I am using Perl's REST::Client to make a multipart POST request:
#! /usr/bin/perl
use REST::Client;
use JSON;
$file = 'output.csv';
$headers = {'Content-Type' => 'multipart/form-data', 'Authorization' => 'Bearer '.$token.''};
$client = REST::Client->new();
$req = '{"sessionId" => '.$sessionId.' , "content" => ["file" => ['.$file.']]}';
$client->setHost(<host>);
$client->POST( '/api/test',$req, $headers);
$response = from_json($client->responseContent());
REST api is as follow:
#PostMapping("/test")
#Timed
public Response<Map<String, Object>> test(#RequestParam("file") MultipartFile file,
#RequestParam("sessionId") Long sessionId,
HttpServletRequest request) throws URISyntaxException {
}
when I run the script getting following error:
Failed to parse multipart servlet request; nested exception is java.io.IOException: org.apache.tomcat.util.http.fileupload.FileUploadException: the request was rejected because no multipart boundary was found]
I am new with perl, is anything wrong with syntax or something else ?
REST::Client expects you to make the entire message body, and you aren't doing that. Indeed, you shouldn't be trying to do manually construct the request (or even the JSON). I suspect from your code that you aren't really supposed to make a multipart request, but I'd have to see the API docs to say anything about that.
Here's the similar task in Mojo::UserAgent. Instead of trying to make the message body, I make the request with a data structure that Mojo figures out:
use Mojo::UserAgent;
use v5.10;
my $ua = Mojo::UserAgent->new;
my $url ='http://httpbin.org/post';
my $session_id = 'deadbeef';
my $filename = 'upload_file.csv';
my $tx = $ua->post(
$url,
form => {
session => $session_id,
some_file => {
file => $filename,
},
},
);
say "Request:\n", $tx->req->to_string;
say "Response:\n", $tx->result->to_string;
Sending this to httpbin is a convenient way to test things. The output shows that the header and multipart stuff happens for you automatically:
Request:
POST /post HTTP/1.1
User-Agent: Mojolicious (Perl)
Content-Length: 208
Content-Type: multipart/form-data; boundary=75OiX
Accept-Encoding: gzip
Host: httpbin.org
--75OiX
Content-Disposition: form-data; name="session"
deadbeef
--75OiX
Content-Disposition: form-data; name="some_file"; filename="upload_file.csv"
upload,this,file
here's,another,line
--75OiX--
Response:
HTTP/1.1 200 OK
Connection: keep-alive
Access-Control-Allow-Credentials: true
Date: Sat, 25 Apr 2020 03:44:04 GMT
Access-Control-Allow-Origin: *
Content-Length: 516
Content-Type: application/json
Server: gunicorn/19.9.0
{
"args": {},
"data": "",
"files": {
"some_file": "upload,this,file\nhere's,another,line\n"
},
"form": {
"session": "deadbeef"
},
"headers": {
"Accept-Encoding": "gzip",
"Content-Length": "208",
"Content-Type": "multipart/form-data; boundary=75OiX",
"Host": "httpbin.org",
"User-Agent": "Mojolicious (Perl)",
"X-Amzn-Trace-Id": "Root=1-5ea3b204-12cfdb84b9c9c504da559e80"
},
"json": null,
"origin": "199.170.132.3",
"url": "http://httpbin.org/post"
}
I have many more examples in Mojolicious Web Clients.
Related
I'm trying to send a JSON body to my API using Gatling, but I keep getting error 400 because it cannot unmarshal the body I'm sending:
private val authHeaders = Map(
"Accept" -> "application/json, text/javascript, */*; q=0.01",
"Authorization" -> "Bearer ${access_token}"
)
var requestBody: Body with (Expression[String]) =StringBody("{ \"productId\": " +
product1 + ", \"qty\": "+ 1 +" , \"storeId\": "+ storeId + "}")
var addToCart: ChainBuilder = exec(http("addToCart")
.post(addToCartUrl)
.headers(authHeaders)
.body(requestBody)
.check(bodyString.saveAs("body"))
)
In the Gatling logs I can read that I'm sending this kind of request:
HTTP request:
POST ....
headers:
Accept: application/json, text/javascript, */*; q=0.01
Authorization: Bearer ....
cookie: ROUTE=....
host: .....
content-length: 53
cookies:
ROUTE=...., path=/, secure, HTTPOnly, SameSite=None
body:StringChunksRequestBody{contentType='null', charset=UTF-8, content={ "productId": XXXX, "qty": 1 , "storeId": XXXX}}
I don't think I'm creating the correct body, Is there a way to send only
{ "productId": XXXXX, "qty": 1 , "storeId": XXXXXX} as body?
I might have put the contentType in the wrong way, what is the right order?.
Are you sure product1 and storeId are numbers and not Strings? Otherwise, they must be wrapped with double quotes, which they currently aren't.
I am using webdriverIO version 7 and axios in order to try to make login via API instead of doing it using UI.
