Hello I'm making an app which use http framework and send my server to get request. I'm using Aqueduct for backend service and it is working when I use POSTMAN to send 'get request' but when I use my app to send get request Aqueduct gives a message on console:
[INFO] aqueduct: OPTIONS /workers 8ms 403 {user-agent : Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/IP_ADRESS Safari/537.36\nconnection : keep-alive\naccept : */*\naccept-language : en-US,en;q=0.9\nsec-fetch-mode : cors\naccept-encoding : gzip, deflate, br\norigin : http://localhost:58095\nhost : localhost:8888\nsec-fetch-site : same-site\naccess-control-request-headers : authorization,companymail,content-type\naccess-control-request-method : GET\nreferer : http://localhost:58095/\n}
When I use postman to send get request everything is fine and server gives response:
[INFO] aqueduct: GET /workers 92ms 200
My Postman Headers:
companyMail:deneme1234
Content-Type:application/json
Authorization:Basic ZGVuZW1lMTIzNDpkZW5lbWUxMjM0
My flutter app headers:
final Map<String, String> headers = {"Content-Type": "application/json"};
String basicAuth = 'Basic ' + base64Encode(utf8.encode('$mail:$password'));
headers['authorization'] = basicAuth;
headers['companyMail'] = companyMail;
return headers
My flutter app get request:
final response = http.get(baseUrl+'workers',headers: await authHeader());
Finally I've found the solution :) It is about CorsPolicy. If you want to send special header with request, you must check your server acceptable headers. In Aqueduct you can edit your allowed request headers like that:
CORSPolicy.defaultPolicy.allowedRequestHeaders = ['company-mail','content-type','authorization'];
Related
I have a local dart server, serving music and videos.
I tested it with android device and a flutter application and it worked with just_audio and video_player packages after adding this line in AndriodManifest.xml:
android:usesCleartextTraffic="true"
but when I am trying to run the same app on web I get an error saying:
(4) Failed to load URL
and when i tried to run another online video and audio it worked on the flutter web app
here is some snippets of my dart server code:
request.response.headers.add('Access-Control-Allow-Origin', '*');
request.response.headers.add('Access-Control-Allow-Methods', '*');
request.response.headers.add('Access-Control-Allow-Headers', '*');
and
File file = File(audioPath);
int length = await file.length();
String range = req.headers.value('range') ?? 'bytes=0-';
List<String> parts = range.split('=');
List<String> positions = parts[1].split('-');
int start = int.parse(positions[0]);
int end = positions.length < 2 || int.tryParse(positions[1]) == null
? length
: int.parse(positions[1]);
String? mime = lookupMimeType(audioPath);
response.statusCode = HttpStatus.partialContent;
response.headers
..contentType = ContentType.parse(mime ?? 'audio/mpeg')
..contentLength = end - start
..add('Accept-Ranges', 'bytes')
..add('Content-Range', 'bytes $start-$end/$length');
file.openRead(start, end).pipe(req.response);
so I think the solution to this issue is to do similar thing like this but in web:
android:usesCleartextTraffic="true"
and one more thing
when I checked for request.headers on the dart server, I didn't find the headers that I sent with the request from the frontend:
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36
connection: keep-alive
accept: */*
accept-language: en-US,en;q=0.9
range: bytes=0-
accept-encoding: identity;q=1, *;q=0
host: 192.168.1.39:49359
referer: http://localhost:62278/
Please help. I'm trying to learn REST concepts and make the first programs using Delphi and REST objects. I came across a problem that I don’t know how to solve. In the database I have a test with special characters from my mother tongue (Bosnian): č, ć, đ, š, ž. When I pass this text via the GET method, objects that parse and display this text in objects on the form display these characters as "?", "æ", "æè" etc.
I researched and tried unsuccessfully to solve the problem. I tried to use the Utf8ToAnsi function and put iso-8859-2 instead of UTF-8 in the RESTClient, RESTRequest and RESTResponce object parameters.
