If someone POSTs to my Rails application with HTTP version 1.0 like this:
POST /update HTTP/1.0
How do I send an HTTP version 1.0 response like this:
HTTP/1.0 200 OK
I'm using Ruby on Rails 3. Rails responses always seem to be HTTP version 1.1, but if the client sends a request with HTTP version 1.0 I want to respond with HTTP version 1.0.
If you want your controller to build Header-only responses, you can use the head method. Example:
head :bad_request
Would produce the following header:
HTTP/1.1 400 Bad Request
Connection: close
Date: Sun, 24 Jan 2010 12:15:53 GMT
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8
X-Runtime: 0.013483
Set-Cookie: _blog_session=...snip...; path=/; HttpOnly
Cache-Control: no-cache
More information
Related
Can anyone solve the way I can generate akamai streaming token from the browser when the android app is not available?
I get this string from the app :
<--
POST /api/tibo324/getakamaitoken HTTP/1.1
Content-Length: 328
Content-Type: application/x-www-form-urlencoded
Host: tibodrm.appspot.com
Connection: Keep-Alive
User-Agent: Apache-HttpClient/UNAVAILABLE (java 1.4)
<--
auth=84Kwfr741QQv%252BnUMXtW%252FcbZ6aWNQKN0mCAVccmjo%252FXaf6PaB2pz7j3QqAlxHaj%252Fut%252Bu3vSzDt8NO%250AKqNBIgM7ckBedzNMkGOBRtlFfi3gAUuUzYvFN7U9ClHQKKWtfL%252F%252FyB2o1qyvGc2tY8i8lud%252F3tqg%250AhyjUvUD3Bib11V9aQqx8JOBslArMz%252FUaXLR0skPUETIeQatFmGmhFoyuyPhgbg%253D%253D%250A&AppID=v%252B10zWNKL8RJ8SY6LUSZXg%253D%253D%250A
-->
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 26 Dec 2017 22:24:09 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 118
Vary: Accept-Encoding
X-Powered-By: Express
ETag: W/"76-zi4HHRQAuAUejh/FF9M5ZFJtPek"
Via: 1.1 google
Alt-Svc: hq=":443"; ma=2592000; quic=51303431; quic=51303339; quic=51303338; quic=51303337; quic=51303335,quic=":443"; ma=2592000; v="41,39,38,37,35"
-->
?__token__=ip=00.000.00.000~exp=1514332929~acl=*~hmac=e9afdfe9f6b41c0ca14a16bc60a11253aecd432243789144c1ebaa70f23c615e
When I try to fetch the following URL:
https://tibodrm.appspot.com/api/tibo324/getakamaitoken?auth=84Kwfr741QQv%2BnUMXtW%2FcbZ6aWNQKN0mCAVccmjo%2FXaf6PaB2pz7j3QqAlxHaj%2FuFjEcIocduH6Z%0Awc5ZzKaqnmHhinePCNCcvQfh68bi2UvbZq04lBalY0job9%2FyVeuV1kh4hzWnP8sVuRozO27rFhSY%0AmDB8ck%2FuN0SqKEoxzycGUGhaZy3bjy88%2BhhwEMQknGNJ2j2JdMIHMT0AcLTFoQ%3D%3D%0A&AppID=v%2B10zWNKL8RJ8SY6LUSZXg%3D%3D%0A
I get a response in the browser:
Cannot GET /api/tibo324/getakamaitoken
What am I missing?
The answer is in your question: you can't GET the URL because it's accessed via POST only. And it looks like the POST requires an authentication string that's generated via the app. Making a POST without any data returns a descriptive error string:
$ http POST https://tibodrm.appspot.com/api/tibo324/getakamaitoken
HTTP/1.1 200 OK
Alt-Svc: hq=":443"; ma=2592000; quic=51303431; quic=51303339; quic=51303338; quic=51303337; quic=51303335,quic=":443"; ma=2592000; v="41,39,38,37,35"
Content-Encoding: gzip
Content-Type: application/json; charset=utf-8
Date: Wed, 27 Dec 2017 21:44:19 GMT
ETag: W/"31-zIZow+wVfq5Z3stS2NUNRdvP0go"
Server: nginx
Transfer-Encoding: chunked
Vary: Accept-Encoding
Via: 1.1 google
X-Powered-By: Express
{
"description": "no token at all",
"isValid": false
}
The inability to access the token generator through unauthenticated web calls is usually by design as the token is a protective tool Akamai provides customers to prevent access to content outside of the content provider's control.
