I wrote a code to send authentication cookie from Play to my Angular application. I notice that I don't see any Acces-Control headers in any of the responses but authentication still works. Does Play not send these headers? I was hoping to find some or all of the following headers.
Access-Control-Allow-Methods
Access-Control-Max-Age
Access-Control-Allow-Headers
Access-Control-Allow-Credentials
Access-Control-Allow-Origin
You need to set them explicitly in the controller action. For example:
Ok(content)
.withHeaders("Access-Control-Allow-Origin" -> baseUrl)
See manipulating http headers in the play docs.
Related
We were asked to remove the server header from the http response which gives details of Application gateway v2 for the GET/POST request against the URL.
I have added the rewrites rule to remove the server header in APP GW v2. For few GET/POST requests, it wont show the server headers but when we try GET request with url http://xx.com/../../../cbs?_v=15.0.36510.0&aid=test HTTP/1.1, the server header still shows up.
Any condition do we need to apply for the rewrites to remove server header.
Short Answer: This is still not supported by the product itself
Some Background
Rewrites do not work on responses generated directly from the Application Gateway.
This is currently not supported and is part of the backlog. There isn’t an ETA on this but we will be working on this limitation soon.
You can find it in limitation
I am new to JMeter. I am trying to create a test plan ,one of the requests is a POST request containing some parameter, the content type in the request header is Multipart/Form-data.
I am copying the headers/parameters from fiddler because the HTTP proxy recorder is not working.
Please see the image for the current settings I have.I am not able to get the required response using it.
As per HTTP Request Sampler Documentation
Use multipart/form-data for HTTP POST
Use a multipart/form-data or application/x-www-form-urlencoded post request
So all you need to do is:
Tick "Use multipart/form-data for POST" box
Remove all `Content-Disposition" lines
In regards to "proxy recorder not working", I have never experienced any problems with it so it might be misconfiguration or something like this. Some people find JMeter Chrome Extension easier to use.
Instead of copying the content-disposition etc, just send the parameters with name and you should be good. You are expected to send form data and it's value.
ideally it should look like, name should be just 'form' and it's value as 'buy-now'.
I would suggest you compare the requests that you are sending using developer tools and the request you are sending using JMeter, it will help you debug this quicker.
I hope it helps.
I'm using Ruby on Rails. Here is the requirement: the client (a native mobile app developed by me) will send a http post request to my Ruby code, my code will add some extra http headers (based on some business logic), then I need to "forward" or "redirect" this post request to another backend server (which has a REST service) and return its response back to the client.
I have been able to write a rack middleware to intercept the post request and add the extra headers. Originally I thought I could just use http redirect (status code: 307 for post request). But the problem is that the extra headers could NOT be submitted, which is the whole point of my code. So this isn't http redirect or forwarding per se, it's more like transforming a request.
I'm able to make a separate post request from my code using net http. This works. But I have to COPY data from the incoming request to my outgoing request (eg form data, http headers). This copying seems a bit tedious.
I would prefer some kind of simple "repackaging" (which is akin to http redirect or forwarding), that is I copy the whole incoming request to the outgoing request, slap on the extra headers and send it to the destination URL and be done with. I am not sure how to do this, and if doing it this way is even a good idea. For example, HTTP_USER_AGENT shows the OS, browser type of the client, when I'm making a new request, I probably don't need to send this on.
Alternatively, I can copy only the application specific data, because they're all the backend server (the destination of this "redirect") cares about. But I'm averse to hardcoding attributes in my code, causing close-coupling with the client (our native mobile app). Ideally I only copy application-specific data without hardcoding their attribute names. Is this possible? If so, how?
Any advice would be appreciated.
Thank you.
HTTP does not allow redirects for anything other than GET request.
(This is not technically correct but using HTTP 307 is kind of sketchy - see https://softwareengineering.stackexchange.com/questions/99894/why-doesnt-http-have-post-redirect)
If you need too send a POST request to another server for processing then using a proxy as you already seem to be doing is the correct solution.
Recreating the request in the proxy may seem tedious but it actually serves as a guarantee that you are calling the other servers "API" correctly.
While you can simply loop through the request headers:
uri = URI('http://www.example.com/todo.cgi')
req = Net::HTTP::Post.new(uri)
request.headers.each do |key, value|
req[key] = value
end
And pass the request form data:
req.set_form_data = request.request_parameters
You should ask yourself if it really is prudent to proxy everything.
See http://api.rubyonrails.org/classes/ActionDispatch/Request.html
I'm playing with the swagger editor, the pet store example, and the API there contains this message under each endpoint:
This is a cross-origin call.
Make sure the server at petstore.swagger.io accepts POST requests from editor.swagger.io.
OK, so I go to http://petstore.swagger.io , but where exactly do I set the CORS there? I don't see it.
Thanks.
I use a web application that's returning a Content-MD5 header but in my iOS app, I cannot retrieve that header using [NSHTTPURLResponse allHeaderFields] (whereas I can see it when I use cURL).
Does anyone know if iOS is deliberately removing that header?
So I've figured out what's happened.
Our SaaS provider has activated gzip by default on non-production instances. As mentioned in some other threads, NSURLConnection supports gzip compression transparently and will automatically send the Accept-Encoding: gzip HTTP header. When the response is received, NSURLConnection decompresses the content and removes the Content-Md5 header (because the Content-MD5 is a hash of the compressed data), which is why I'm not seeing it in the list of received headers.