I'm trying to set up a webhook for Stripe and I've created a controller, according to the Stripe doc , to do it in ASP.Net MVC running in a virtual machine (maybe that changes things?). I've been testing the action in the controller to see if I can receive posts, so I'm using Postman to send my localhost posts requests which are working. But now I need to use Ngrok to give my localhost a url so that Stripe can use it. I'm running ngrok and passing in these parameters to run
ngrok http -host-header="localhost:44368" 44368
and here is what I see, everything looks ok
But now when I try and use it in Postaman
ex https://11d1ba97.ngrok.io/StripeWebHook/Index
I get a 502 Bad Gateway message and the action method never gets hit.
I get the same problem when I try and send a test webhook from Stripe.
FYI - The request times from Ngrok using 'localhost:4040' show all my response times as 0ms.
Update - I was emailed by ngrok
"The trouble is the HTTPS. ngrok terminates HTTPS traffic and then forwards the unencrypted http traffic through to your local application. You want to do one of two things:
1) make your application expose an HTTP port as well and forward traffic to that
2) use ngrok's TLS tunnels (which hand of TLS traffic to you for termination). with this option you have all the complexities of doing cert management, cert mismatches, etc, just fyi. i'd recommend #1 if possible"
Question - anyone know how to open up a http port in a ASP.Net MVC app using Https?
My problem was that the breakpoint in my application wasn't getting hit.
I was using
ngrok http 58533
but changing it to the following allowed my breakpoint to get hit.
ngrok http -host-header=rewrite localhost:58533
Bit late to the party :)
I could get http working by un-checking Enable SSL flag in Properties.
Step 1: Right click Web Api project, select Properties
Step 2: Download and install extension
https://marketplace.visualstudio.com/items?itemName=DavidProthero.NgrokExtensions
Step 3: Start ngrok Tunnel from Visual Studio
(image from https://raw.githubusercontent.com/dprothero/NgrokExtensions/master/docs/img/menu-item.png)
Step 4: Copy Forwarding http url
Step 5: Paste in Postman, and append the controller/action
you get 200! (upvotes? :))
Related
From the Electron renderer, I am accessing a local GraphQL endpoint served by a Django instance on my computer, which I'd like to do over HTTP, not HTTPS. But Electron's Chromium seems to intercept my fetch request and preemptively return a 307 redirect.
So if my fetch request is POST to http://local.myapp.com:3000/v1/graphql, then Chromium returns a 307 and forces a redirect to https://local.myapp.com:3000/v1/graphql, which fails because my server is listening on port 3000 and for my use case I can't do a local cert for local.myapp.com.
Theoretically the first insecure request should be hitting an nginx docker container listening on port 3000 without any SSL requirement. And nginx is proxying the request to a Hasura container. But I'm not even seeing the requests in the nginx access logs, so I'm pretty sure the request is being intercepted by Chromium.
I believe this StackOverflow comment summarizes well why this is happening: https://stackoverflow.com/a/34213531
Although I don't recall ever returning a Strict-Transport-Security header from my GraphQL endpoint or Django server.
I have tried the following code without success to turn off this Chromium behavior within my Electron app:
import { app, } from 'electron'
app.commandLine.appendSwitch('ignore-certificate-errors',)
app.commandLine.appendSwitch('allow-insecure-localhost', )
app.commandLine.appendSwitch('ignore-urlfetcher-cert-requests', )
app.commandLine.appendSwitch('allow-running-insecure-content', )
I have also tried setting the fetch options to include {redirect: 'manual'} and {redirect: 'error'}. I can prevent the redirect but that doesn't do me any good because I need to make a successful request to the endpoint to get my data.
I tried replacing the native fetch with electron-fetch (link) and cross-fetch (link) but there seems to be no change in behavior when I swap either of those out.
Edit: Also, making the request to my GraphQL outside of Electron with the exact same header and body info works fine (via Insomnia).
So I have a couple of questions:
Is there a way to programmatically view/clear the list of HSTS domains that is being used by Chromium within Electron?
Is there a better way to accomplish what I'm trying to do?
I think the issue might be from the server, most servers don't allow HTTP in any possible way, they'll drop the data transfer and redirect you to HTTPS and there's a clear reason why they would do that.