Please for help, instruction or advice on how to solve or investigate this problem.
Source code on server side:
procedure TWebModule1.UsersGet(Request: TWebRequest; Response: TWebResponse);
var
a: TJSONArray;
o: TJSONObject;
i: Integer;
Q1: TADOQuery;
begin
Q1:=TADOQuery.Create(nil);
Q1.Connection:= BasicDBConn.Konekcija;
with Q1 do
begin
Active:=False;
SQL.Clear;
SQL.Add('Select USER_ID, USER_NAME, ROLE_NAME from USERS, ROLES ' +
' where USERS.ROLE_ID=ROLES.ROLE_ID ');
Active:= True;
end;
a := TJSONArray.Create;
if Q1.RecordCount > 0 then
begin
for i:=1 to Q1.RecordCount do
begin
o := TJSONObject.Create;
o.AddPair('USER_ID', Q1.Fields.Fields[0].Value);
o.AddPair('USER_NAME', Q1.Fields.Fields[1].Value);
o.AddPair('ROLE_NAME', Q1.Fields.Fields[2].Value);
Q1.Next;
a.AddElement(o);
end;
end;
Response.ContentType := 'application/json';
Response.Content := a.ToString;
a.DisposeOf;
Q1.Free;
end;
on client side:
procedure TGlavna.Button1Click(Sender: TObject);
begin
RESTRequest.Resource := 'Users';
RESTRequest.Method := TRESTRequestMethod.rmGet;
RESTRequest.Response := RESTResponse;
RESTRequest.Execute;
if assigned(fJSONArray) then fJSONArray.DisposeOf;
fJSONArray := TJSONObject.ParseJSONValue(RESTResponse.Content) as TJSONArray;
if RESTResponse.Content.IsEmpty then Application.MessageBox('Empty', 'Information', MB_OK)
else Memo1.Lines.Add(RESTResponse.Content);
end;
This is what a data in DB looks like
USER_ID USER_NAME ROLE_ID
u1 Test User 2
u2 T_č_ć_š_đ_ž 1
u3 t_Č_Ć_Ž_Đ_Š 1
u4 Bradić Kenan 1
In web browser, responce data is:
[{"USER_ID":"u1","USER_NAME":"Test User","ROLE_ID":"2"},{"USER_ID":"u3","USER_NAME":"t_È_Æ_Ž_Ð_Š","ROLE_ID":"1"},{"USER_ID":"u4","USER_NAME":"Bradiæ Kenan","ROLE_ID":"1"},{"USER_ID":"u2","USER_NAME":"T_è_æ_š_ð_ž","ROLE_ID":"1"}]
Headers in web browser:
General:
Request URL: http://localhost:8080/Users
Request Method: GET
Status Code: 200 OK
Remote Address: [::1]:8080
Referrer Policy: strict-origin-when-cross-origin
Response Headers:
Connection: close
Content-Length: 228
Content-Type: application/json; charset=ISO-8859-1
Date: Mon, 27 Dec 2021 17:07:54 GMT
Request Headers:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cache-Control: max-age=0
Connection: keep-alive
Host: localhost:8080
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="96", "Google Chrome";v="96"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.110 Safari/537.36
Thank you...
The HTTP response contains this line:
Content-Type: application/json; charset=ISO-8859-1
So the client handles interprets the Response content as ISO-85591 encoded instead of UTF-8.
Your server side codes contains this line:
Response.ContentType := 'application/json';
Your server side code should clear the charset=ISO-85591 part.
You can encode your value with base64, and create a JSON payload to translate the JSON payload with REST API.
Moreover, if the value is sensitive, you can encrypt it with AES, and then translate it with REST API.
What technology will you use in server side? PHP? or .NET or JAVA? All 3 technologies used AES in native code, but there are little differences between the technologies.
If you used PHP or PHP + Laravel, you might reference my sample project in my GitHub Repo, the description you can read from my article.
