When the following http request is sent, the body part is automatically base64 decoded by Struts2.
For security reasons (e.g. S2-046), I want to stop automatically base64 decoding.
Is it possible to set this in Struts2?
POST /test.jsp HTTP/1.0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Geck Chrome/85.0.4183.102 Safari/537.36
Accept-Encoding: gzip, deflate
Accept: */*
Content-Type: multipart/form-data; boundary=---------------------------123456789012345678901234567
Content-Length: 1644
Connection: Keep-Alive
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0xMjM0NTY3ODkwMTIzNDU2Nzg5MDEyMzQ1NjcKQ29udGVudC1EaXNwb3NpdGlvbjogZm9ybS1kYXRhOyBuYW1lPSJmb28iOyBmaWxlbmFtZT0ieHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHgiCkNvbnRlbnQtVHlwZTogdGV4dC9wbGFpbgoKeAotLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLTEyMzQ1Njc4OTAxMjM0NTY3ODkwMTIzNDU2Ny0t
Related
I'm trying to use fetch with a ReadableStream. In this example, the ReadableStream should simply repeat "Some data..." indefinitely.
fetch('/', {
method: 'POST',
body: new ReadableStream({
pull: function(controller) {
console.log('pull called!');
controller.enqueue('Some data...');
}
})
});
This doesn't work. While pull is executed once, no data is sent in the request body.
POST / HTTP/1.1
Host: example.com
Connection: keep-alive
Content-Length: 0
Origin: https://example.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.99 Safari/537.36
Accept: */*
Referer: https://example.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.8
How can I make a ReadableStream (or any kind of stream where I can write dynamic data) usable with fetch?
Alternatively, if this isn't yet possible, could you please indicate this? Thank you.
Note: This is a more specific spin-off question from: Method for streaming data from browser to server via HTTP
We're working on making this work, see https://github.com/whatwg/fetch/pull/425 for the PR to the Fetch Standard. Once that is done you can expect this to make its way into browsers (slowly).
I want to serve up static content from my /Content/ folder. Initially I received a 404 error so added the mime type to my WebConfig like so:
<staticContent>
<mimeMap fileExtension=".markdown" mimeType="text/x-markdown" />
</staticContent>
Now I can access this content via direct URL (i.e. see it in my browser) but when I use ajax (AngularJS to be specific) for the request (the URL is exactly the same) I receive a 400 Bad Request error.
What is happening here?
The URL is /content/help/schedules.markdown and I use the following code to request it
return $http({
method: 'GET',
url: '/content/help/schedules.markdown'
})
Edit
I tried to request the data using jQuery and it worked! So apparently its only Angular that is causing a problem!
$.get("/content/help/schedules.markdown",function(yo){console.log(yo)});
Edit 2 - Headers
AngularJS request headers:
Accept:application/json, text/plain, / Accept-Encoding:gzip,
deflate, sdch Accept-Language:en-GB,en-US;q=0.8,en;q=0.6
Cache-Control:no-cache Connection:keep-alive