In short, the content provider you're looking at doesn't want you to access their video outside of their application. If the application isn't able to access the video then you should reach out to the content provider to get that issue fixed rather than trying to circumvent their security scheme.
I am working on a project which requires a client to make an api call to
my
rails application and it to return XML without any http header info.
its currently returning:
HTTP/1.1 200 OK
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Content-Type: application/xml; charset=
X-Ua-Compatible: IE=Edge
X-Request-Id: c5602cd7eb23ca8137bef8bb1f0a4f8a
X-Runtime: 0.027900
Server: WEBrick/1.3.1 (Ruby/1.9.3/2013-11-22)
Date: Wed, 18 Jun 2014 05:27:48 GMT
Content-Length: 529
Connection: Keep-Alive
Set-Cookie: _session_id=a8039d615674feec206e6c55a7a7afc8; path=/;
HttpOnly
<?xml version="1.0" encoding="UTF-8"?>
<cXML>
<Response>
<Status code="200" text="OK"/>
<StartPage>
<URL>http://localhost:3000/foobar/BAh7DDoNYmFza2V0aWRJI...
</StartPage>
</Response>
</cXML>
Can anyone help to remove all the http headers within the controller or any
config? which is below section.
HTTP/1.1 200 OK
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Content-Type: application/xml; charset=
X-Ua-Compatible: IE=Edge
X-Request-Id: c5602cd7eb23ca8137bef8bb1f0a4f8a
X-Runtime: 0.027900
Server: WEBrick/1.3.1 (Ruby/1.9.3/2013-11-22)
Date: Wed, 18 Jun 2014 05:27:48 GMT
Content-Length: 529
Connection: Keep-Alive
Set-Cookie: _session_id=a8039d615674feec206e6c55a7a7afc8; path=/;
HttpOnly
I am using nginx at the moment.
I have some says that this is kind of a nonsense request, since HTTP servers by
definition uses header to talk to one another. But I have also been informed that W3 think otherwise.
http://www.w3.org/Protocols/rfc2616/rfc2616-sec4.html#sec4
I have also googled around for hours attempting other solutions changing my rails controller without any success. Is the last resort possibly changing config in Nginx and wouldn't that effect the whole rails application and not just the api calls or is there a way to single out one call?
Thanks in advance.
T
This is a nonsense request, yeah. You can use the HttpHeadersMore module to remove most of the response headers. Something like this should do it:
location /your/api/path {
more_clear_headers '*';
}
However, you can't remove the Connections header without patching nginx. And even if you could, you can't remove the first line of the response ("HTTP/1.1 200 OK", in this case). Without that line, it isn't an HTTP response. You're going to have a hard time convincing an HTTP server to send non-HTTP responses.
To get what you're describing, I think you'll need a custom server that communicates over bare TCP sockets. This tutorial might help you out. Or maybe you could implement that part of your app in node.js (or another tool)?
I'm having an issue playing with the Document List API on the OAuth 2.0 Playground. All the other APIs work except for this one. The request is being sent from the playground as:
GET /feeds/default/private/full/ HTTP/1.1
Host: docs.google.com
Content-length: 0
Authorization: OAuth <the oAuth string generated>
And the response is coming back as:
HTTP/1.1 400 Bad Request
status: 400
content-length: 19
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
expires: Tue, 29 May 2012 17:11:47 GMT
x-google-cache-control: remote-fetch
server: GSE
via: HTTP/1.1 GWA
cache-control: private, max-age=0
date: Tue, 29 May 2012 17:11:47 GMT
x-frame-options: SAMEORIGIN
content-type: text/html; charset=UTF-8
-content-encoding: gzip
Invalid request URI
Is the API simply deprecated because of Google Drive or is there something else I'm doing wrong?
You have to send requests to version 3 of the API, by either adding the ?v=3 query parameter to the URI or sending the GData-Version: 3.0 header.
I'm trying to use Google's OAuth in my system. I've successfully integrated Twitter and LinkedIn but i'm having hard times with Google.