This is my code:
getAuthToken({ email, password }) {
// axios
// .post('https://my-app.com/login', {
// j_username: email,
// j_password: password,
// CSRFToken: 'some-token',
// })
// .then((response) => {
// console.log('XXX');
// console.log(response);
// });
const data = {
j_username: email,
j_password: password,
CSRFToken: 'some-token',
};
axios({
method: 'POST',
headers: { 'content-type': 'application/x-www-form-urlencoded' },
data: qs.stringify(data),
url: 'https://my-app.com/login',
}).then((response) => {
console.log('XXX');
console.log(response);
});
}
I am trying to do it in both ways as above but I don't get ever response printed in the console.
I tried to do the request via Postman and it is working fine.
Also I am monitoring the traffic on the site via Fiddler Everywhere app and when this method gets executed, then nothing is shown in the Fiddler.
On the other hand when I do it via Postman, Fiddler catches it.
This is Raw Postman Request data:
POST https://my-app.com/j_spring_security_check HTTP/1.1
User-Agent: PostmanRuntime/7.28.0
Accept: */*
Cache-Control: no-cache
Postman-Token: 39311680-b11c-4a65-8ff7-2f03b97bf5eb
Host: my-app.com
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Content-Type: multipart/form-data; boundary=--------------------------619522728182415185770824
Cookie: anonymous-consents=%5B%5D; cookie-notification=NOT_ACCEPTED
Content-Length: 436
----------------------------619522728182415185770824
Content-Disposition: form-data; name="j_username"
email#test.com
----------------------------619522728182415185770824
Content-Disposition: form-data; name="j_password"
123456
----------------------------619522728182415185770824
Content-Disposition: form-data; name="CSRFToken"
some-token
----------------------------619522728182415185770824--
This is Raw Request when I do it through Chrome
POST https://my-app.com/j_spring_security_check HTTP/1.1
Host: my-app.com
Connection: keep-alive
Content-Length: 90
Cache-Control: max-age=0
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Google Chrome";v="90"
sec-ch-ua-mobile: ?0
Upgrade-Insecure-Requests: 1
Origin: https://my-app.com
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Referer: https://my-app.com/login
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cookie: JSESSIONID=some_id; dtCookie=some_data; anonymous-consents=%5B%5D; cookie-notification=NOT_ACCEPTED
j_username=ecx%40test.com&j_password=123456&CSRFToken=some_token
What am I doing wrong? Why it doesn't never log the response while doing it through axios?
Thanks!
The function is written correctly.
Postman passes additional details also which you can to look into.
Lets consider the scenarios which may cause the API call to fail:
Your function might not be correct.
The API is not configured properly.
Issues in the network.
Tackling the first scenario:
Check whether the function getAuthtoken() is getting invoked or not.
There might be an issue of CORS which you need to fix.
As you are send a JSON data, the server side must also accept the JSON data, or specify it in request headers. like
const data = {"name":"Example"}
axios.post('https://linkToApI.com', {
headers: {
'Content-Type': 'application/json',
'Authorization': 'some_auth_method_like_authToken',
specify other necessary headers
},
data
})
Getting to the second scenario:
Configuring the server is important.
make sure there is not any cors issue which is getting in the way.
make sure server is accepting the request data which you are sending.
make sure if the request fails it sends a error response.
Additional changes in the code for debugging purposes:
Whatever code you use please try to add a catch block as if the promise fails we can get the error message why is it failing. below is the example:
axios({
method: 'POST',
headers: { 'content-type': 'application/x-www-form-urlencoded' },
data: qs.stringify(data),
url: 'https://my-app.com/login',
}).then((response) => {
console.log('XXX');
console.log(response);
}).catch(e=>{console.log(e)}); // this will provide you with info why is it failing
Experimenting with Azure DevOps using Postman and a SAPUI5 test application, essential knowledge of how xhr requests work. Managed to successfully read and update a Work Item in DevOps using Postman, however the latter step (update-PATCH) fails when I try to do it using SAPUI5 (read-GET worked). What I get is an authorization failure, telling me that I should use a token bearer authorization, problem is that I'm already doing it but seems to be ignored. Samples of (working) Postman and (non-working) SAPUI5 request headers along with the error returned to SAPUI5 anf the invocation call below. Having a look at them, issue SEEMS to be an authentication cookie sent from SAPUI5 which I can't remove at the moment. Any ideas?
PS: this is research work, in order to avoid CORS stuff, I'm running Chrome with no security option.
