Which URL is considered valid while checking for broken links - url

I have a bunch of URLs and I'm trying to check if these URLs are valid (check for errors like 404 etc.). In such a scenario, which URLs are considered valid?
Example scenarios:
The server responds with HTTP 3XX (Moved
permanently/temporarily)
Are these URLs considered valid ?

I found this information in Wikipedia.
1xx HTTP CODES are informational responses
2xx HTTP CODES are success
3xx HTTP CODES are redirection
4xx HTTP CODES are client errors
5xx HTTP CODES are server errors.
and some unofficial codes specific for client agent or webserver.
So not all 3XX codes are errors.

Related

Fetch html response is not full via gatling,why?

I call a http request,The reponse is html,but gatling get the response is incomplete.What should I do
I think a part of I need that is gatling supported resources.It is under the tag 'table'.
The server may not be returning the complete response due to an error or a problem with the server-side code. In this case, you should check the server logs to see if there are any errors, and you should also check the HTTP response headers to see if there are any indications of what went wrong.
The HTTP request may be failing or being blocked by a firewall or other network security device. In this case, you should check the network logs to see if the request is being sent and received successfully, and you should also check any network security settings to ensure that the request is not being blocked.
The HTML response may not be well-formed or may be missing some elements, such as the 'table' element you mentioned. In this case, you should validate the HTML using a tool such as the W3C HTML Validator, and you should also check the HTML source to ensure that all required elements are present.
User issue, as concluded on the Gatling community forum.

Does the jclouds s3 API support "307 temporary redirect" in response to a PUT with header Expect: 100-continue?

Results in our testing suggest the redirect is not supported, although other clients e.g. curl & s3cmd do. Redirect should be supported per https://docs.aws.amazon.com/AmazonS3/latest/dev/RESTRedirect.html#RESTRedirect100Continue. Pointers confirming support or lack of support in jclouds source would be of value.
S3RedirectionRetryHandler handles 301 and 307.
jclouds support the 307 redirect. All 3xx response
codes are intercepted here, then processed, by default (unless a
provider defines its own redirection retry handler) here.

What Http Status code should be returned from WebAPI Delete action if a record cannot be deleted?

What Http Status code should be returned from a HttpDelete action if a record cannot be deleted from the database because of database integrity?
403 - Forbidden
405 - Method not allowed
409 - Conflict
??
From my point of view HTTP code 409.
RFC does not say anything about this concrete situation but also it is not rejecting it.
https://www.rfc-editor.org/rfc/rfc7231#section-6.5.8
The 409 (Conflict) status code indicates that the request could not be
completed due to a conflict with the current state of the target
resource. This code is used in situations where the user might be able
to resolve the conflict and resubmit the request. The server SHOULD
generate a payload that includes enough information for a user to
recognize the source of the conflict.
Source:
REST HTTP status code if DELETE impossible
And why do I think that 403 and 405 are not appropiate?
403 - Forbidden. It's related with permissions. But the scenario that you are describing occurs after authentication/authorization.
405 - Method not allowed. This is usually related with the "object" exposed by the endpoint, it accepts X number of verbs and the one you requested is not available. Throwing this error in a determined situation like integrity-check would be confusing for the RESTful logic.

Are HTTPS URLs secure?

If a website makes a GET request, from a HTTPS page to another HTTPS page, is that secure? Specifically, is the data in the URL / query params secure?
I'm asking because, hen I call Stripe.createToken, a connection is made to a URL with the credit card number in it. Even though the query parameter says _method=POST, it is being transmitted over a GET query param:
Request URL: https://api.stripe.com/v1/tokens?card[number]=4242424242424242&card[cvc]=123&card[exp_month]=4&card[exp_year]=2016&key=pk_test_1236&callback=sjsonp11234&_method=POST
Request Method: GET
Status Code: 200 OK
Now, I understand this is all over HTTPS, but isn't the URL part insecure? I thought that URLs get logged in various places along the way to their destination.
URLs usually do get logged in webserver logs. It is a very bad idea to sent that information as part of a GET request. The hops a request takes between the client and the destination are encrypted though. So assuming there is no web proxy or anything the only place it might be logged is on https://api.stripe.com/'s webserver.
See Are querystring parameters secure in HTTPS (HTTP + SSL)?
for more information.
From Stripe:
Because of the nature of how HTTPS works, the only information that's transmitted in plaintext to an HTTPS connection is the hostname you're connecting to (in this case, "api.stripe.com"). All other parts of the communication - including the full URL - are encrypted such that they're only decryptable by our servers. At the transport level, including cardholder details as GET parameters of the URL is no different from including them in the POST body. We only use JSONP for Stripe.js and not for any server-side bindings, in case you are worried about having those requests come up in your server logs.
Once the details get to our server, we've made changes to the configurations on our servers to ensure that the query strings are never logged, and we have routines in place that check all log files for accidental inclusion of card numbers. We've worked with our PCI auditors (who also audit Google, Apple and AWS) to ensure that this meets the standards of PCI, and are confident that we're handling cardholder data in a way that is secure.

Jmeter OAuth Plugin

I am using jmeter to perform some load testing. this particular test will record how long it takes to get a response from a web service using OAUTH.
I have added the Jmeter Oauth plugin, set up my keys, url and data to be posted etc, however I keep getting an error message within my report
Response code: Non HTTP response code: java.net.URISyntaxException
Response message: Non HTTP response message: Expected closing bracket for IPv6 address at index 14
Has anyone had this error before or does anyone have a good guide on how to use the OAUTH plugin?
Any help appreciated
when i get this error the problem was that i perfix the server name or ip
with http
so if you set server name or ip parameter with for example http://www.google.com you need
to replace it with www.google.co.il namely omit the http://
(you can set the protocol http in the protocol value of http request)

Resources