I was using uploadify v2.1.4 for my coldfusion upload multiple files. It worked well in IE 9 but occured an error http 302 in firefox 5
$('#uploadfile').uploadify({
'uploader' : 'uploadify.swf',
'script' : './upload.cfm',
'cancelImg' : 'cancel.png',
'auto' : true,
'multi' : true,
'onError' : function(a, b, c, d) {
alert("Event: "+a+", QueueID: "+b+" FileInfo: "+c.name+", "+c.size+", "+c.creationDate+", "+c.modificationDate+", "+c.type+" Error: "+d.type+", "+d.info);
}
});
and my upload.cfm
<cfscript>
thisPath = ExpandPath("*.*");
thisDirectory = GetDirectoryFromPath(thisPath);
FileDir = thisDirectory & "uploads/";
</cfscript>
<cffile action="upload" filefield="fileData" destination = "#FileDir#" nameconflict="makeunique" mode="777">
When you're using uploadify, it will send a request from the flash player to the upload.cfm file. Unfortunately, it doesn't always send the session details to the upload.cfm file, so if you have any sort of authentication that could be blocking the request, then you'll get an error.
Verify that you don't have any authentication mechanisms in front of your upload file (and that you're not doing a cflocation, as Jason mentioned). If you do, then you'll either need to manually pass authentication credentials to your upload form, or remove the authentication requirements from that file. I usually use the scriptData property for Uploadify to send the details along to my upload script.
Related
The intention is not to resolve CAPTCHA automatically. Every user of my site will have to resolve the CAPTCHA.
The intention is to use free data from another site. These data are public and free, but to avoid massive requests, they are protected with CAPTCHA.
This is what I've done but doesn't work:
Create a proxy.php that manage and forward the requests to the original site.
Copy all headers from the original request (request of the CAPTCHA) and add them to the proxy. So, this is the form to resolve the CAPTCHA:
xxx is my site, example.com is the site that I want to resolve captcha and get data:
<img id="imgCaptcha" src="https://xxx/proxy.php?curl=https://example.com/Captcha&type=image&lang=it" style="width:200px;">
<input type="text" id="captcha">
<button type="button" id="btn_resolve">Resolve</button>
On button click, send the input text and check if it is resolved:
xxx is my site, example.com is the site that I want to resolve captcha and get data:
$('#btn_resolve').on('click',function(e) {
e.preventDefault();
var captcha = $('#captcha').val();
$.get('https://xxx/proxy.php?https://example.com/Captcha&type=check&captcha='+captcha, function(data, status) {
alert(JSON.stringify(data));
});
});
The result is always {"result":false,"token":"","message":null}
I think that the problem is with JSESSIONID cookie that I set in the proxy.php, but seems filtered out from Chrome with this motivation: "This cookie was blocked because its path was not an exact match for or a superdirectory of the request url's path".
Honestly I've got not clear if I can do this and how to do this: it seems that last versions of Chrome blocked some coockies. How can I do this with PHP CURL bypassing Chrome filters?
I resolved it adding all needed cookies in proxy.php file.
Proxy.php forward the request using curl.
This is a good starting point for a cross domain proxy in PHP that uses CURL commands
PHP CORS Proxy by softius
Then you can read JSESSIONID from after requesting the CAPTCHA image, and forward it to the proxy and add it and the others to the request:
header('Set-Cookie: cross-site-cookie=name; SameSite=None; Secure');
header('Set-Cookie: XSRF-TOKEN=XXXXX');
if (isset($_REQUEST['jsessionid'])) {
setcookie("JSESSIONID", NULL, 0, "/");
header('Set-Cookie: JSESSIONID='.$_REQUEST['jsessionid']);
}
I've got a PATCH request that looks like this:
{{host}}/api/invoice/12345678/withdraw
host is a variable determining the environment.
For this request I need to add a unique authorization token.
The problem is I need to send dozens of such requests. Two things change for each request:
id of invoice (for this case is '12345678')
auth token (herebetoken1).
How can I automate it?
You can use Postman Runner for your problem. In Runner, you can send specified requests in specified iterations and delay with data (json or csv file).
For more info, I suggest you take a look at the links below.
Importing Data Files in Postman
Using CSV and JSON Data Files
Request:
Runner:
Data: (You can choose one of them)
Json Data: (data.json)
csv Data: (data.csv)
Preview Data in Runner:
Result:
use the below pre-request script , and call replace id in url and auth in authorization with {{id}} and {{token}} variables . Use collection runner to execute it .
Replace the hashmap with what you requires
hashmap = {
"1234": "authtoken1",
"2222": "authtoken2"
}
pm.variables.get("count") === undefined ? pm.variables.set("count", 0) : null
let keyval = Object.entries(hashmap)
let count = pm.variables.get("count")
if (count < keyval.length) {
pm.variables.set("id", keyval[pm.variables.get("count")][0])
pm.variables.set("token", keyval[pm.variables.get("count")][1])
pm.variables.set("count", ++count)
keyval.length===count? null:postman.setNextRequest(pm.info.requestName)
}
Example collection:
https://www.getpostman.com/collections/43deac65a6de60ac46b3 , click inport and import by link
I am trying to build an application using VueJS and Django. I am also using Graphene-Django library, as the project utilize GraphQL.
Now, The authentication works fine and i get a JWT Token back.
But when i use the token for other queries that need authentication, i got this error in Vue:
"Error decoding signature"
and the Django Log also returns this:
graphql.error.located_error.GraphQLLocatedError: Error decoding signature
jwt.exceptions.DecodeError: Not enough segments
ValueError: not enough values to unpack (expected 2, got 1)
the bizarre thing is that the same query when executed in Postman just works fine.