Postman Request Header (as shown in Postman, data body included):
--header 'Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6IkhsQzBSMTJza3hOWjFXUXdtak9GXzZ0X3RERSIsImtpZCI6IkhsQzBSMTJza3hOWjFXUXdtak9GXzZ0X3RERSJ9.eyJhdWQiOiJodHRwczovL21hbmFnZW1lbnQuYXp1cmUuY29tLyIsImlzcyI6Imh0dHBzOi8vc3RzLndpbmRvd3MubmV0L2JkZWFlZGE4LWM4MWQtNDVjZS04NjNlLTUyMzJhNTM1YjdjYi8iLCJpYXQiOjE1ODIxMTQzNTYsIm5iZiI6MTU4MjExNDM1NiwiZXhwIjoxNTgyMTE4MjU2LCJhaW8iOiI0Mk5nWUdCL0Y4RCtXcUZuaG5QVTZkUTdHdGF5QUE9PSIsImFwcGlkIjoiZDU1M2E1NTctMjdjMy00MWQ3LWFiM2YtNzc4NDVjNDg3Y2VkIiwiYXBwaWRhY3IiOiIxIiwiaWRwIjoiaHR0cHM6Ly9zdHMud2luZG93cy5uZXQvYmRlYWVkYTgtYzgxZC00NWNlLTg2M2UtNTIzMmE1MzViN2NiLyIsIm9pZCI6ImE4NDUyYmJiLWY3NmUtNDExZi05ZGFlLWU5YmZmOGRhZGIyZCIsInN1YiI6ImE4NDUyYmJiLWY3NmUtNDExZi05ZGFlLWU5YmZmOGRhZGIyZCIsInRpZCI6ImJkZWFlZGE4LWM4MWQtNDVjZS04NjNlLTUyMzJhNTM1YjdjYiIsInV0aSI6Im9wNXYzN1RvdVVlTXBFdTJaRFN1QUEiLCJ2ZXIiOiIxLjAifQ.euzljaai1dMHgPwmN5smOUTCBW0cK_i8kNPdi9wdhAQ17eGoX8tYg6RK8gufsY3aPo_WTLsouR8f_tTjt1BdmGmH4h0hNO7hlHkXMUQr2ZJfMwX1UhikcX91fVMUuSneqnaMo8EqqtBa3iROn1Pi_sN5v8sQPYtkJBwZaFx20SxbQu_dMjilw9ibPhv24GAMY_2z53lBegagqaCbPHR7e-g94363eZh6RlX0bBJhaoK5zj8G1U6xqdLyGSY1q1lWo3m1GTjAciWuF7zvSLqOpzAMhu9GkY07idKdHjKQefewOFygsuGzMWTPklGyzHqHkagzyeubZrIKA1Jpi6beSg' \
--header 'Content-Type: application/json-patch+json' \
--data-raw ' [{
"op": "replace",
"path": "/fields/System.Title",
"value": "The ability to restrict access for users who are on long term leave XXX"
}]
SAPUI5 Request Header (from Debugger "Network" tab)
:authority: XXXXXXXXXXXX.visualstudio.com
:method: PATCH
:path: /SAP/_apis/wit/workitems/8919?api-version=5.1
:scheme: https
accept: */*
accept-encoding: gzip, deflate, br
accept-language: en-GB,en-US;q=0.9,en;q=0.8
authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6IkhsQzBSMTJza3hOWjFXUXdtak9GXzZ0X3RERSIsImtpZCI6IkhsQzBSMTJza3hOWjFXUXdtak9GXzZ0X3RERSJ9.eyJhdWQiOiIwMDAwMDAwMi0wMDAwLTAwMDAtYzAwMC0wMDAwMDAwMDAwMDAiLCJpc3MiOiJodHRwczovL3N0cy53aW5kb3dzLm5ldC9iZGVhZWRhOC1jODFkLTQ1Y2UtODYzZS01MjMyYTUzNWI3Y2IvIiwiaWF0IjoxNTgyNTUyMjA0LCJuYmYiOjE1ODI1NTIyMDQsImV4cCI6MTU4MjU1NjEwNCwiYWlvIjoiNDJOZ1lKajRwV0s5OTBIcEV5YlQ5ZVpLV2lwdUFRQT0iLCJhcHBpZCI6ImQ1NTNhNTU3LTI3YzMtNDFkNy1hYjNmLTc3ODQ1YzQ4N2NlZCIsImFwcGlkYWNyIjoiMSIsImlkcCI6Imh0dHBzOi8vc3RzLndpbmRvd3MubmV0L2JkZWFlZGE4LWM4MWQtNDVjZS04NjNlLTUyMzJhNTM1YjdjYi8iLCJvaWQiOiJhODQ1MmJiYi1mNzZlLTQxMWYtOWRhZS1lOWJmZjhkYWRiMmQiLCJzdWIiOiJhODQ1MmJiYi1mNzZlLTQxMWYtOWRhZS1lOWJmZjhkYWRiMmQiLCJ0ZW5hbnRfcmVnaW9uX3Njb3BlIjoiRVUiLCJ0aWQiOiJiZGVhZWRhOC1jODFkLTQ1Y2UtODYzZS01MjMyYTUzNWI3Y2IiLCJ1dGkiOiJkazJkaklvWlJFT0pUSTlzN0QyVkFBIiwidmVyIjoiMS4wIn0.jsUzsnVpz6WtkcmjnvS22_b8pTNQIpcLhA3bRuFaQUek1dPNwOS5K_7pqoqmJeQhmuY2TFoQ6Yx6GGgHf91eKXLhaABXc9TYHMr5UMcGf11mGfIUlDf9Si5kd5UP_HhyCVsSYAsPhihU9SutYzBK5Nw0pxPKLP27C2IUJ8qH0ax8Pid3czWkMQGZUkJtHiXB9ewo3fPOloRWVqsvHp9UbL1L5o9ErWZHxyBty_kaheNCWI-aoCUEFBqDO8kNK-JONS9qNQ7zGYYvkJMcMwpwYctxlso1-x81Um3EFGqkJbGCjT0vSNMlRrrPKI0vG4QLuLX4JTr91b08Nj3cv6zTng
content-length: 129
content-type: application/json-patch+json
