In a rails app, I see crashes frequently (airbrakes) like below
AbstractController::ActionNotFound:The action '6826' could not be
found for MembersController
Investigating further, the URL is configured to receive only PUT or POST requests but instead receives GET. Doesn't seem to be action of bots or a smart user. Do browsers sometime send both GET and POST requests when a link is clicked, should it be handled in the server and redirected to corresponding pages?
A browser will only send a GET request when a link is clicked - unless there is JavaScript telling it otherwise. Your app should handle POST and PUT requests for data submission, GET requests for data retrieval, and DELETE requests for data transmission. There could be several different causes of that error, it could be because you are representing a POST or PUT route using a link or your users are typing the url into the address bar.
Related
I have an iOS app where the user can makes HTTP requests from their phones and the HTTP returns information based on the zip code that the user provides through the phone.
My issue is that anyone can type the URL and the server would respond with the information that corresponds to the zip code they input e.g. http://example.com/zip-code/78515.
My questions is, can I limit the server to only respond to requests made from my iOS app without the user having to create a user and password? In other words, if someone types http://example.com/zip-code/78515 directly in a browser I want the server to ignore the request but if the request comes from my iOS app I want the server to respond accordingly.
For the HTTP request I'm using Laravel.
Here is my Laravel code.
Route:
Route::get('zip-code/{zipCode}', 'AppsAPIController#information');
Controller:
class AppsAPIController extends Controller
{
public function information($zipCode)
{
$info = CityInfo::where('ZipCode', $zipCode)->get();
return ($info);
}
}
Request:
http://example.com/zip-code/78515
Again, the question is, how can I limit the server to only respond to requests made from my iOS app without the user having to create a username and password?
This package seems to do that
https://github.com/spinen/laravel-browser-filter
Basically, you are adding a middleware that reads the user agent out of the request, and denies the rest.
There is no foolproof way to respond only to requests made by your app.
User agent sniffing, navigator feature detection, and like measures may deter most basic attempts to load information from that url (like search engine bots), but anyone with a little time can learn to replicate the HTTP requests made by your app, defeating those measures.
Even requiring a login will not prevent external request (they can send requests matching your login workflow to obtain a valid token, then request the restricted url with it).
(via the comments) I just don’t want to overload the server with unnecessary requests.
In that case, there's a much better solution. Laravel ships with a throttle middleware, which you can use to limit the number of requests per minute per IP (or per logged-in user, if they're authenticated).
Just add throttle:60,1 to your route's middleware and it'll max out at 60 requests per minute for a particular IP address. Set it to something relatively high (so normal use doesn't hit it), but it'll prevent millions of requests from the same IP from using up too many resources.
so, when i send a text message to twilio number, i want it to trigger a specific event in the webapp via http POST. For example, by making a http call to the webapp URL (http://webapp.com/triggerA) which it process to trigger an event A in the webapp.
Can I do this with twilio? If,so is there a sample piece of code which I can refer.
From what I understand from your question, I think you can do the following.
With Twilio, when you login into here
https://www.twilio.com/user/account/phone-numbers/incoming
You will find a list of your incoming numbers, I am assuming that you have already purchased a number. Once you click on a number in the list, you will find a page that where you can view and set various properties for the number you are looking at.
You will see a header called Messaging. Under that menu you will see a request Url.
you can set this to http://webapp.com/triggera as per your example. you can also choose whether you would like to use a http post or a http get request type.
the link below, will help you further for handling the data that Twilio passes your application.
https://www.twilio.com/docs/api/twiml/sms/twilio_request
Louis
I installed fiddler and made a GET request. It gives me what is returned from the server in header and cookies etc. Now I want to know the way to check (using fiddler) what is being posted to the server when I post a form (with some values in text boxes using firefox or any browser). Remember I am not seeking to know the way to compose a post request in fiddler. I want to know what browser sends to the server. Actually compose a post request is not working and it returns that same page which I post, so I want to know what browser is doing which I am unable to do?
Thanks in advance.
Click on the request that you wish to see in Fiddler, right click and select "Decode Selected Sessions".
If you're saying: "I don't see any traffic in Fiddler's Web Sessions list when sending a POST from Internet Explorer", you should follow the troubleshooting steps listed here: https://groups.google.com/forum/#!topic/httpfiddler/SsZnGxdxklg
If the target page is HTTPS, you need to ensure that you enable HTTPS decryption or you won't see anything other than the CONNECT tunnel through which HTTPS traffic flows.
Otherwise, if you do see the POST in the Web Sessions list, double-click it to activate the Inspectors tab. Use the Web Forms tab or the the Raw tab to see the data posted from the client application.
You might want to watch the Fiddler tutorial videos to quickly get up to speed on how to use Fiddler: http://www.youtube.com/playlist?list=PLvmaC-XMqeBbw72l2G7FG7CntDTErjbHc
How do I send a facebook app requests from one mobile user to another using the Graph API?
I have looked at facebooks documentation but the only options I have found are to A) send an app to user message from the app (which I can't get working) or B) to use the request dialog, which doesn't seem to let me send a request to a single user.
FB has instructions for how to build a custom "Multi-Friend Selector" but apparently not for mobile.
I have tried using HTTP POSTing to
https://graph.facebook.com/%s?access_token= ...
with POST data set to
message='Test Message'
but I get
WWW-Authenticate: OAuth "Facebook Platform" "invalid_request" "(#2) Failed to create any app request"
I have also tried in the Graph API Explorer but I get the same thing.
I don't want to send these messages to users that have installed the app and I don't mind the user having to provide confirmation for the FBFrictionlessRecipientCache. Also, my app is in Sandbox mode, but I only need to send the requests to the other developers.
I am looking for anything that will let me do multi-friend selectors or ask for lives, or get help from a friend, like I see in several mobile games these days.
You can use presentRequestsDialogModallyWithSession from FBWebDialogs.
You must specify a "to" parameter to identify the recipient, and you must use the FBFrictionlessRecipientCache.
The "to" parameter identifies the recipient. It stops the select user dialog from appearing.
The first time you send the request to each recipient the user will have to grant permission. After that, the FBFrictionlessRecipientCache will allow the request to be sent relatively silently (a dialog pops up briefly and goes away by itself).
I've recently enabled the Facebook Open Graph stuff on my web app (so and so has just read this and that on here and there). Now I post the request to Facebook when a user posts something, as part of the page load in the controller. The problem is I receive the following error:
HTTP 500: Response body: {"error":{"type":"Exception","message":"Could
not retrieve data from URL."}}
My first thought is that the open request to load the page is blocking any FB scraping of OG information, as it seems after it's been cached I no longer receive this error.
Is this likely? If so, what's the best way to work around it?
WHY THIS HAPPENS:
I had this same problem today, and it is because your Koala script (assuming you're using koala - if not, you should try it out because it's great) sends its request to Facebook before your URL is up. This means that when Facebook registers the post, it comes to the URL you specified to pick up the meta tags. Unfortunately, the page itself hasn't been loaded yet, giving it a 500 error
HOW TO SOLVE IT:
Use the delayed_job gem to prevent your post call from occurring before the page loads, which allows facebook to scrape your metatags correctly.
FOR EXAMPLE:
def post_to_facebook([ACCESS_TOKEN])
graph = Koala::Facebook::API.new([ACCESS TOKEN])
graph.put_connections("me", "[APP NAMESPACE]:[ACTION]", :[OBJECT TYPE] => [OBJECT_URL])
end
handle_asynchronously :post_to_facebook