I am trying to create a transient document in adobe sign using rest api.Foloowing is my code snippet:
Http h = new Http();
HttpRequest req = new HttpRequest();
req.setEndpoint('https://api.in1.echosign.com/api/rest/v6/transientDocuments');
req.setMethod(postMethod);
req.setHeader('Content-Type', 'application/json');
blob testFileContent = blob.toPDF('test string it is');
// req.setBody('{"filename":"testsign","file":'+testFileContent+'}');
req.setBody('{"fileName":"testsign","file":"'+testFileContent+'"}');
String authorizationHeader = 'Bearer ' +acceessToken;
req.setHeader('Authorization', authorizationHeader);
//req.setHeader('Authorization', acceessToken);
try{
HttpResponse res = h.send(req);
However I am getting the bad request error in response.Issue maybe due to the tag mismatch with adobe sign requirement, however after a lot of research and trial and error I am not able to find the accurate tags to put in JSON for this API request. Any suggestion and help ?
Form data
Content-Disposition: form-data; name="File"; filename="<filename>.pdf"
Content-Type: application/pdf
Request params
Content-Type: multipart/form-data;
Accept: application/json, text/javascript, */*;
More details available in the documentation.
I have a problem with my requests using Edge/IE. I'm getting a code 400 code on
preflight OPTIONS.
I'm adding a 2 additional headers to all my requests in application with axios:
Authorization:
if ( token ) {
axios.defaults.headers.common[ 'Authorization' ] = 'Bearer ' + token;
} else {
delete axios.defaults.headers.common[ 'Authorization' ];
}
Accept-Language:
if ( lang ) {
axios.defaults.headers.common[ 'Accept-Language' ] = lang;
} else {
delete axios.defaults.headers.common[ 'Accept-Language' ];
}
Here's how my request headers works in Chrome:
Accept-Language: pl-PL
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJOZXcgUGFzdG9yYWwgQXBwIiwiYXVkIjoiTmV3IHBhc3RvcmFsIHVzZXIiLCJpYXQiOjE1MTM1OTEzODUsImV4cCI6MTUxMzU5ODU4NSwidWlkIjoxMSwidHlwZSI6NCwibGFuZ3VhZ2UiOjEsImRpc3BsYXlOYW1lIjoiVGVzdG8gUHJvYm9zemN6eiJ9.qyFHZuCHC9-NpNqjY7keY7j4LE5zu5JKxK9VyAFwH60
Request headers in Edge:
Accept: */*
Accept-Encoding: gzip, deflate
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Cache-Control: no-cache
Connection: Keep-Alive
Content-Length: 0
Host: 52.169.186.226
Origin: http://localhost:8080
Referer: http://localhost:8080/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 Edge/16.16299
Response headers:
Access-Control-Allow-Headers: X-Requested-With, Content-Type, Accept, Origin, Authorization
Access-Control-Allow-Methods: OPTIONS,POST
Access-Control-Allow-Origin: *
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8
Date: Mon, 18 Dec 2017 11:29:49 GMT
Server: Apache/2.4.25 (Ubuntu)
When I remove Accept-Language header the application start working in Edge, but problem still exists in IE.
The only messages from browser is code http error 400 and the console log of error is:
description: "Network Error"
message: "Network Error"
stack: "Error: Network Error at createError (http://localhost:8080/index_bundle.js:68811:3) at handleError (http://localhost:8080/index_bundle.js:68656:7)"
Rest of the headers is standard for axios. On the backend we're using Slimp PHP framework.
Any idea how to debug the problem, or similar problems using standard REST requestes with React + Axios? Or what should I check in first order?
I'm running into a problem with a 302 redirect after my CORS preflight has successfully returned a 200 status. I'm currently building an app using Laravel 4.1 and Angular 1.2 as well as my own OAUTH2 server.