Cookie:csrftoken=Q53T7sBOlAgpNSGh7QJ43LSy1CzUPdmV;
auth=Z3Vlc3Q6Z3Vlc3Q%3D; __ngDebug=true;
__RequestVerificationToken=9ox1j5vvUHDyflvTarxzaLbZumwT0qnWvxT5fXbX1BTwhZwms_tUJe-9Du-r0-SttzuONVd3MeYRpCYCDit5rHzt7v1sK-C9SCsjZ0rE2j41;
m=34e2:|47ba:t|4a01:t|745a:t|2a03:t|54e1:t|77cb:t|ca3:t|4d66:240|18c3:t|1d98:t|79d4:chart|640c:medium|678e:600%7C5|5cf4:t|3a8e:chart|54ae:medium|29ac:600%7C5;
.ASPXAUTH=DA9F6F0DC7114A0A7B1C7A8E0050A4C4FF4D0F2553F0AAE9407DF141D9ED9D930897E28A47F4794C2C5C63A7EA64AEB50CA184B89F07769FEE2241E6292483666C42187BD1DBA66C806665593D20A1FBFCCC9584213D869B58F75E992DD7C77F05FC55BF2CB30AF32165A98C3272D7071610BE0321393B5713C313E5E12FFEE0368F37585210C9C270E57A6D66953FA4ABC7AE7D50905D05BDD7D8A4D0EDF6186F6795263783D973EC9B1C4E11BF1788A596401202E697FC6EB0AFB7D7A6D4DD
Host:localhost:1904 If-Modified-Since:0 Pragma:no-cache
Referer:http://localhost:1904/settings/schedules/
User-Agent:Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/43.0.2357.81 Safari/537.36
X-Requested-With:XMLHttpRequest
jQuery request headers:
Accept:/ Accept-Encoding:gzip, deflate, sdch
Accept-Language:en-GB,en-US;q=0.8,en;q=0.6 Connection:keep-alive
Cookie:csrftoken=Q53T7sBOlAgpNSGh7QJ43LSy1CzUPdmV;
auth=Z3Vlc3Q6Z3Vlc3Q%3D; __ngDebug=true;
__RequestVerificationToken=9ox1j5vvUHDyflvTarxzaLbZumwT0qnWvxT5fXbX1BTwhZwms_tUJe-9Du-r0-SttzuONVd3MeYRpCYCDit5rHzt7v1sK-C9SCsjZ0rE2j41;
m=34e2:|47ba:t|4a01:t|745a:t|2a03:t|54e1:t|77cb:t|ca3:t|4d66:240|18c3:t|1d98:t|79d4:chart|640c:medium|678e:600%7C5|5cf4:t|3a8e:chart|54ae:medium|29ac:600%7C5;
.ASPXAUTH=DA9F6F0DC7114A0A7B1C7A8E0050A4C4FF4D0F2553F0AAE9407DF141D9ED9D930897E28A47F4794C2C5C63A7EA64AEB50CA184B89F07769FEE2241E6292483666C42187BD1DBA66C806665593D20A1FBFCCC9584213D869B58F75E992DD7C77F05FC55BF2CB30AF32165A98C3272D7071610BE0321393B5713C313E5E12FFEE0368F37585210C9C270E57A6D66953FA4ABC7AE7D50905D05BDD7D8A4D0EDF6186F6795263783D973EC9B1C4E11BF1788A596401202E697FC6EB0AFB7D7A6D4DD
Host:localhost:1904 Referer:http://localhost:1904/settings/schedules/
User-Agent:Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/43.0.2357.81 Safari/537.36
X-Requested-With:XMLHttpRequest
the problem is with this header in AngularJS headers:
If-Modified-Since:0
you should remove this header from this specific request by setting it to undefined:
$http.get($scope.url, { headers: { 'If-Modified-Since': undefined } })
I'm trying to enable Cross Origin Resource Sharing across two web applications and am still receiving the "Origin X is not allowed by Access-Control-Allow-Origin".
The request looks like this:
Request URL:http://mywebsite:8700/?myparam=blah
Request Headersview source
Accept:application/json, text/javascript, */*; q=0.01
Origin:http://localhost:1715
Referer:http://localhost:1715/stuff
User-Agent:Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.79 Safari/537.1
Query String Parametersview URL encoded
myparam:blah
which gives the error:
XMLHttpRequest cannot load http://mywebsite:8700/?myparam=blah. Origin http://localhost:1715 is not allowed by Access-Control-Allow-Origin.