Imagine you have an app that connects through HTTPS to send your API in return for some data, if someone just changed the https:// to http:// that'd mean the data will be sent un-encrypted and no matter what you do with your API key, it'll be exposed, that's why the servers don't ever allow any HTTP request, they don't accept even a single bit of data.
I could think of two solutions.
Chromium is not the reason for the redirect, our Django instance might be configured as production or with HTTPS listeners.
Nginx might be the one who's doing the redirecting (having a little bit of SSL def on the configuration)
Last but not least, just generate a cert with OpenSSL (on host http://local.myapp.com:3000/) note: include the port and use that on your Django instance. You can trust the certificate so that it could work everywhere on your computer.
I had 3 servers with balancing: server-1.test.com, server-2.test.com, server3.test.com.
And I used domain https://test.com.
I want to make a POST request such as : curl -X POST https://test.com -d "title=test"
After that, if the post request was redirect by balancing to server-1.test.com. it would be ok. But if not, it would be change to GET request. So I couldn't get data from GET request. I knew that problem from https redirect. Any suggestions for it?
I can't use GET request for replace POST. because it was made by webhook of mailchimp.
For http call you can user http package in meteor.
You can also refer the themeteorchef tutorial for more understanding for http in meteor.
One more thing for http calls meteor uses sync call. So you can also use wrapasync in meteor for http calls for sending response back to client.
I have InfluxDB running on localhost:8086(it's default) and a go program running on a different port (as it has to, can't also run on 8086). I am trying to post data to InfluxDB using JavaScript in my go program, and I get No Access-Control-Allow-Origin response. This github issue (posted by someone using a reverse proxy) says that the problem can be gotten around by configuring a proxy mechanism, but I am not using one. Is there a way to post data to InfluxDB without getting that response? Receiving data via post requests seems like a core function of InfluxDB, but it is not working correctly.
If it's based on Apache you just have to allow your site B to access your site A (and it's set by site A) : How does Access-Control-Allow-Origin header work?. A simple htaccess can do the job :
Header set Access-Control-Allow-Origin: http://localhost
(If it's localhost that access the site A)
I am trying to check the incomming request to my server. Another server which has hosted MVC application. An action method is sending some data to my server. I am using Fiddler. But somehow it is not showing the incoming request.
Below mentioned are my settings in Fiddler Custom Rules..
static function OnBeforeRequest(oSession: Session) {
if (oSession.host.toLowerCase() == "IP Address:8888")
oSession.host = "IP Address:82";
}
Below mentioned are my Fiddler Options.
Am I missing anything ?
It sounds like you're trying to use Fiddler as a reverse proxy. You should read the steps at http://www.fiddler2.com/r/?reverseproxy. The biggest thing to understand is that when running as a reverse proxy, you only see traffic in Fiddler if the client's URL is changed to point at Fiddler.
If it is ssl connection then you need to enable option 'capture https connection' from 'https' tab. Did you try to invoke request from other browser like chrome ? Does fiddler capture anything?
You don't need custom rule for this case. It should work if you enable these settings. I have faced only some problems in other browsers like FF.
I'm not sure I can answer your question fully without knowing a few additional pieces of information.
If the request being made is not a HTTP request, Fiddler will not be able to handle it.
Also, if you're using the loopback address localhost then Fiddler may not be able to find it.
I am trying to build a java application to scrape a website using HTMLUnit. After extracting some data the application encounters following exception -
java.lang.RuntimeException: org.apache.http.conn.HttpHostConnectException: Connection to siteURL refused.
If I run application again, it is able to extract some data again before failing with the same exception. Probably the server see lot of requests from same client IP and refuses connection for a request.
Also, when application encounters this problem, I am able to connect to the site using a browser.
How can I overcome this problem? In web scraping applications how are such problems approached and resolved?
This is how I debug such issues :
Download Fiddler
By default, fiddler listens on port 8888, all you have to do, is configure webClient to use fiddler as proxy & then all requests being sent can be seen (analyzed, modified & re-sent too) in fiddler.
client.getOptions().setProxyConfig(new ProxyConfig("127.0.0.1", 8888));
From what I can say from my previous experience is that the target site blocks after some-time, you can try adding a pause or rotating proxies & user-agents. You can also try clearing cookies.