Im not sure how i should deal with a HTTP_STATUS of 302 in my response to an API request?
Im trying to write a small Node.js script and i have a feeling this is to do with the HTTPS upgrade of the request i send?
Any help would be great
It's nothing (specifically) to do with HTTPS, it just a temporary redirect.
Read this article on Wikipedia.
Related
I am trying to follow the ruby-saml example code for doing the outbound redirect and am hitting a CORs exception.
The code in question is:
request = OneLogin::RubySaml::Authrequest.new redirect_to(request.create(saml_settings))
When I try to call this via axios, I get an OPTIONS preflight which rejects me with a 302 and
Response to preflight request doesn't pass access control check: Redirect is not allowed for a preflight request.
So far, I have tried rack-cors, rails-reverse-proxy and a number of other things but I cannot get past this block.
Does anyone have some good instructions on how to fix this? Why is the redirect not being handled as a simple request? i.e. Why am I getting the OPTIONS preflight? Can I somehow make this a simple request?
Someone was saying that I will need to proxy through something like nginx but that seems overkill this.
rails 6, react if it matters.
The error you are experiencing is not related to SAML.
This is related to the fact that you are executing a redirection to a website which hostname mismatch the rails server hostname and the headers that are added on the request.
CORS explanation: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS
You need to review your rack-cors settings as well as review if your Apache/Nginx configuration is configured properly.
https://enable-cors.org/server.html
I am using knock gem with rails api only application. I follow its documentation and when i make a curl post request or using postman for getting token i get not found with 404 status. Please help me where i am doing wrong.
any help will be appreciated.
thanks
Knock send 404 when passed credentials is wrong.
Can you check whether the thing is working when you pass correct credentials?
This happens if you are trying to send payload (may be via Postman) like this:
auth['email']:abc#gmail.com
auth['password']:11111111
or
auth[email]:'abc#gmail.com'
auth[password]:'11111111'
or
auth['email']:'abc#gmail.com'
auth['password']:'11111111'
It will be ok if you remove comma encapsulation around keys and value, right format is:
auth[email]:abc#gmail.com
auth[password]:11111111
I'm working on some cross-domain ajax requests. I use XDomainRequest to send requests in IE8 and IE9. Currently, it works well on Get requests, but not on Post requests.
When I use Fiddle capturing the requests, I find that the Post request has no Content-Type header.
Does anyone know about this?
Unfortunately, it looks like they screwed up and left it out. I am having the same problem.
According to this there is no way to set the Content-Type header and I have not found a way myself. You'll see that they actually made it WORSE with a later bug fix. As XDomainRequest is deprecated in IE10 for the correct XMLHttpRequest object using CORS I doubt there will ever be a fix.
If you ever found a way around the problem please post back and let the world know. This is preventing me from using Amazon S3 POST for uploading avatars.
I'm working on adding support for MySpace in my application, and I think I've written everything correctly, but I seem to be getting a 401 error when the MSRequest delegate method is called. I would be happy to post my source code for those who are willing to help! Thanks, Derek
without seeing your code I can't say much but a 401 is a bad auth code. How do you generate whatever OAuth token you need for their XHR requests? I'd start by looking there, post some source for more help.
I'm authenticating with OAuth getting my request token, authorizing, doing POST to get the AccessToken and then pulling my user_timeline.xml
At this point I try and call the destroy api on a particular status id and it returns a 401 unauthorized.
I am able to take the url and the parameters out and call this through Fiddler2 and it works, but using it in a Delphi app with Indy V10 component, doing a POST it's giving this 401 still.
What can I be missing?
Thanks,
david
If I can figure this out this app is good to go, very frustrating.
Please help!
Figured it out. Finally ran a .NET version of code, ran Fiddler2 to see what it did and noticed the Authorization Header. I then had to find a reference to this in regards to the Indy Components to figure it out. You have to add CustomHeaders with a specific format.
You may wanna try my implementation with ICS, supports Unicode as well
http://eden.fm/2011/02/27/twitter-library-for-delphi/