I am new to scala and spray. I am able to abort request from reactJS. And it shows in network tab of browser console that the request is cancelled. But from scala it is not aborting. In logs i can see
api is getting hitted. For Rest API I am using spray in scala.
Here is my reactJS code:
new Promise((accept, _reject) => {
fetch("/api/complete", {
method: "post",
signal: controller.signal,
headers: {
Accept: "application/json",
"Content-Type": "application/json"
},
body: JSON.stringify(requestBody)
})
Ans here is my scala code:
pathPrefix("complete") {
post {
entity(as[completeRequest]) { completeRequest =>
complete {
completeService()
}
}
}
}
def completeService(): Future[HttpResponse] = {
val pipeline: HttpRequest => Future[HttpResponse] = sendReceive ~> unmarshal[HttpResponse]
val response: Future[HttpResponse] = pipeline(Post(someremoteUrl.concat("complete"), botCompleteRequest)
~> addHeader("demo", "test"))
response
}
So how to abort this complete request when it is aborted from reactJS/promise
Short answer: You don't.
It does matter if it is React (or Angular, or jQuery) on the client-side and it does not matter what is on the server-side (scala, PHP, .NET).
What matters is the HTTP between client and server.
In HTTP you can't "catch" a request that is already sent. The abort function in js/browser pretty much only means that it will ignore the response. Once a request is sent and is in the network, it will hit the server, and the server will process it. The server never gets notified that the client canceled the request.
This question and the answer cover the topic quite well: https://softwareengineering.stackexchange.com/questions/362187/can-a-caller-abort-an-execution-of-code-invoked-by-http-request
Related
I am running tests on a web application to test WYSIWYG functionality and XSS vulnerabilities. I use the following command before
beforeEACH(() => {
cy.vaderAuth()
});
Cypress.Commands.add('vaderAuth', () => {
let config = Cypress.config();
cy.request({
method: 'POST',
url: Cypress.config('tokenUrl') + '/api/v1?actions=api/v1/login',
body: {
username: config.horizon.username,
password: config.horizon.password,
}
}).then(response => {
window.localStorage.setItem('JWT', response.body['api/v1/login'].token)
})
})
The above command successfully gets the Bearer Token but then the following test throws a 401 Unauthorised error.
it('Sending a regular API request to Welcome Messages', function() {
cy.request({
method : 'POST',
url : '/api/v1/organisations/welcome-message?actions=api/v1/organisations/welcome-message/set-welcome-messages',
body : {"welcome_messages":[{"message":"<p>Test investor welcome message!</p>","type":"User"},{"message":"<p>Internal User welcome message Cypress Test. </p>","type":"Internal User"},{"message":"<p>Test entrepreneur welcome message!</p>","type":"Entrepreneur"}]},
headers : {"Authorization": "Bearer " + window.localStorage.JWT}
})
})
beforeEach working, API request 401
401 cypress error
I have checked the failure and it is sending the Bearer Token as a header, and the request headers match the headers the same request sends if I enter the Bearer Token manually as follows.
it('Sending a regular API request to Welcome Messages', function() {
cy.request({
method : 'POST',
url : '/api/v1/organisations/welcome-message?actions=api/v1/organisations/welcome-message/set-welcome-messages',
body : {"welcome_messages":[{"message":"<p>Test investor welcome message!</p>","type":"User"},{"message":"<p>Internal User welcome message Cypress Test. </p>","type":"Internal User"},{"message":"<p>Test entrepreneur welcome message!</p>","type":"Entrepreneur"}]},
//headers : {"Authorization": "Bearer (insertbearertokenhere)}
})
})
When entering the Bearer Token manually the following tests all run smoothly with no error, but if I have to go in and change the Bearer Token every time I run these tests, it kind of defeats the point of automating it as by the time I've logged into my web app and got the token, I may as well test the application manually.
Any help on this would be greatly appreciated as I have been working on it with no luck for around a week now.
I am new to scala and spray. I'm trying to hit POST api from Postman. From front-end it is working but how can I hit from postman.
POST /api/admin/users/:userId/update-role
path("update-role") {
postCsrf {
entity(as[String]) { role => ctx =>
// TODO: This is not the optimal way to do this, but with the 2.4 time crunch, it's going in as tech debt.
}
} ~
I have two applications running indepepently, one taking care of my backend (written in Scala Play) then other one being my frontend (Angular with a static Node server).
I try to request data on my frontend through a form from my Scala Play app.
this.insertionOrder = function(){
$http({
method: 'POST',
url: '//localhost:9000/insertsupplier',
header: {
'Content-type': 'application/json',
'Access-Control-Allow-Origin' : '*',
'Access-Control-Allow-Methods' : 'POST, GET, OPTIONS'
},
data:{
'supplier_id': 1,
'suppliername': 'xxx',
'supplier_address': 'xxx xxx xxx xxx',
'contact': 'xxx#xxx.com',
'datecreated': '2017-10-15T09:45:00.000UTC+00:00'
}
}).then(function(response){
console.log(response);
return response.data
}, function(err){
console.log(err)
});
};
and my play app looks like this:
Controller:
def insertsupplier = Action(parse.json) { implicit request =>
val json = request.body
val sup: Supplier = json.as[Supplier]
sup.insertSql(con)
Ok("test")
}
my build.sbt contains filters:
libraryDependencies ++= Seq(
cache ,
ws,
jdbc,
filters
)
and the MyFilters.scala
class MyFilters (implicit inj:Injector) extends HttpFilters with Injectable {
implicit val as = inject[ActorSystem]
implicit val mat = ActorMaterializer()
val gzip = new GzipFilter()
val csrf = inject[CSRFFilter]
val cors = inject[CORSFilter]
//println(s"csrf: ${csrf.tokenProvider}")
//println(s"csrf: ${csrf.tokenProvider.generateToken}")
def filters = Seq(gzip,cors,csrf)
}
and finally my application.conf
play.filters.cors {
pathPrefixes = ["*"]
allowedOrigins = ["http://localhost:3000","https://localhost:3000","http://localhost:3000/*","https://localhost:3000/*"]
allowedHttpMethods = ["GET", "POST", "OPTIONS"]
allowedHttpHeaders = ["Accept"]
# preflightMaxAge = 1 hour
}
play.filters.csrf {
cookie.name = "XSRF-TOKEN"
header.name = "X-XSRF-TOKEN"
}
play.http.filters = "filters.MyFilters"
I keep getting the error "XMLHttpRequest cannot load http://localhost:9000/insertsupplier. Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:3000' is therefore not allowed access. The response had HTTP status code 500."
