We are trying to open our app url in wkwebview which used to work fine in uiwebview.
Our app is based on angular2 and nodejs and validate csrf header, this flows works with uiwebview but same is not working in wkwebview as x-xsrf-token is missing from request headers.
Not sure what might be going wrong here
Below is the difference in request header
Related
[SOLVED READ COMMENTS ]
I got a problem with the asp.net core hosted Blazor app.
locally it works like charm, when it is deployed there is a problem related to the cookies, that I don't know how to fix, I did my best, now seeking help :)
The problem is: once the user comes to the login page he gets this message in the console:
Here I found those cookies in response
There is no way to fix this issue in this scenario, I have tried everything, only one thing will work that is SSL certificate.
Chrome version 80 or higher will block all third-party cookies by default. If you use the api using HTTPS, switch the protocol to the HTTPS and check whether the Set-Cookie in the response header contains SameSite=None and Secure.
If it doesn't use HTTPS, Chrome 80 will intercept the login function under the http protocol, causing the entire local deployment service to be unavailable. For this situation, open chrome://flags/#same-site-by-default-cookies and chrome://flags/#cookies-without-same-site-must-be-secure in chrome, set it to be Disabled.
I have an angular app that I need to redirect outside to a server side html page, so I thought I could just use a standard <a> tag with target='_self' to redirect the angular app to my server side page. This actually works fine, however, I have a rails backend that checks for auth token before serving up any content.
This requires a auth token to be sent in the header of the http request which I am setting in a cookie, and angular grabs automatically with the $http service for ajax requests, but I can't seem to get the same thing to happen on a standard link.
Can/How do you add an auth token to a normal link before it is sent off?
When the browser is making the HTTP request and not your JavaScript code, you cannot add a custom header with your token value. See Adding http headers to window.location.href in Angular app for a similar question.
However, if this value is already being sourced from a cookie, can your backend just read that cookie value (or use some filter in the http request chain to transfer the cookie to a header)?
I have an iOS application which authenticates with Google's servers via OAuth 2.0. I have just one problem, my app doesn't seem to respond to the callback URL. I have set the callback URL correctly in my code but no response.
I was just wandering if anyone knows how to change the callback URL on the Google OAuth API Console because right it is some random URL which doesn't seem to work for me:
urn:ietf:wg:oauth:2.0:oob
You can use the oob URI with an embedded view, or you can rely on the user to copy and paste the code.
But on iOS you have a better option, you can use a custom scheme based on the bundle id (or on the client id):
https://plus.google.com/111487187212167051233/posts/AztHNnQh7w6
I have a HTML5 web app using cookie for authentication. In iOS6 it face some problem receiving cookie from server that the outbound request will not have cookie inside header as before. I come up with idea to request session id from a http request, and put into some where (maybe NSHTTPCookieStorage?) and then all request from UIWebView will contain cookie, then most of the html5 code don't have to change..
Is it the correct way to go? if yes, how to implement this? thanks.
I'm creating a viewer app for Windows Phone 7. The app already handles the OAuth2 stuff and succesfully browses Google Doc's folder structure.
I use Google Documents List API 3. BTW browsing works perfectly without using request headers, instead I append the access_token to the request Uri.
Now the app needs to show files to the user, if possible without downloading them first. This means that I want to set the UI's Image.Source to the Uri of an image, the UI's MediaElement.Source to the Uri of a video and the BackgroundAudioPlayer.Track.Source to the Uri of an audio file. Obviously I can't use request headers in this scenario.
However it seems that simply appending the access_token to the download Uri doesn't work. The UI elements fail with generic error messages, and if I manually try with a web browser (which isn't logged in to Google) it shows an empty screen, a 401 error or it redirects to Google's login page.
Is it possible to download/stream a Google Data entry just by defining the Uri? If yes, what does the Uri need to look like?
Support for authorization using the access_token URL parameter has not been allowed on purpose for security reasons. Basically if a user would be to open a malicious file on a browser (e.g html containing some Javascript would suffice) the malicious code on the file could steal the access token in the URL and send it to a third party bad guy.
To access the file you need to authorize using "Authorization" HTTP header. Simply add an HTTP header to the request which is like:
Authorization: Bearer access_token_here