cookie:SpsAuthenticatedUser=DisplayName=Grigorios%20Kampouroglou&aad=False;VstsSession=%7B%22PersistentSessionId%22%3A%222faed874-961a-4420-989e-b747711f4a13%22%2C%22PendingAuthenticationSessionId%22%3A%2200000000-0000-0000-0000-000000000000%22%2C%22CurrentAuthenticationSessionId%22%3A%22df72f060-60df-4490-9a89-5a291acc15b2%22%2C%22SignInState%22%3A%7B%22spsprodweu4.vssps.visualstudio.com%22%3A%7B%22LastSignInTick%22%3A637177215165345730%2C%22SignInCount%22%3A2%7D%7D%7D; FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U2VjdXJpdHlDb250ZXh0VG9rZW4gcDE6SWQ9Il8wYmMyNzFmMC03NTllLTQ4NTYtODQ3MS1jMzBhNmM0NDFhOGUtN0M5N0VEMjBFREI4NjYyRTdBRkYzRTEyRDQ3RUI4QjQiIHhtbG5zOnAxPSJodHRwOi8vZG9jcy5vYXNpcy1vcGVuLm9yZy93c3MvMjAwNC8wMS9vYXNpcy0yMDA0MDEtd3NzLXdzc2VjdXJpdHktdXRpbGl0eS0xLjAueHNkIiB4bWxucz0iaHR0cDovL2RvY3Mub2FzaXMtb3Blbi5vcmcvd3Mtc3gvd3Mtc2VjdXJlY29udmVyc2F0aW9uLzIwMDUxMiI+PElkZW50aWZpZXI+dXJuOnV1aWQ6ODE1M2FmMGItNTY5OS00OWFjLTgwZmEtMjM0NjY2MzgyZTg2PC9JZGVudGlmaWVyPjxDb29raWUgeG1sbnM9Imh0dHA6Ly9zY2hlbWFzLm1pY3Jvc29mdC5jb20vd3MvMjAwNi8wNS9zZWN1cml0eSI+MFlkQ1daWk9tSTRBQVFBQUNvRHFhbnBTQzhmU09ZeDRLbE1naFBoNmtNOHAwMDJTNEV4ZG4wWFZFSEdNbzBBeE81NzZuaHBVeXYyYXBxWWZkTFVhV3luVUlXSkZ0SFZsa2VGcGxSdkNtK0NLbnJVRlV1NjI5LytSdUpCTEd3bDRNU3NKTVVwK215dXNUVDZ3aVhRa2JnN3Y5Q2ZoQVlGUDEwaytZaTh5L3VVQ2NTeWVhbGtxdWlIVHd2Rjh3ZlovOGRlU3YxS3R1VFRYRlhLbFdaWTlwMi8yOU1FeUw4elM1R2xBdVhNWjNUR0lQckl5SXNWNjQ3R3FOT3lOQ05OVmdZeGl2cmxnM0RuOHZLQkp1RCtaMzVOQ1Bmay9DcjBUbzh3c2hqa0dHUjFQNHcxSnpNVHJ6S2xoN2VJT2lOOVlLczV1L001V3hsVU83RFNYSU91SWE5L2Y4VmxvVjN1cm5MT3pTU2N1Q1MwTjZVRzhyU3pIeXc5Q1NFU21tcWV2ejI4QUM0ajV1dHJhLzdwREFBRUFBRnlIdVp3cVhESmVkNUt6T2dkYzIrRktNdHNTM3VyUHNQeHY3OVRiZVRMYTFYREdPNEVBbzJMa0VPN2kxMVBzZHJ0S1pVK25MbXJRZUlWc2xHYk41Q3RaUzBZK3oxOWpCNjVNaUtFZXNITXF4Q3FOWFh1bnJDaDkvZUNkWE9pZnllTVlxLzhwMldNWWhxMVI1cVhxeWR3RVRrVmREY2VNMy9yazJmN1dyQUs2dm1qdDhRbnlNVmhhbXdCdkpZWm9oQkxvV0hMaVlyMlc3clZUc1BGWmZOWkIrb29UY0RjUzNnUmtRWi9PbmN4OUMrbDVNNmxsb1J5QnhjeDgySmQ4UUE5Q25DcCtLYXRRYTZSRnhZenAzTjFKRHdmR3ZBQTE0emNueDZuUjAxL25PK2hYTW9ad2pwZ1ZqKytCNzIxYy9GSlk1bHRUQmhyQzVHZWVQK0M0Nnh2d0JBQUFmVjkrTVFEY0NzRVovWFYzSHpZdkN3bjhkY054ZDUvdUIreFRkKzU1ZldMczVraytCcEJESk5IUW5WelNXTFEvRnlaT3hGWGMvQ2U2ZnliSVZTajViY3A4Z1lKY1FNVzZCRlhhWEg2TXp4TGtBaFBxZ0VrNHBOMXJzcWxqOVFmWXY0UTNYNGhmSlMzMG1PZ25jYVFPZHpDSmlyRGlMMGR0NFN2ZVlOeEJlT1lTZTRDZjV1YWw1ZllWWjBweUhTQmR0ODltTGVLU2V3UGxMMmloL29kU0k5bi9NU3R5N3BtSnRTcWhDaG9VbWtyTmpVUnVYVVJ4dGZBTHhDTngzVDJhbnlUa3BUN1AzVjVOUEhFWVcvRGw0aUNXVGV5ZUFLOE5qUUVXc1A4aytWWU90UWZONU5o; FedAuth1=Z1FEWFk3TlA4UDV4NFZzZ0lmcFE5ZmNRTTNvR3g3K1E2N1ZCSTBVVnRhbWZSaEswN3ZjRGsrZXk0dE9XMXpvbFovR3pYaUM0Yk8zZnpjamFhZDJCMkNHbFpva1I3QXphQnFqQm5HdlBVcU8zVjNzSTd4THdsVVhGSS9Qak54OFBXZm5vMnhkM2F5dTZUaWhVZDFJY3R0ZXp6Nm45b0JqTkFXUDJCNWNjNERMT1IxOHBGdVR6YXFxMmo3K3Y1WDVnN2pRWnBHVVpFbUtOUWdVUnhMakRTK3M1Y0RaOUVBeXlEaXBTMktRbGY1dFk3MTVva3liU3hDUGhJVWlnQktFNEx2M0dmb0lpSzVGT0VKeTRWalY4MG4wRlB3V2lZblU0Yy9SRjI2NWlFM1Mzdzc2ZElqQlJKdXc2dU5EY0Jia3ZieWx2VWRuRnFpVm1MQnVYaWFtTW5FNUhEejNDTHNrUXBNaWZmNklaMWtzbkVkOEV6d0l1U1dhUnFNOG5xWXQyeGRTU1p5TXN6R04xeHJjbEM2bTU0Wi9XU3BjU3hHZlpwVExIa1FleERkYmlrMTZjRlI5RW1iTFdkaUhLb1dzaU9mMUJqOWNCcmpDRDIxVFROaS9WZmNiRjZxa0toWmRrczVxNlhsN2tLcC9yb2I4bjlyYXo0SDM1NTh6am51YjZNdDZJNnZNM3prZjhnMUs4dlhXR0FJbHhYVVhxMkNJdXdyUUtITGZuVE1veWMwajQzZCtlQXFJRkFBU3ZEZTdNb3I0MGYzSnVIQnF4elBWczNrUzNBU05BcWdad0JKY2F3U2YydnA0cE5DZ2YrTEdDVHhkSzJINzV6ZWJQbnh2WVQ5bDlQWXMyUW93bUVkU0Y5MXk5MSt1QTc4b2pwck94WSsrZE5UclczbDEwUjdIZm14L1RPVWpIUHQ3V1dKRjI5SmYrbzViVG0rZUZSOVlxQlBSanBLTm9xQW5RY2tuSEFQeFpLYWNwQVozaVNqOTBVa0EyMnNac2Z1MTdRTU9xd0k1SVNZbFh6d20xV3JDeDRYQ0VVOW9nK3ByajdROENzeFpqRVIzNjlTSitsLzIzc0hUa2t6eUpzV2RadUJSYzJhUWpoREFJK0tONVlGU3Z4TStMMUtSd29YQW5FaE1pcHRTaml0Z0RIaHF5N2Q0V2lNU3h6VmdVRXVCWTZVOTUzT0ErcDhXWmdaTlRqRDRHWFIvamFPOUNZWjJ4cHNTaURvRHBOeG9nUmMxbnpuVUNkcGsrZHpuNmN1dzZDY1dIYlgzUDdHWVVxcFJnRDFZUU5XSnVTdHdyZ2tOd2wzVDM0cWhJdEhhczRpdHVPb2pEMkJwY2hOb3dBM1FQblRFLy9tR216R1JPNkgwbEVCY2p6OE1JNmE5SVFsUjBxL1lqbGtWbStGS2RDY0dzTDlHOE05TVRHN3hsenYyK1hmSENDOEt6WEt5NjdDTGMxTW0rTTI1Q3NqMzBadS9xdTYranlYWDBwblVaNERHSjZ0bFk5c202WUkveDhDQWswSjkwQmg2UFF0YVdBYU1tQTJDNld4TytuVkp2SjVoVWhOWkxFYkk0dThiMGtXL3JOOGxzZnZFb1JEemUzdjFXcXZlVldUaGpPZTdZeWdUeVlkcmE1RGorUGVhenloMzBSNldXdGp0c2k1NlFldmpYLzZ3am1QNFJYR1Z3QURZcU1JTVFRcXFXOUhsbnVuWHBSYk85eVByZWV0S3p6UWw0aUQxNDV4N2phclY0U2JQb003bkdESmxia3VCV1A5RHNMUDVYb2hOQ2pyS0RpaDJ2bk9zSnVpWkZRN3liMVZwVG9qeUl3cUE9PTwvQ29va2llPjwvU2VjdXJpdHlDb250ZXh0VG9rZW4+; UserAuthentication=eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6InpQVTRQb1VlNU1McFR2dWRGTmxaQXQ4Mkd4ayJ9.eyJmYW1pbHlfbmFtZSI6IkthbXBvdXJvZ2xvdSIsImdpdmVuX25hbWUiOiJHcmlnb3Jpb3MiLCJvaWQiOiIzZWY1OThmMi00MTk4LTQ1NDctYTM5Mi0zMmJhYTdkNTA4NTIiLCJ0aWQiOiJiZGVhZWRhOC1jODFkLTQ1Y2UtODYzZS01MjMyYTUzNWI3Y2IiLCJzdWIiOiJiZGVhZWRhOC1jODFkLTQ1Y2UtODYzZS01MjMyYTUzNWI3Y2JcXHVpdGdrYUBsZWVkcy5hYy51ayIsInVuaXF1ZV9uYW1lIjoidWl0Z2thQGxlZWRzLmFjLnVrIiwiZW1haWwiOiJ1aXRna2FAbGVlZHMuYWMudWsiLCJwdWlkIjoiYWFkOjEwMDMzRkZGQTNBRkZENEQiLCJ2ZXIiOiIxLjAiLCJqdGkiOiJmOGQ1ZDczNS1hNjNkLTQ5N2QtYWNjNi0xZTBmYTUwM2E4NmQiLCJpc3MiOiJhcHAudnN0b2tlbi52aXN1YWxzdHVkaW8uY29tIiwiYXVkIjoiZTVjODY2NzYtZDA2My00ZGEzLWJiOTYtYzhlMDUwNGJkYmE1IiwibmJmIjoxNTgyNTQ5NjY5LCJleHAiOjE1ODMxNTQ0Njl9.DDrwADcUeMCB-Tt9sLu6T042hel7aTdm8IfUmQY7pHOkT9VPQSAhVE-Puw3Y8dzfnzteIhojaSEsVI17pjGblOuDbCVcb9LzJ17u-XCmD2SY2M6i-t_xOaj-daYy2tRigVpN-lCoQ-K9VcF7mkHH4hiFynHUQDMcUn7gV9xs7zDCE4ILbDvnltKfFvcn0wQP0BxJwurhK8PaDhSPrr1fm-b38zmYB8nGEaYiobDdX8ZSOxMnlEUivoRkogGp51nSHZzexI3ER7TDJRMPSVkTeaIiatoWWjli8AlPewMKM46Ulb6TtbC4liBrqFnY46dTA-aSvb0oyNCynJi89b2yXw
origin: https://webidetesting4693883-af5c37dc2.dispatcher.hana.ondemand.com
referer: https://webidetesting4693883-af5c37dc2.dispatcher.hana.ondemand.com/webapp/index.html?hc_orionpath=%2FDI_webide_di_workspace92fzelc13935in9e%2FTest_space&neo-di-affinity=BIGipServerdisapwebide.hana.ondemand.com+%21MfjRbGTQMxtzeMH2sXeD7QV2Vba36qePi57x9XciOdsuGVAcQO4JzpULTwOmB5brhKtfSMM9EVgn%2FK0%3D&origional-url=index.html&sap-ui-appCacheBuster=..%2F&sap-ui-xx-componentPreload=off
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: cross-site
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36
Error response
