I'm trying to add the following header to my 301 redirect from https://id.danielbakas.com to https://pod.danielbakas.com:
Access-Control-Allow-Origin: *
My 301 redirect was setup using Google Domain's "Website Redirect", but I can't seem to find any documentation about adding headers to the redirect.
If you were to curl the origin URL you would find that the Access-Control-Allow-Origin header is missing:
curl --head https://id.danielbakas.com
HTTP/2 301
location: https://pod.danielbakas.com/profile/card
date: Wed, 14 Dec 2022 17:36:39 GMT
content-type: text/html; charset=UTF-8
server: ghs
content-length: 237
x-xss-protection: 0
x-frame-options: SAMEORIGIN
However, if you were to curl the destination URL, you would find that the header is indeed present:
curl --head https://pod.danielbakas.com/profile/card
HTTP/1.1 200 OK
Vary: Accept,Authorization,Origin
X-Powered-By: Community Solid Server
Updates-Via: wss://pod.danielbakas.com/
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Expose-Headers: Accept-Patch,Accept-Post,Accept-Put,Allow,ETag,Last-Modified,Link,Location,Updates-Via,WAC-Allow
Allow: OPTIONS, HEAD, GET, PATCH, PUT, DELETE
Accept-Patch: text/n3, application/sparql-update
Accept-Put: */*
Content-Type: text/turtle
Link: <http://www.w3.org/ns/ldp#Resource>; rel="type"
Link: <https://pod.danielbakas.com/profile/card.meta>; rel="describedby"
Link: <https://pod.danielbakas.com/profile/card.acl>; rel="acl"
Last-Modified: Mon, 12 Dec 2022 20:21:11 GMT
ETag: "1670876471000"
WAC-Allow: user="read",public="read"
Date: Wed, 14 Dec 2022 17:38:07 GMT
Connection: keep-alive
Keep-Alive: timeout=5
How could I configure this redirect so that this header is present in the origin URL?
Thank you so much!
Related
I am using traefik in kubernetes and I have a service deployed that is returning 103 Early Hint. I can confirm that it is working by directly querying the service, e.g.
curl -D - http://contra-web-app
HTTP/1.1 103 Early Hints
Link: <https://builds.contra.com>; rel="preconnect"; crossorigin
Link: <https://fonts.googleapis.com/css2?family=Inter:wght#400;500;600;700;900&display=swap>; rel="preload"; as="font"
Link: <https://builds.contra.com/3f509d0cc/assets/entry-client-routing.4f895d55.js>; rel="modulepreload"; as="script"; crossorigin
Link: <https://www.googletagmanager.com/gtag/js?id=G-96H5NXQ2PR>; rel="preload"; as="script"
HTTP/1.1 200 OK
cache-control: no-store
referrer-policy: strict-origin-when-cross-origin
x-frame-options: sameorigin
content-type: text/html
content-length: 9062
Date: Tue, 26 Jul 2022 20:34:19 GMT
Connection: keep-alive
Keep-Alive: timeout=72
However, requesting the same service through Traefik just returns 200 response:
curl -H 'host: contra.com' -D - http://contra-traefik.traefik/gajus
HTTP/1.1 200 OK
Cache-Control: no-store
Content-Length: 11441
Content-Type: text/html
Date: Tue, 26 Jul 2022 19:51:48 GMT
Referrer-Policy: strict-origin-when-cross-origin
Set-Cookie: contra_web_app_service=394e7e912ad85b66; Path=/; Secure
Vary: Accept-Encoding
X-Frame-Options: sameorigi
At this point, I am unable to establish whether I am missing a configuration or if Traefik does not support it.
We recently started using Azure CDN however some users reported an issue and we got a screenshot from one of them:
:
We were not able to get any more information on the issue. Any idea what could cause this and how to fix it?
Our origin server returns correctly the file with the following response headers:
Accept-Ranges: bytes
Access-Control-Allow-Origin: https://www.google.com
Cache-Control: max-age=31536000
Content-Encoding: gzip
Content-Length: 1956119
Content-Type: text/css
Date: Tue, 16 Feb 2021 18:44:10 GMT
ETag: "011889dd7ffd61:0"
Expect-CT: max-age=604800, enforce,
Feature-Policy: autoplay 'none'; camera 'none'
Last-Modified: Wed, 10 Feb 2021 18:07:38 GMT
strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
I got a similar problem. I was able to fix this by enabling cache i Dev Tools.
Enable cahce in Dev Tools
Used google oauth2 playground: https://developers.google.com/oauthplayground/
Followed: https://developers.google.com/accounts/docs/OAuth2WebServer#offline
Anyone why I am getting invalid request?
