HTTP_ORIGIN always returning nil - ruby-on-rails

I'm trying to get the origin of the request cross-site, I found this answer How to get "Origin" request header in Rails which suggest using
request.headers['origin']
I also tried
request.headers['HTTP_ORIGIN']
but both seem to return nil
I'm running this on Rails 6 app

There is nothing wrong with your code.
To get a header in Rails, just access it inside request.headers.
For example, to get User-Agent:
request.headers['User-Agent']
And since rails 5, we have the HTTP_ version also:
request.headers['HTTP_USER_AGENT']
The problem with the Origin header is that it does not always appear in request headers from the browser. It's just needed when the browser sending a cross-origin request.
You can try with some other tools like Postman or curl to see the header is really there:
curl -H "Origin: http://yourserver.com" http://yourserver.com

Related

Request headers only using Ruby HTTPClient returns 405 http status code (Method not allowed) in Ruby on Rails

My Ruby on Rails application (ruby 2.6.6; rails 5.2) makes a header only request using HTTPClient, for a Google Drive direct download link. This is to check if the file is really there.
The code is:
response = client.head(<google_drive_direct_download_url>, follow_redirect: true)
This results in 405 status code.
But, at the same time, I can make a normal request to the same URL using
response = client.request('GET', <google_drive_direct_download_url>, follow_redirect: true)
obtaining status code 200.
There is a post saying there is a chance that the URL endpoint doesn't accept header only requests.
But I do can make a header only request using httpie receinving 200:
$ http <google_drive_direct_download_url> -h --follow
Would be a matter of outdated version, or there's an issue with HTTPClient?

How to call Twitter's POST /statuses/filter with 5000 user ids?

Both GET and POST methods supported by the endpoint. The POST method is recommended to call endpoint with a huge number of user ids to follow, because the GET method will lead to an oversized URL that the server can't handle. How the "follow" parameter can be passed in the body of the request?
UPD: here is what I've already tried using Insomnia (the URL is always 'https://stream.twitter.com/1.1/statuses/filter.json' and the method is always 'POST' and the server response is always "No filter parameters found. Expect at least one parameter: follow track locations"):
A plain text body with Content-Type: text/html
follow=2731236345
A json body with Content-Type: application/json
{
"follow": "2731236345"
}
Another json body
{
"follow": [
2731236345
]
}
However, when I use form-url-encoded with field "follow" and the value "2731236345" I receive the response "Unauthorized".
First of all, consider looking at the Twitter Developer Labs new endpoint, because this existing API will be retired, likely (but not yet confirmed) in 2020.
When you say "without any success", what libraries are you using, and at what levels of query parameters - you're not being very clear about what is not working here. 5000 user IDs is very large. Can you please be more specific about the errors you're seeing, and the code you're trying to run?
I've managed to connect using curl:
curl --request POST \
--url 'https://stream.twitter.com/1.1/statuses/filter.json' \
--header 'authorization: <censored>' \
--data 'follow=2731236345'
The same request doesn't work in Insomnia for some reason, but it doesn't matter for the goal of this post.

Is this Calendly.com URL Valid?

I am using webhooks for the first time with calendly.com. I would like to create a subscription as described here. When I get to doing this
curl --header "X-TOKEN: <your_token>" --data "url=https://blah.foo/bar&events[]=invitee.created" https://calendly.com/api/v1/hooks
I am concerned that the url is not in a valid format. I tried replacing the & with a ? as in here
curl --header "X-TOKEN: <your_token>" --data "url=https://blah.foo/bar?events[]=invitee.created" https://calendly.com/api/v1/hooks
but I receive this error
{"events":{"events":["can't be blank]}}
Likewise, I try to leave the & and everything after it blank and it give the same error as above.
But using a url with the & and everything in it gives a 404 not found error. Can a url even have the format they are saying is required?
But using a url with the & and everything in it gives a 404 not found error.
The URL part in the following is just the https://blah.foo/bar part before the & character.
curl --header "X-TOKEN: <your_token>" --data "url=https://blah.foo/bar&events[]=invitee.created" https://calendly.com/api/v1/hooks
The events[]=invitee.created part is a separate parameter and value. It’s not part of the url.
See the Create A Webhook Subscription page in the calendy docs:
So the URL is the site that runs your webhook; you don’t send the events parameter/value back to that site—instead you’re sending both the url param and events param to the calendly API endpoint at https://calendly.com/api/v1/hooks. The calendly backend presumably then calls to https://mywebsite.com/webhooks/invitee_created or https://blah.foo/bar whatever url you’ve given it—but without the events parameter, which is for calendly’s internal use.

Strange Rails behavior with custom mime types

I am using Ruby on Rails 4.1 and I am trying to implement an API with a custom mime type. That is, in config/initializers/mime_types.rb I register an alias as like the following:
Mime::Type.register_alias 'application/json', :my_json
From another system I am trying to access the API with curl by running a HTTP PUT request, this way:
curl http://www.my_api.org/articles.my_json --request PUT --header "Content-Type: application/json" --data-binary '{\"key\": {\"a\": \"1\", \"b\": \"2\"}}'
However, by inspecting the ArticlesController parameters in my Rails application, I get the following output (note: article parameters are "unwanted" and those duplicate the "wanted" key parameters):
Parameters: {"key": { "a"=>"1", "b"=>"2" }, "article": { "a"=>"1", "b"=>"2" }}
What is the problem? Is it a bug? How can I solve that?
Note: I have implemented and access other similar API by executing HTTP GET requests and all works as expected. The problem seems to happens only when I execute HTTP PUT requests.
#rafaelfranca - No it is not a bug. It is how wrap_parameters works. You can disable at this file in your application config/initializers/wrap_parameters.rb.
See github.

405 Method not allowed on Net::HTTP request [ruby on rails]

I'm trying to verify if there is a remote url with following code:
endpoint_uri = URI.parse(#endpoint.url)
endpoint_http = Net::HTTP.new(endpoint_uri.host, endpoint_uri.port)
endpoint_request = Net::HTTP::Head.new(endpoint_uri.request_uri)
endpoint_response = endpoint_http.request(endpoint_request)
I'm still getting 405 Method not allowed. When I use Get instead Head in Net::HTTP::Head.new I'm getting 200 Success but also with whole remote document in response what results in bigger response time (0.3s => 0.9s).
Any ideas why this is happening? Thx
There's a chance that the #endpoint url you're trying to interact with doesn't support HEAD requests (which would be really weird, but still may be the case). Your code works fine for me with a handful of urls (google.com, stackoverflow.com, etc.)
Have you tried a curl request to see what it returns?
curl -I http://www.the_website_you_want_to_test.com

Resources