In writing tests for my Vapor 3 app, I've run into an issue where a certain framework is reliant on checking the incoming requests hostname
guard let peerHostName = request.http.remotePeer.hostname else {
throw Abort(
.forbidden,
reason: "Unable to verify peer"
)
}
It would seem that when testing a request like below
let emails = (0...10).map { "email#test.co"}
let responder = try app.make(Responder.self)
let request = HTTPRequest(method: .POST, url: URL(string: "\(usersURI)/create")!, headers: headers)
let wrappedRequest = Request(http: request, using: app)
try wrappedRequest.content.encode(createUserReq)
try responder.respond(to: wrappedRequest)
Then the requests hostname is empty and thus an error is thrown. Is there any way I can manually set the hostname of the request? The hostname property is get only, so I can't set it that way
The solution was to add a 'forwarded' header
var headers: HTTPHeaders = [
"Content-Type": "application/json",
"forwarded": "by=BY;for=127.0.0.1"
]
Related
I'm trying to fetch an image resource that's part of a conversation message.
I've tried both FETCH as well as using AXIOS but I'm getting the same error message.
Here's an example of my FETCH request
const token = `${accountSid}:${authToken}`;
const encodedToken = Buffer.from(token).toString('base64');
let response = await fetch('https://mcs.us1.twilio.com/v1/Services/<SERVICE_SID>/Media/<MEDIA_SID>',
{
method:'GET',
headers: {
'Authorization': `Basic ${encodedToken}`,
}
});
let data = await response.json();
console.log(data);
And here's what Axios looked like
let config = {
method: 'get',
crossdomain: true,
url: 'https://mcs.us1.twilio.com/v1/Services/<SERVICE_SID>/Media/<MEDIA_SID>',
headers: {
'Authorization': `Basic ${encodedToken}`,
},
};
try {
const media = await axios(config);
console.dir(media);
} catch(err) {
console.error(err);
}
Both ways are NOT working.
After looking into it more, I found out that Chrome makes a pre-flight request and as part of that requests the allowed headers from the server.
The response that came back was this
as you can see, in the "Response Headers" I don't see the Access-Control-Allow-Headers which should have been set to Authorization
What am I missing here?
I have made sure that my id/password as well as the URL i'm using are fine. In fact, I've ran this request through POSTMAN on my local machine and that returned the results just fine. The issue is ONLY happening when I do it in my code and run it in the browser.
I figured it out.
I don't have to make an http call to get the URL. It can be retrieved by simply
media.getContentTemporaryUrl();
Is it possible to use Alamofire like so:
AF.request("https://api.smartsheet.com/2.0/sheets/",method: .get).responseJSON { Data in debugPrint(Data.result) }
in Swift to interact with the Smartsheet API?
I'd hope that swapping out the current https with an reasonable one would do what I want.
I would like to get information from the API. The error thrown is that I don't have authorization for the API:
Swift.Result<Any, Alamofire.AFError>.success({ errorCode = 1004; message = "You are not authorized to perform this action."; refId = 1ca40zco0itdd; }).
I just needed to understand end points better and read the documentation on Alamofire. I changed my code to the following and it worked!
let headers: HTTPHeaders = [
"Authorization": "Bearer " + api_key_smartsheet,
"Accept": "application/json"
]
AF.request("https://api.smartsheet.com/2.0/sheets/?includeAll=True", method: .get,headers: headers).responseJSON { response in
debugPrint(response)
}'''
I'm trying to recreate a POST request that already works in Postman in Swift 3 with Alamofire 4, but i'm always getting a Status Code 400 "Bad Request". I am out of ideas about what I'm doing wrong here.
This is the request in Postman, additionally there is a username and password in the Body in JSON format:
Reading the Docs for Alamofire, I thought this should be the correct Swift code:
func login(as username: String, withPassword password: String) {
let url = "https://api2.drive-now.com/login"
let parameters: Parameters = [
"username" : username,
"password" : password
]
let loginHeaders: HTTPHeaders = [
"Accept" : "application/json;v=1.6",
"Accept-Encoding" : "gzip, deflate, sdch",
"Accept-Language" : "de-DE,de;q=0.8,en-US;q=0.6,en;q=0.4",
"Connection" : "keep-alive",
"Host" : "api2.drive-now.com",
"Origin" : "https://de.drive-now.com",
"X-Api-Key" : "adf51226795afbc4e7575ccc124face7",
"X-Language" : "de",
"Content-Type" : "application/json"
]
Alamofire.request(url, method: .post, parameters: parameters, encoding: JSONEncoding.default, headers: loginHeaders).responseJSON { response in
print("Request: \(response.request)") // original URL request
print("Response: \(response.response)") // HTTP URL response
print("Data: \(response.data)") // server data
print("Result: \(response.result)") // result of response serialization
if let JSON = response.result.value {
print("JSON: \(JSON)")
}
}
}
My console output is:
Request: Optional(https://api2.drive-now.com/login)
Response: Optional(<NSHTTPURLResponse: 0x6000000266a0> { URL: https://api2.drive-now.com/login } { status code: 400, headers {
Connection = close;
"Content-Length" = 181;
"Content-Type" = "text/html";
Date = "Tue, 13 Dec 2016 22:12:46 GMT";
Server = "nginx/1.4.6 (Ubuntu)";
} })
Data: Optional(181 bytes)
Result: FAILURE
Is there a custom session manager maybe that I have to implement? Or do you know of any debugging methods I could use here?
A friend accustomed to the API did help me resolve the issue: it was a default header field that seems to be added by Alamofire to every call. The API didn't accept calls with a "User-Agent" set (don't ask me why).