"{"$id":"1","innerException":null,"message":"A cross-origin request from origin \"https://webidetesting4693883-af5c37dc2.dispatcher.hana.ondemand.com\" is not allowed when using cookie-based authentication. An authentication token needs to be provided in the Authorization header of the request.","typeName":"Microsoft.VisualStudio.Services.WebApi.VssApiUnsafeCrossOriginRequestException, Microsoft.VisualStudio.Services.WebApi","typeKey":"VssApiUnsafeCrossOriginRequestException","errorCode":0,"eventId":3000}"
SAPUI5 code
_updateWorkItem: function() {
var promise = $.Deferred();
var self = this;
url = "https://login.microsoftonline.com/bdeaeda8-c81d-45ce-863e-5232a535b7cb/oauth2/token";
$.ajax({
url: url,
headers: {"Content-Type": "application/x-www-form-urlencoded"
},
type: "POST",
dataType: "json",
data: {
"grant_type": "client_credentials",
"client_id": "d553a557-27c3-41d7-ab3f-77845c487ced",
"client_secret": "53GH[jL6VqID#cp]DQ[wMS5#Smx]0l80"
},
success: function(xhrData) {
var json= [{
"op": "replace",
"path": "/fields/System.Title",
"value": self.getView().byId("sTitle").getValue().toString()
}];
sDevOpsToken = xhrData.access_token;
url = "https://XXXXXXXXXXXX.visualstudio.com/SAP/_apis/wit/workitems/" + oModel.getProperty("/id").toString() +"?api-version=5.1";
$.ajax({
url: url,
headers: {"Content-Type": "application/json-patch+json",
"Cookie": null
},
type: "PATCH",
data: JSON.stringify(json),
cache: false,
dataType: "application/json-patch+json",
beforeSend: function (xhr) {
//xhr.setRequestHeader("Authorization", "Basic " + btoa("" + ":" + "{sDevOpsToken}"));
//xhr.setRequestHeader("Authorization", "Bearer " + btoa(sDevOpsToken));
xhr.setRequestHeader("Authorization", "Bearer " + sDevOpsToken);
},
success: function(xhrData2) {
oModel.setProperty("/Title", self.getView().byId("sTitle").getValue().toString());
promise.resolve();
},
error: function(xhrData2) {
MessageBox.error(xhrData2.response);
promise.resolve();
}
});
}
});
var readyToGo = function() {
};
jQuery.when(promise).done().then( jQuery.proxy(readyToGo, this) );
}
I have a Nuxt/Rails app. And I want the front-end side of my site to send a picture to the backend side of the site. I'm doing that the next way:
save() {
const params = new FormData()
const testimonial = this.testimonial
delete testimonial.image_name
for (const field in testimonial) {
params.append(field, testimonial[field])
}
const request = this.id
? this.$axios.put(`${this.loadUrl}/${this.id}`, params, {
headers: {
'Content-Type': 'multipart/form-data'
}
})
: this.$axios.post(this.loadUrl, params, {
headers: {
'Content-Type': 'multipart/form-data'
}
})
request
.then(({ status }) => {
if (Number(status) === 200) this.success = 'Отзыв успешно обновлён'
if (Number(status) === 201) this.success = 'Отзыв успешно добавлен'
setTimeout(() => {
this.$router.push('/testimonials/')
}, 1000)
})
.catch(error => {
this.error = error + ''
})
}
Here are the headers that the method generates:
General:
Request URL: http://localhost:3000/admin/v1/testimonials
Request Method: POST
Status Code: 500 Internal Server Error
Remote Address: [::1]:3000
Referrer Policy: no-referrer-when-downgrade
Responce Headers:
Access-Control-Allow-Methods: GET, POST, PUT, PATCH, DELETE, OPTIONS, HEAD