As i mentioned in the title is use Axios for my requests, here's an example of a request:
axios({
method: "POST",
headers: { Authorization: "JWT " + localStorage.getItem("token") },
data: {
query: `{
dailyAppoint (today: "${today}") {
id
dateTime
}
}`
}
});
Note: It uses 'JWT' not 'Bearer' because somehow 'Bearer' didn't work for me.
Ok, couple of questions, does you API work without Vue.js from curl. Generate token, check API from curl.
If it does, then check the Headers sent from the request, from Network Inspector, mozilla dev tools/chrome devtools. And update your Post with those RAW Headers.
This particular error arises when your public key is unable to decode the string[token] signed by your private key. Which ultimately means the access token has been tampered with. It could also mean you're sending values like 'unkown'-- JS state initialization error.
Check the RAW headers of the request. It'll help.
Use a request interceptor to set the Authorization header:
axios.interceptors.request.use(config => {
if (localStorage.getItem("token") != null)
config.headers["Authorization"] = "JWT " + localStorage.getItem("token");
return config;
});
I am developing an application that needs to send files to Google Cloud Storage.
The webapp will have a HTML page that the user choose files to do upload.
The user do not have Google Account.
The amount files to send is 5 or less.
I do not want to send files to GAE and GAE send to GCS. I would like that my user to do upload directly to GCS.
I did this code for upload:
function sentStorage() {
var file = document.getElementById("myFile").files[0];
url = 'https://www.googleapis.com/upload/storage/v1/b/XXX/o?uploadType=resumable&name=' + file.name;
xhr = new XMLHttpRequest();
var token = 'ya29.XXXXXXXXXXXXXXX';
xhr.open('POST', url);
xhr.setRequestHeader('Content-Type', file.type);
// resumable
//url = 'https://www.googleapis.com/upload/storage/v1/b/XXXXXX/o?uploadType=resumable&name=' + file.name;
//xhr.setRequestHeader('Content-Type', 'application/json; charset=UTF-8');
//xhr.setRequestHeader('Content-Length', file.size);
xhr.setRequestHeader('x-goog-project-id', 'XXXXXXXXXX');
xhr.setRequestHeader('Authorization', 'Bearer ' + token);
xhr.send(file);
xhr.onreadystatechange = function () {
if (xhr.readyState === 4) {
var response = JSON.parse(xhr.responseText);
if (xhr.status === 200) {
alert('codigo 200');
} else {
var message = 'Error: ' + response.error.message;
console.log(message);
alert(message);
}
}
};
}
I get a serviceaccount information (Google Console) and generate a token Bearer for it. I used a python file that read the "json account information" and generate the token.
My requisit is that user do not need to confirm any Google Account information for send files, this obligation is from my application. (Users do not have Google Account) and the html page send the files directly to GCS without send to GAE or GCE, so, I need to use HTML form or Javascript. I prefer Javascript.
Only users of this application can do upload (the application has an authentication with database), so, anonymous user can not do it.
My questions are:
This token will expire? I used a serviceaccount for generate this token.
There is a better api javascript to do it?
This security solution is better or I should use a different approach?
Sending either a refresh or an access token to an untrusted end user is very dangerous. The bearer of an access token has complete authority to act as the associated account (within the scope used to generate it) until the access token expires a few minutes later. You don't want to do that.
There are a few good alternatives. The easiest way is to create exactly the upload request you want, then sign the URL for that request using the private key of a service account. That signed URL, which will be valid for a few minutes, could then be used to upload a single object. You'll need to sign the URL on the server side before giving it to the customer. Here's the documentation on signed URLs: https://cloud.google.com/storage/docs/access-control/signed-urls
I am trying to Post and get a cookie. I am a newbie and this is a learning project for me. My impression is that if you use 'set-cookie' one should be able to see an additional 'set-cookie' in the .toSource. (I am trying to accomplish this on Google Apps Site if that makes a difference.) Am I missing something? Here is my code:
function setGetCookies() {
var payload = {'set-cookie' : 'test'};
var opt2 = {'headers':payload, "method":"post"};
UrlFetchApp.fetch("https://sites.google.com/a/example.com/blacksmith", opt2);
var response = UrlFetchApp.fetch("https://sites.google.com/a/example.com/blacksmith")
var openId = response.getAllHeaders().toSource();
Logger.log(openId)
var AllHeaders = response.getAllHeaders();
for (var prop in AllHeaders) {
if (prop.toLowerCase() == "set-cookie") {
// if there's only one cookie, convert it into an array:
var myArray = [];
if ( Array.isArray(AllHeaders[prop]) ) {
myArray=AllHeaders[prop];
} else {
myArray[0]=AllHeaders[prop];
}
// now process the cookies
myArray.forEach(function(cookie) {
Logger.log(cookie);
});
break;
}
}
}
Thanks in advance! I referenced this to develop the code: Cookie handling in Google Apps Script - How to send cookies in header?
Open to any advice.
When you aren't logged in Google Sites won't set any cookies in the response. UrlFetchApp doesn't pass along your Google cookies, so it will behave as if you are logged out.
First the cookie you want to send whose name is 'test' does not have a value. You should send 'test=somevalue'.
Second I am wondering if you are trying to send the cookie to the googlesite server and ask it to reply with the same cookie you previously sent... ?
I am thinking you are trying to act as a HTTP server beside you are a HTTP client.
As a HTTP client your role is only to send back any cookies that the HTTP server have previously sent to you (respecting the domain, expiration... params).