To help others who might have the same problem, I share the steps I went through to find and resolve the issue:
I made Alamofire.request(...) into a variable named postage (you can call it however you like, of course)
I added debugPrint(postage) to the end of the login-function
The output showed the additional header field
I constructed a custom SessionManager like below
var headers = Alamofire.SessionManager.defaultHTTPHeaders
headers.removeValue(forKey: "User-Agent")
let configuration = URLSessionConfiguration.default
configuration.httpAdditionalHeaders = headers
api = Alamofire.SessionManager(configuration: configuration)
I am calling a http post in Angular 2. This is working fine in post man but when I implement this API call in Angular 2 I get No 'Access-Control-Allow' error. Here is my code
getInspections(): Observable<IInspection[]> {
if (!this.inspections) {
let body =JSON.stringify({"Statuses":["Submitted", "Opened"]});
let headers = new Headers({ 'Content-Type': 'application/json' });
headers.append('Access-Control-Allow-Origin','*');
let options = new RequestOptions({ headers: headers });
return this.http.post(this._baseUrl + '/api/Inspect/ListI',body,options)
.map((res: Response) => {
this.inspections = res.json();
return this.inspections;
})
.catch(this.handleError);
}
else {
//return cached data
return this.createObservable(this.inspections);
}
}
Or can I do this? Just pass header instead of options
getInspections(): Observable<IInspection[]> {
if (!this.inspections) {
let body =JSON.stringify({"Statuses":["Submitted", "Opened"]});
let headers = new Headers({ 'Content-Type': 'application/json' });
//headers.append('Access-Control-Allow-Origin','*');
// let options = new RequestOptions({ headers:headers });
return this.http.post(this._baseUrl + '/api/Inspect/ListI',body,headers)
.map((res: Response) => {
this.inspections = res.json();
return this.inspections;
})
.catch(this.handleError);
}
else {
//return cached data
return this.createObservable(this.inspections);
}
}
CORS headers like
headers.append('Access-Control-Allow-Origin','*');
need to be provided by the server. Adding them on the client is pointless.
When using non-standard headers (json is apparently considered non-standard) then a pre-flight check is carried out to ask if the requested action (in this case 'post') can be carried out. Only the server can respond with the permissive headers. How you respond does depend on your server language. In my webapi2 I implement cors in the WebAppConfig
var cors = new EnableCorsAttribute("http://localhost:3000", "*", "GET, HEAD, OPTIONS, POST, PUT");
cors.SupportsCredentials = true;
config.EnableCors(cors);
Note for a live server you would replace the localhost ref with a web configed list ( or specific location where the caller resides). The SupportsCredentials is only needed if you are using authentication.
To handle the pre-flight I added a method to Globals.asax which just intercepts pre-flight messages and returns enough data for the post to move ahead.
protected void Application_BeginRequest()
{
if (Request.Headers.AllKeys.Contains("Origin") && Request.HttpMethod == "OPTIONS")
{
var origin = HttpContext.Current.Request.Headers["Origin"];
Response.Headers.Add("Access-Control-Allow-Origin", origin);
Response.Headers.Add("Access-Control-Allow-Headers", "content-type, withcredentials, Access-Control-Allow-Headers, Origin,Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers");
Response.Headers.Add("Access-Control-Allow-Credentials", "true");
Response.Headers.Add("Access-Control-Allow-Methods", "GET, HEAD, OPTIONS, POST, PUT");
Response.Flush();
}
}
Note here that I am cheating somewhat by reflecting the origin back - this is not safe in a production environment and should list the specific servers otherwise you are being too loose with security.
Be aware that there are some dev cheats. - If you run on internet explorer on localhost (for dev purposes) then ie ignores the port which most other browsers do not so making things easier. There is also a CORS enhancement for Chrome which adds the headers for you. Finally you will see a lot of code that uses '*' returns (to permit all) - by all means use them to get the code working but before release lock these down far more aggressively.
Ok so I am trying to download a json file as a string and parse it out latter. But I have to download it from my webpage first. This webpage needs a username and password to get to it. This has been giving me a 401 error so its not sending the username or password. How can I add the username and password to the request?
print("Downloading the json file")
let plainString = "\(myUserName):\(myPassword)" as NSString
let plainData = plainString.dataUsingEncoding(NSUTF8StringEncoding)
let base64String = plainData?.base64EncodedStringWithOptions(NSDataBase64EncodingOptions(rawValue: 0))
Alamofire.Manager.sharedInstance.session.configuration.HTTPAdditionalHeaders = ["Authorization": "Basic " + base64String!]
Alamofire.request(.GET, promoUrl)
.response {(request, response, _, error) in
print(response)
}
This is the result from it
Optional(<NSHTTPURLResponse: 0x7fe103818790> { URL: http://xxxapi/1.0/promotions } { status code: 401, headers {
"Cache-Control" = "no-cache, no-store, max-age=0, must-revalidate";
Connection = "keep-alive";
"Content-Length" = 186;
"Content-Type" = "application/json;charset=UTF-8";
Date = "Thu, 12 May 2016 01:36:33 GMT";
Expires = 0;
Pragma = "no-cache";
Server = "Apache-Coyote/1.1";
"Www-Authenticate" = "Basic realm=\"Realm\"";
"X-Content-Type-Options" = nosniff;
"X-Frame-Options" = DENY;
"X-XSS-Protection" = "1; mode=block";
Thank you very much for any help with this
Hi every one so after working on it a bit more i got it to work. I got rid of all the stuff on top and went simple. It worked better and is easier to do
here is the working code for anyone who wants it
Alamofire.request(.GET, promoUrl, parameters: [myUserName:myPassword])
.authenticate(user: myUserName, password: myPassword)
.response {(request, response, data, error) in
print(response)
}
The key difference is this
parameters: [myUserName:myPassword]
This loads my password and username into the url. It may not be the best way of doing this but it works for my needs for now