExNTT0rozdxD5FMnP8dip4DaDi8_XtzK2aVT92YKYmYa7KWqHRVqw5AmJCDtalzK3k6pvbFw",
"user_code": "LWZY-BDXD"
}
Now I want to do the same request in C++ using boost, with the following code snippet for the request:
http::request<http::string_body> req{http::verb::post, "/o/oauth2/device/code", 11};
req.set(http::field::host, "accounts.google.com");
req.set("Cache-Control", "no-cache");
req.set(http::field::content_type, "application/x-www-form-urlencoded");
req.body() = "scope=https://www.googleapis.com/auth/drive.file&client_id=610490019085-l1v2mv7lv95lu7cr111vbtqmp1bigv42.apps.googleusercontent.com";
req.prepare_payload();
This one returns:
HTTP/1.0 307 Temporary Redirect
Content-Type: text/html; charset=UTF-8
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Mon, 14 May 2018 11:06:01 GMT
Location: https://accounts.google.com/o/oauth2/device/code
Content-Length: 232
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Server: GSE
<HTML>
<HEAD>
<TITLE>Temporary Redirect</TITLE>
</HEAD>
<BODY BGCOLOR="#FFFFFF" TEXT="#000000">
<H1>Temporary Redirect</H1>
The document has moved here.
</BODY>
</HTML>
Any ideas how I can get the JSON returned as with Postman?
Thank You!
Beast is a low-level protocol library, it doesn't know anything about resolving domain names or connecting sockets. It doesn't even know about TCP/IP, just how to serialize and deserialize HTTP/1 messages over objects which meet Asio's stream concept requirements (examples: SyncReadStream, or AsyncWriteStream). You have to handle redirects yourself. If you get a redirect response, extract the Location field value and parse the URI, resolve the domain, and then issue another GET request for the specified resource.
It is my hope that other folks (maybe you?) will build on top of beast and provide higher-level functionality like this in the form of open source libraries.
I am using POCO 1.7.8 to write a HTTP server. Problem is when using gzip for deflating the response data:
std::string content = "HELLO WORLD, THIS IS LONGISH STRING THAT IS CUT";
response->set("Content-Encoding", "gzip");
std::ostream& responseStream = response->send();
Poco::DeflatingOutputStream deflater(responseStream, Poco::DeflatingStreamBuf::STREAM_GZIP);
deflater << content;
deflater.close();
Response for the client is:
HELLO WORLD, THIS IS LONGISH STRING
Response headers:
Access-Control-Allow-Headers: origin, x-csrftoken, content-type, accept
Access-Control-Allow-Methods:POST, GET, OPTIONS
Access-Control-Allow-Origin: *
Access-Control-Max-Age: 86400
Connection: Close
Content-Encoding: gzip
Content-Language: en
Content-Length: 45
Content-Type: text/plain
Date: Tue, 09 Jan 2018 07:52:17 GMT
If I change this to use ZLIB and set the Content-Encoding to deflate, the whole response is correctly returned from the server:
std::string content = "HELLO WORLD, THIS IS LONGISH STRING THAT IS CUT";
response->set("Content-Encoding", "deflate");
std::ostream& responseStream = response->send();
Poco::DeflatingOutputStream deflater(responseStream, Poco::DeflatingStreamBuf::STREAM_ZLIB);
deflater << content;
deflater.close();
Response for the client is:
HELLO WORLD, THIS IS LONGISH STRING THAT IS CUT
Response headers:
Access-Control-Allow-Headers: origin, x-csrftoken, content-type, accept
Access-Control-Allow-Methods: POST, GET, OPTIONS
Access-Control-Allow-Origin: *
Access-Control-Max-Age: 86400
Connection: Close
Content-Encoding: deflate
Content-Language: en
Content-Length: 45
Content-Type: text/plain
Date: Tue, 09 Jan 2018 08:07:36 GMT
I tried to find examples how this should be done in the POCO server but couldn't find any and I am a bit stuck now with this. Any help is appreciated!
Are you sure you're setting the Content-Length header correctly for your compressed response? Alternatively try enabling chunked transfer encoding before calling send().
response->setChunkedTransferEncoding(true);