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers:
Access-Control-Max-Age: 1728000
Content-Length: 14476
Content-Type: application/json; charset=UTF-8
Vary: Origin
X-Request-Id: f8d6116f-31c7-4644-97c0-e92502fe0f06
X-Runtime: 0.057866
Request Headers:
Accept: application/json, text/plain, */*
Accept-Encoding: gzip, deflate, br
Accept-Language: ru-RU,ru;q=0.9,en-US;q=0.8,en;q=0.7
Authorization: Bearer eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIxIiwic2NwIjoidXNlciIsImF1ZCI6bnVsbCwiaWF0IjoxNTYyMjQ4MjIyLCJleHAiOjE1NjIyNTE4MjIsImp0aSI6ImM0Y2Y4NjViLTUxOTEtNDk0Ni04YTg3LTQ3MmZjYzczYzA5NCJ9.7wNl04ar8u6TmK8OEirKJecQCjJxF_hgVtfnknQKyWk
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 2186254
Content-Type: multipart/form-data; boundary=----WebKitFormBoundary3BAEPvtfoHgJ0XC4
Host: localhost:3000
Origin: http://localhost:4000
Pragma: no-cache
Referer: http://localhost:4000/testimonials/edit/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36 OPR/60.0.3255.170
Form Data:
name: Иван
patronymic:
surname:
userpic:
company:
object_photo_1: (binary)
object_photo_2: null
object_photo_3: null
video:
text: Отзыв
Then the server gives me an error 500:
Started POST "/admin/v1/testimonials" for ::1 at 2019-07-04 17:39:58 +0300
Processing by Admin::TestimonialsController#create as JSON
Parameters: {"name"=>"Иван", "patronymic"=>"", "surname"=>"", "userpic"=>"", "company"=>"", "object_photo_1"=>#<ActionDispatch::Http::UploadedFile:0x00007fa8ec2b6b18 #tempfile=#<Tempfile:/tmp/RackMultipart20190704-8689-cyzaac.jpg>, #original_filename="filename.jpg", #content_type="image/jpeg", #headers="Content-Disposition: form-data; name=\"object_photo_1\"; filename=\"filename.jpg\"\r\nContent-Type: image/jpeg\r\n">, "object_photo_2"=>"null", "object_photo_3"=>"null", "video"=>"", "text"=>"Отзыв"}
User Load (0.4ms) SELECT "users".* FROM "users" WHERE "users"."id" = $1 LIMIT $2 [["id", 1], ["LIMIT", 1]]
↳ /home/yart/.rvm/gems/ruby-2.5.1/gems/activerecord-5.2.3/lib/active_record/log_subscriber.rb:98
JwtBlacklist Exists (0.6ms) SELECT 1 AS one FROM "jwt_blacklists" WHERE "jwt_blacklists"."jti" = $1 LIMIT $2 [["jti", "c4cf865b-5191-4946-8a87-472fcc73c094"], ["LIMIT", 1]]
↳ /home/yart/.rvm/gems/ruby-2.5.1/gems/activerecord-5.2.3/lib/active_record/log_subscriber.rb:98
Unpermitted parameter: :format
Completed 500 Internal Server Error in 4ms (ActiveRecord: 1.1ms)
ActiveSupport::MessageVerifier::InvalidSignature (ActiveSupport::MessageVerifier::InvalidSignature):
app/controllers/admin/testimonials_controller.rb:19:in `create'
Here is the model:
class Testimonial < ApplicationRecord
has_one_attached :userpic
has_one_attached :object_photo_1
has_one_attached :object_photo_2
has_one_attached :object_photo_3
validates :name, presence: true
validates :video, presence: true, if: Proc.new { |t| t.text.blank? }
validates :text, presence: true, if: Proc.new { |t| t.video.blank? }
end
Here's a piece of controller that is relevant to my question:
class Admin::TestimonialsController < ApplicationController
before_action :authenticate_user!