I already have the consumer key, consumer secret and a valid access token. Using the G's OAuth playground I make a call to a protected resource (https://mail.google.com/mail/feed/atom). I've generated the token using this scope.
Using the authorization data in the HTTP header:
GET /mail/feed/atom HTTP/1.1
Host: mail.google.com
Accept: */*
Authorization: OAuth oauth_version="1.0", oauth_nonce="nounce", oauth_timestamp="1314727855", oauth_consumer_key="myconsumerkey", oauth_token="myvalidtoken", oauth_signature_method="HMAC-SHA1", oauth_signature="signature"
Content-Type: application/atom+xml
GData-Version: 2.0
The response I get from this is a valid HTTP call:
HTTP/1.1 200 OK
Content-Type: text/xml; charset=UTF-8
Set-Cookie: S=gmail=yp_A23KtGOD9:gmproxy=PxCjSERnJWBbe; Path=/mail; Secure
Date: Tue, 30 Aug 2011 18:10:55 GMT
Expires: Tue, 30 Aug 2011 18:10:55 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Content-Length: 353
Server: GSE
<XML response here>
But, (and here comes the error), using the same access token but sending it in the URL as param (https://mail.google.com/mail/feed/atom?oauth_token=myvalidtoken):
GET /mail/feed/atom?oauth_version=1.0&oauth_nonce=nonce&oauth_timestamp=1314729533&oauth_consumer_key=myconsumerkey&access_token=myvalidtoken&oauth_token=oauthtoken&oauth_signature_method=HMAC-SHA1&oauth_signature=signature HTTP/1.1
Host: mail.google.com
Accept: */*
Content-Type: application/atom+xml
GData-Version: 2.0
I get an 401 error:
HTTP/1.1 401 Unauthorized
Content-Type: text/html; charset=UTF-8
WWW-Authenticate: BASIC realm="New mail feed"
Content-Length: 147
Date: Tue, 30 Aug 2011 18:38:53 GMT
Expires: Tue, 30 Aug 2011 18:38:53 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Server: GSE
<HTML about my 401>
EDIT
I saw this example and I tried to use anonymous as consumer key and consumer secret. Now it works... but I need to show to the user the project's name declared in the Google's app registration page. I think i'm not using the correct consumer key and consumer secret.
Any clues on this will be appreciated. :)
Thanks in advance
https://www.rfc-editor.org/rfc/rfc5849#section-3.5.3
In OAuth 1.0, the parameter name is oauth_token not access_token...
I'm using a CXF client to communicate with a .net web service running on IIS 6.
This request (anonymised):
POST /EngineWebService_v1/EngineWebService_v1.asmx HTTP/1.1
Content-Type: text/xml; charset=UTF-8
SOAPAction: "http://.../Report"
Accept: */*
User-Agent: Apache CXF 2.2.5
Cache-Control: no-cache
Pragma: no-cache
Host: uat9.gtios.net
Connection: keep-alive
Transfer-Encoding: chunked
followed by 7 chunks of 4089 bytes and one of 369 bytes, generates the following output after the first chunk has been sent:
HTTP/1.1 404 Not Found
Content-Length: 103
Date: Wed, 10 Feb 2010 13:00:08 GMT
Connection: Keep-Alive
Content-Type: text/html
Anyone know how to get IIS to accept chunked input for a POST?
Thanks
Chunked encoding should be enabled by default. You can check your setting with:
C:\Inetpub\AdminScripts>cscript adsutil.vbs get /W3SVC/AspEnableChunkedEncoding
The 404 makes me wonder if it's really a problem with the chunked encoding. Did you triple-check the URL?
You may well have URLScan running on your server. By default URLScan is configured to reject requests that have a transfer-encoding: header and URLScan sends 404 errors (which is conspicuous over a proper server-error).
UrlScan v3.1 failures result in 404 errors and not 500 errors.
Searching for 404 errors in your W3SVC log will include failures due
to UrlScan blocking.
You will need to look at the file located in (path may differ) C:\Windows\System32\inetsrv\URLScan\URLScan.ini. Somewhere in there you will find a [DenyHeaders] section, that will look a bit like this (it will probably have more headers listed).
[DenyHeaders]
transfer-encoding:
Remove transfer-encoding: from this list and it should fix your problem.