The error that Chrome/FF/Safari are sending back to me is:
XMLHttpRequest cannot load http://localhost.api/api/v1/tracks?$filter=id%20eq%20guid%27d7de10ba-e353-455b-a3cb-ced9b4965141%27&. The request was redirected to 'http://localhost.api/session/invalid', which is disallowed for cross-origin requests that require preflight.
I assume whats causing my issue is the "redirect" thats happening - as my normal CORS requests all work as expected.
My configuration for my Access-Control-Allow-* headers is fairly open right now during testing.
'paths' => array(
'^/api/' => array(
'allow_origin'=> array('*'),
'allow_headers'=> array('Content-Type', 'Authorization'),
'allow_methods'=> array('POST', 'PUT', 'GET', 'DELETE', 'OPTIONS'),
'max_age' => 0
),
'^/session/' => array(
'allow_origin'=> array('*'),
'allow_headers'=> array('Content-Type', 'Authorization'),
'allow_methods'=> array('GET', 'OPTIONS'),
'max_age' => 0
)
The redirect in question is in a pre-filter thats checking the validity of an OAUTH2 access token
public function filter($route, $request, $data = null)
{
// Get the authorization header or fail
if ($authorization = Request::header('Authorization', false)) {
list($type, $token) = explode(' ', $authorization);
if (is_null($auth = OAuth2::token($token)->first())) {
return Redirect::to('session/invalid');
}
$tokenExpiryDate = Carbon::createFromTimeStamp($auth->access_token_expires);
// If we don't have a Bearer authentication header
// or if the token has expired. Then redirect to an
// expired session route
if ( 'bearer' != strtolower($type)
|| Carbon::now()->gt($tokenExpiryDate)
) {
return Redirect::route(
'expiredSession',
array('expiry' => $tokenExpiryDate->timestamp)
);
}
} else {
// The authentication header is invalid, redirect to let the user know.
return Redirect::to('session/invalid');
}
}
All these requests worked when I tried debugging using POSTMAN, but after my research I've basically found that extensions don't necessarily have to play by the same rules. As well as I noticed my requests using POSTMAN never send any preflight OPTIONS requests when I initiate a simple GET, POST, etc..
Here are the headers of both an OPTIONS request as well as a GET request to follow it that is returning my error
OPTIONS Request
Remote Address:127.0.0.1:80
Request URL:http://localhost.api/api/v1/tracks?$filter=id%20eq%20guid%27d7de10ba-e353-455b-a3cb-ced9b4965141%27&
Request Method:OPTIONS
Status Code:200 OK
Request Headers
Accept:*/*
Accept-Encoding:gzip,deflate,sdch
Accept-Language:en-US,en;q=0.8
Access-Control-Request-Headers:accept, authorization
Access-Control-Request-Method:GET
Cache-Control:no-cache
Connection:keep-alive
DNT:1
Host:vegas.ine.com
Origin:http://localhost.angular
Pragma:no-cache
Referer:http://localhost.angular/admin/
User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.131 Safari/537.36
Response Headers
Access-Control-Allow-Headers:content-type, authorization
Access-Control-Allow-Methods:POST, PUT, GET, DELETE, OPTIONS
Access-Control-Allow-Origin:http://localhost.angular