# . . .
def create
testimonial = Testimonial.new(t_params)
if testimonial.save
testimonial = find_testimonial(testimonial.id)
render json: testimonial, status: :created
else
render json: {errors: testimonial.errors}, status: :bad_request
end
end
# . . .
private
# . . .
def t_params
params.each { |param| param = nil if param == "null" }
safe_params = params.permit :name, :patronymic, :surname, :userpic, :company,
:object_photo_1, :object_photo_2, :object_photo_3,
:video, :text, :id
params = ActionController::Parameters.new(testimonial: safe_params)
params.require(:testimonial).permit :name, :patronymic, :surname, :userpic, :company,
:object_photo_1, :object_photo_2, :object_photo_3,
:video, :text, :id
end
# . . .
end
Here's what t_params gives away as a result of its work:
<ActionController::Parameters {"testimonial" => <ActionController::Parameters {
"name" => "Иван",
"patronymic" => "",
"surname" => "",
"userpic" => "",
"company" => "",
"object_photo_1" => #<ActionDispatch::Http::UploadedFile:0x000055cd83f1b390 #tempfile=#<Tempfile:/tmp/RackMultipart20190704-346-19rgkj4.jpg>, #original_filename="filename.jpg", #content_type="image/jpeg", #headers="Content-Disposition: form-data; name=\"object_photo_1\"; filename=\"Scan_20160802_153425.jpg\"\r\nContent-Type: image/jpeg\r\n">,
"object_photo_2" => "null",
"object_photo_3" => "null",
"video" => "",
"text" => "Отзыв"
} permitted: true>} permitted: false>
Well, the question is: at what point did I make mistakes?
PS I read the description of the MessageVerifier module. It is engaged in checking sent messages for authorization. And my frontend gives it away, as you can see from the headlines. Moreover, when I try to send an unauthorized request, I regularly receive 401 errors.
What does the module InvalidSignature — a mystery, covered with darkness. At least here I see only a white page with a red header.
Here is a similar page...
I am trying to send via Gmail Api Rest a mail with attachment larger than 5MB. To accomplish that I am trying to sent it with resumable upload. This is my code.
byte[] ba = System.IO.File.ReadAllBytes(uploadFromPath);
String base64String = Convert.ToBase64String(ba);
string url = "https://www.googleapis.com/upload/gmail/v1/users/me/messages/send?uploadType=resumable"
HttpWebRequest request = WebRequest.Create(url) as HttpWebRequest;
request.Headers.Add("Authorization", "Bearer " + token);
request.Headers.Add("X-Upload-Content-Type", "message/rfc822");
request.Headers["X-Upload-Content-Length"]= base64String.Length.ToString();
request.Method = "POST";
request.ContentType = "application/json";
request.ContentLength = body.Length;
After I make the request I am getting the location
location = res.Headers["Location"];
and after that I make the PUT request with the location.
I would like to know what should I insert inside first request Body and what should be inside second request.
I have seen this post Attaching a file using Resumable upload w/ Gmail API
but the code worked only for files smaller than 5MB. Is there anything else I should do to accomplish attchment larger than 5MB?
There's actually samples on the Upload Attachment docs.
Step 1: Start a resumable session
Resumable session initiation request
POST /upload/gmail/v1/users/userId/messages/send?uploadType=resumable HTTP/1.1
Host: www.googleapis.com
Authorization: Bearer your_auth_token
Content-Length: 38
Content-Type: application/json; charset=UTF-8
X-Upload-Content-Type: message/rfc822
X-Upload-Content-Length: 2000000
{
"id": string,
"threadId": string,
"labelIds": [
string
],
"snippet": string,
"historyId": unsigned long,
"payload": {
"partId": string,
"mimeType": string,
"filename": string,
"headers": [
{
"name": string,
"value": string
}
],
"body": users.messages.attachments Resource,
"parts": [
(MessagePart)
]
},
"sizeEstimate": integer,
"raw": bytes
}
Step 2: Save the resumable session URI
HTTP/1.1 200 OK
Location: https://www.googleapis.com/upload/gmail/v1/users/userId/messages/send?uploadType=resumable&upload_id=xa298sd_sdlkj2
Content-Length: 0
Step 3: Upload the file
PUT https://www.googleapis.com/upload/gmail/v1/users/userId/messages/send?uploadType=resumable&upload_id=xa298sd_sdlkj2 HTTP/1.1
Content-Length: 2000000
Content-Type: message/rfc822
bytes 0-1999999