POST /o/oauth2/token HTTP/1.1
Host: accounts.google.com
Content-length: 209
Content-type: application/x-www-form-urlencoded
Authorization: OAuth ya29.XXXXXXXX
client_id=XXXXXXXXX&
client_secret=XXXXXXXXX&
refresh_token=1/0ffkj5lggn8XXXXXXXXX&
grant_type=refresh_token
HTTP/1.1 400 Bad Request
Content-length: 33
X-xss-protection: 1; mode=block
X-content-type-options: nosniff
X-google-cache-control: remote-fetch
-content-encoding: gzip
Server: GSE
Reason: Bad Request
Via: HTTP/1.1 GWA
Pragma: no-cache
Cache-control: no-cache, no-store, max-age=0, must-revalidate
Date: Thu, 11 Oct 2012 21:29:55 GMT
X-frame-options: SAMEORIGIN
Content-type: application/json
Expires: Fri, 01 Jan 1990 00:00:00 GMT
{
"error" : "invalid_request"
}
If you're getting 400 is because you are adding an invalid parameter or missing one.
edit:
i believe from the given data there is an extra header Authorization. This is used in oauth2 only when access_token is passed in header, to make authenticated calls
Authorization : Bearer XXXXXXXXXXXXXXXX
while refreshing access_token there is no need to provide the same in header.
https://developers.google.com/accounts/docs/OAuth2InstalledApp#refresh
I want to get content-length from a URL that it sends me this header:
HTTP/1.1 301 Moved Permanently Date: Sun, 01 Jan 2012 09:34:44 GMT Server: Apache Location: https://www.sugarsync.com, www.sugarsync.com/pf/D6304231_0192919_76577 Keep-Alive: timeout=300, max=9793 Connection: Keep-Alive Content-Type: text/plain; charset=UTF-8
The problem is that the original URL is the same new URL that in this header is sent! In other words: I get the headers from URL: https://www.sugarsync.com/pf/D6304231_0192919_76577 and in headers that I get, it redirects to the same page.
I don't seem to have that problem with the URL you provided:
C:\Users\rleahy>openssl s_client -quiet -connect sugarsync.com:443
Loading 'screen' into random state - done
depth=1 /C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./OU=http://certificates
.godaddy.com/repository/CN=Go Daddy Secure Certification Authority/serialNumber=
07969287
verify error:num=20:unable to get local issuer certificate
verify return:0
HEAD /pf/D6304231_0192919_76577 HTTP/1.1
host:www.sugarsync.com
HTTP/1.1 200 OK
Date: Sun, 01 Jan 2012 10:16:13 GMT
Server: Apache
Set-Cookie: JSESSIONID=22C35505626E63560F5F00BDE86BD458; Path=/; Secure
Content-Disposition: attachment;filename="Algorithms(01).rar"
Accept-Ranges: bytes
Etag: file_1319015834000
Last-Modified: Wed, 19 Oct 2011 09:17:14 GMT
Content-Length: 468987
Content-Type: application/x-download
Set-Cookie: NSC_wt_xxx.tvhbstzod.dpn_443=ffffffff090d78d545525d5f4f58455e445a4a4
2378b;path=/;secure;httponly
Are you sure you're not connecting with HTTP rather than HTTPS? Connecting with HTTP does indeed give a 301 (asking you -- in effect -- to connect using HTTPS).
I'm watching 392 repositories on Github. However, the Github API only returns 100. Does anyone have any idea why?
https://github.com/api/v2/json/repos/watched/trivektor
You need to paginate manually using the page parameter. The HTTP Response headers will tell you the next and the last page, if available. Check the headers:
X-Next
X-Last
Examples:
curl -D- https://github.com/api/v2/json/repos/watched/trivektor
HTTP/1.1 200 OK
Server: nginx/1.0.4
Date: Sat, 22 Oct 2011 08:24:45 GMT
Content-Type: application/json; charset=utf-8
Connection: keep-alive
Status: 200 OK
X-RateLimit-Limit: 60
ETag: "c597e396e9f17b91c5c5a7e462ba954f"
X-Next: https://github.com/api/v2/json/repos/watched/trivektor?page=2
X-Last: https://github.com/api/v2/json/repos/watched/trivektor?page=5
Now the 2nd page:
curl -D- https://github.com/api/v2/json/repos/watched/trivektor?page=2
HTTP/1.1 200 OK
Server: nginx/1.0.4
Date: Sat, 22 Oct 2011 08:28:08 GMT
Content-Type: application/json; charset=utf-8
Connection: keep-alive
Status: 200 OK
X-RateLimit-Limit: 60
ETag: "c57d0e97e2062672cb3771467cf2abc7"
X-Next: https://github.com/api/v2/json/repos/watched/trivektor?page=3
X-Last: https://github.com/api/v2/json/repos/watched/trivektor?page=5
X-Frame-Options: deny
X-RateLimit-Remaining: 58
X-Runtime: 353ms
Content-Length: 44966
Cache-Control: private, max-age=0, must-revalidate
And the last one:
curl -D- https://github.com/api/v2/json/repos/watched/trivektor?page=5
HTTP/1.1 200 OK
Server: nginx/1.0.4
Date: Sat, 22 Oct 2011 08:28:30 GMT
Content-Type: application/json; charset=utf-8
Connection: keep-alive
Status: 200 OK
X-RateLimit-Limit: 60
ETag: "11ce44ebc229eab0dc31731b39e10dcf"
X-Frame-Options: deny
X-RateLimit-Remaining: 57
X-Runtime: 93ms
Content-Length: 7056
Cache-Control: private, max-age=0, must-revalidate
Very common for API's to limit the size of a response object to protect against outliers. Given that it's returning a round number, that suggests this is by design. I don't see them discussing paging in their docs, so it might just be a hard cap. Either way, you should just ping github.