Cache-Control:no-cache
Connection:close
Content-Type:text/html
Date:Thu, 01 May 2014 16:22:19 GMT
Server:Apache/2.2.26 (Unix) DAV/2 PHP/5.4.24 mod_ssl/2.2.26 OpenSSL/0.9.8y
Set-Cookie:laravel_session=eyJpdiI6IktOZjlTM1ZVNUx0TEhoaTczY3dQcDBKRWlvbnppbDA3QTdqSENJdTc2R1U9IiwidmFsdWUiOiJEZ2ltXC9mNm1Qa20rV3BVRlNHTXgySGtUeVlpNjNZcGFudDFBWDJJekl1MEVNVlhSRE5WWk5YZDNxUkZuU0VEVytcL3NLNlVBXC9hZWtJQzdHU2FqVWtMdz09IiwibWFjIjoiYTYxYjEwNjlmYmI2MjMwNmE4MzlkYjIwNGZlNzA4Y2ViZGVkZmU1MTQzMzc5NmU2YzI2ZGExNzYxY2U5ZjdiMCJ9; expires=Thu, 01-May-2014 18:22:19 GMT; path=/; httponly
X-Frame-Options:SAMEORIGIN
X-Powered-By:PHP/5.4.24
GET Request
Remote Address:127.0.0.1:80
Request URL:http://localhost.api/api/v1/tracks?$filter=id%20eq%20guid%27d7de10ba-e353-455b-a3cb-ced9b4965141%27&
Request Method:GET
Status Code:302 Found
Request Headers
Accept:application/json, text/plain, */*
Accept-Encoding:gzip,deflate,sdch
Accept-Language:en-US,en;q=0.8
Authorization:Bearer 6Ss4XPrPM5jQD7Es0dz7TPRQ76hGA69vT9K94pst
Cache-Control:no-cache
Connection:keep-alive
DNT:1
Host:vegas.ine.com
Origin:http://localhost.angular
Pragma:no-cache
Referer:http://localhost.angular/admin/
User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.131 Safari/537.36
Response Headers
Access-Control-Allow-Origin:http://localhost.angular
Cache-Control:no-cache
Connection:Keep-Alive
Content-Type:text/html; charset=UTF-8
Date:Thu, 01 May 2014 16:22:19 GMT
Keep-Alive:timeout=5, max=100
Location:http://localhost.api/session/invalid
Server:Apache/2.2.26 (Unix) DAV/2 PHP/5.4.24 mod_ssl/2.2.26 OpenSSL/0.9.8y
Set-Cookie:laravel_session=eyJpdiI6InlnREVPcUJTcyswMnRLanFDSlZ6QWFBVXZWMGdMNVNLYWxNTHRJVUlkalk9IiwidmFsdWUiOiJ4aXN5U0dcL1NYeGQrcUVzWFhYV3o2MWhcL25hQTlhcVUxbWxkN2R6SG9KZDNKaGNLTkRQY2FyTitpVHNGZzYxVVRtZUhoZGZRWE9GWjZRaDd1VVwvZUZuUT09IiwibWFjIjoiY2EzZTViZGIzZmVlMDcwZjdhMzBjOWQxYTgwZWNlYTJiMDk3ODdlZTk3NTYxMDNmM2YyODJjOGIxMzBmMmJlMiJ9; expires=Thu, 01-May-2014 18:22:20 GMT; path=/; httponly
Transfer-Encoding:chunked
Vary:Authorization
X-Clockwork-Id:1398961340.2239.1349476325
X-Clockwork-Version:1.5
X-Frame-Options:SAMEORIGIN
X-Powered-By:PHP/5.4.24
I have done something like this and it worked fine for me
//pattern to allow origins
$allowedOriginPattern = /** YOUR PATTERNS **/;
$allowedOrigin = "";
if (preg_match($allowedOriginPattern, $_SERVER['HTTP_ORIGIN'])) {
$allowedOrigin = $_SERVER['HTTP_ORIGIN'];
}
/**
* set http content type
*/
header('Content-Type: application/json;charset=UTF-8');
header('Access-Control-Allow-Origin: ' . $allowedOrigin);
header('Access-Control-Allow-Methods: DELETE, HEAD, GET, OPTIONS, POST, PUT');
header('Access-Control-Allow-Headers: Content-Type, Content-Range, Content-Disposition, Content-Description');
header('Access-Control-Max-Age: 1728000');
I have added this code in laravel index.php
Here is the reference for CORS
http://www.w3.org/TR/cors/#cross-origin-request-with-preflight-0
Spent an hour and this trying to redirect to a subdomain
Instead just used javascript after a successful response
window.location.href = resp.data.redirect