If I access the URL in the browser directly I get the following response headers and the correct JSON is returned
Request URL:http://mywebsite:8700/?myparam=blah
Request Method:GET
Status Code:200 OK
Request Headersview source
Accept:text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Charset:ISO-8859-1,utf-8;q=0.7,*;q=0.3
Accept-Encoding:gzip,deflate,sdch
Accept-Language:en-US,en;q=0.8
Authorization:Negotiate blahblahblahblahblahblahblahblahblah
Cache-Control:max-age=0
Connection:keep-alive
Cookie:blahblahblah
Host:mywebsite:8700
User-Agent:Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.79 Safari/537.1
Query String Parametersview URL encoded
myparam:blah
Response Headersview source
Access-Control-Allow-Headers:*
Access-Control-Allow-Methods:*
Access-Control-Allow-Origin:*
Cache-Control:private
Content-Length:11563
Content-Type:application/json; charset=utf-8
Date:Wed, 29 Jan 2014 06:51:49 GMT
WWW-Authenticate:Negotiate blahblahblah==
Using JSONP is a last-resort solution as it would have implications for other applications already calling this method.
Turns out the request was receiving a 401 error, thus the response server not even got a chance to return the Access-Control-Allow-Headers header.
Trying to set up a simple Dart HttpServer:
import 'dart:io';
void main() {
HttpServer.bind(InternetAddress.ANY_IP_V4, 80).then((server) {
server.listen((HttpRequest request) {
request.response.write('Hello, world.');
request.response.close();
print(new DateTime.now());
print(request.connectionInfo.remoteAddress);
print(request.method);
print(request.headers.toString());
print("--------------");
});
});
print("listing....");
}
When hitting localhost from a browser (Chrome), it appears as if the incoming request is handled twice:
listing....
2013-11-07 15:19:24.478
InternetAddress('127.0.0.1', IP_V4)
GET
host: localhost:80
connection: keep-alive
cache-control: max-age=0
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
user-agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/30.0.1599.101 Safari/537.36
accept-encoding: gzip,deflate,sdch
accept-language: en-US,en;q=0.8
--------------
2013-11-07 15:19:24.554
InternetAddress('127.0.0.1', IP_V4)
GET
host: localhost:80
connection: keep-alive
accept: */*
user-agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/30.0.1599.101 Safari/537.36
accept-encoding: gzip,deflate,sdch
accept-language: en-US,en;q=0.8
--------------
Those two requests look almost identical, except for the accept header. Doesn't look like the browser is firing up the request twice:
So, why does the request get handled twice?
EDIT: Dart SDK version 0.8.10.6_r30036
You don't output what is requested (the url member of the request instance) and that is the difference between the two requests.
The first request requests the file you try to open, probably /. The second request is issued internally by the browser and requests favicon.ico to display the icon in the address bar / tab title.
I am trying to POST something to my Web API but not matter what I do the model values are always set to null.
I have tried the following request (trace copied from fiddler):
POST http://localhost:53176/api/Profile HTTP/1.1
Host: localhost:53176
Connection: keep-alive
Content-Length: 40
Accept: application/xml, text/xml, */*; q=0.01
Origin: http://localhost:53176
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.116 Safari/537.36
Content-Type: application/x-www-form-urlencoded
Referer: http://localhost:53176/SignUp
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Cookie: ASP.NET_SessionId=do5ddqwghl3v0bhlgr3pyicb
{"InputEmail":"aa","UserName":"asd"}
Update
and also with the following:
POST http://localhost:53176/api/Profile HTTP/1.1
Host: localhost:53176
Connection: keep-alive
Content-Length: 44
Accept: application/json, text/javascript, */*; q=0.01
Origin: http://localhost:53176
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.116 Safari/537.36
Content-Type: application/json
Referer: http://localhost:53176/SignUp
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Cookie: ASP.NET_SessionId=do5ddqwghl3v0bhlgr3pyicb
{"InputEmail":"asdas","UserName":"dasd"}
My api looks like:
//here I have also tried [FromBody]
public MyDto Post(MyDto input)
{
return input;
}
MyDto has two properties and is:
public class MyDto
{
string InputEmail { get; set; }
string UserName { get; set; }
}
Would someone be able to tell me what is the problem in this code or if there is anything that I am missing?
I would also like to know how (or where) can I put the debugger somewhere inside webapi code to see what was the actual request before the webapi tries to deserialize it.
Your Content-Type header is application/x-www-form-urlencoded, but your body has json data. Modify your content-type header to be either application/json or text/json
EDIT:
Make your properties Public