I feel that first my CORS setup is wrong anyway --> What needs to be changed? I am new to this.
And am I even able to use cors in order to access data from localhost?
It may be that there’s nothing wrong at all with your CORS setup, because the “The response had HTTP status code 500” part of the error message indicates that the actual immediate problem is that an OPTIONS request to your server caused some unexpected failure on the server side.
From just the code snippets in the question, it’s not possible to tell what might be causing that 500 failure in the server side. It may be completely unrelated to your CORS config.
But regardless, you should drop the parts of your frontend code that are adding the header 'Access-Control-Allow-Origin' : '*', and 'Access-Control-Allow-Methods'. Those headers are response headers that must be sent from the server side, not from frontend code.
But the 'Content-type': 'application/json' part of your frontend code is valid, and assuming it’s actually necessary in order to get the expected response from the server, there’s no way you can make your request without triggering browsers to do a CORS preflight OPTIONS request.
But if the CORS preflight OPTIONS request fails, the browser never gets around to trying the POST request your code is actually attempting to send. And if your backend responds to that OPTIONS request with a 500 response, then the preflight fails. It must instead respond with a 200 or 204.
I have a Jersey REST interface that I want to send cookies in its responses to each request but no cookies are ever present in any response.
I have a feeling it's a CORS issue and I'm not sure what CORSResponseFilter configuration I need to allow cookies to be set and successfully sent in a response.
My project is built with SpringBoot under Kotlin.
Response code:
#POST
fun put(): Response {
val cookie = NewCookie(Cookie("RESERVATION", "TEST"),
"Session", 60 * 60, false)
return ok()
.cookie(cookie)
.entity(Result("OK", "Success"))
.build()
}
Filter code:
open class CORSResponseFilter : ContainerResponseFilter {
override fun filter(req: ContainerRequestContext?, res: ContainerResponseContext?) {
res?.headers?.add("Access-Control-Allow-Origin", "*")
res?.headers?.add("Access-Control-Allow-Methods", "POST, GET")
res?.headers?.add("Access-Control-Allow-Headers", "origin, content-type, accept, authorization")
res?.headers?.add("Access-Control-Expose-Headers", "Set-Cookie")
res?.headers?.add("Access-Control-Allow-Credentials", "true")
}
}
Requests are successful and the responses send otherwise as intended but all without any cookies. Prior to setting up the response filter I was able to receive cookies in each response.
Any help is appreciated.
So I have a simple Grails UI which takes a few fields .. firstName, lastName etc. in a form. The controller calls a service method which then uses the Rest Client Builder plugin to call a REST service.
The rest service is not recognizing the parameters however.
Here is the simple rest call.
def resp = rest.post(baseUrl, params)
{
header 'Accept', 'application/json'
contentType "application/x-www-form-urlencoded"
}
Using version 2.0.1 of the plugin.
params looks like
[firstName:Kas, action:index, format:null, controller:myController, max:10]
Rest Service Method looks like ...
#POST
#Path("/employees")
#Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
#Consumes({MediaType.APPLICATION_FORM_URLENCODED})
public IdmResult createNewEmployee(#FormParam("firstName") String firstName) {
try {
if(firstName == null) return constructFailedIdmResult("First Name is a required field");
// Do some other stuff
}
}
Service responds with "First Name is a required field"
When I submit the Post from Postman it works fine. Successful request from Postman looks like
POST /idm/employees HTTP/1.1
Host: <ip>:<url>
Accept: application/json
firstName: Kas
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Would like to figure how I can see the request that the plugin is constructing so I can compare differences, but ultimately I just need to know how to properly send the request from the plugin so that the Rest Service recognizes the form parameters.
Rest client should be using request body to POST:
def resp = rest.post(baseUrl) {
header 'Accept', 'application/json'
contentType "application/x-www-form-urlencoded"
json {
firstName = "Kas"
}
}
or simply,
def resp = rest.post(baseUrl) {
header 'Accept', 'application/json'
contentType "application/x-www-form-urlencoded"
json firstName: "Kas"
}
Refer docs for detail.
UPDATE:
Since producer is expecting request params as big query string instead of JSON, you might end up doing this instead:
def queryString = params.collect { k, v -> "$k=$v" }.join(/&/)
def resp = rest.post("$baseUrl?$queryString") {
header 'Accept', 'application/json'
contentType "application/x-www-form-urlencoded"
}
or just def resp = rest.post("$baseUrl?$queryString")
To pass the values cleanly in the request body, use a MultiValueMap and the (undocumented, from what I see) 'body()' method as per this answer. https://stackoverflow.com/a/21744515/17123