Set cookie on response in lumen 5.6 - lumen

Actually I want to set header like this
response()->json($data)->header('Set-Cookie','strCookie1',false)->header('Set-Cookie','strCookie2',false)->send();
But the Set-Cookie not shown in the header.
Is there any way to set the cookie in Lumen 5.6
I saw the withCookie(cookie()) but not sure how to use. The cookie() in Lumen is not defined.
Note: I need 2 set-cookie at the same time, and the strCookie1 is already the full long string of the cookie value.
(Like this: TOKEN=abcxyz; Path=/; Expires=Sun, 24 Mar 2019 03:40:11 GMT; Max)
Thank you.

According to documentation here:
However, for most routes and controller actions, you will be returning a full Illuminate\Http\Response instance. Returning a full Response instance allows you to customize the response's HTTP status code and headers. A Response instance inherits from the Symfony\Component\HttpFoundation\Response class, providing a variety of methods for building HTTP responses:
You can find the appropriate method to set cookie here. The argument is either string or a Symfony\Component\HttpFoundation\Cookie instance. If you see the code inside it (here's the link), the string argument only accepted when the
cookie function is defined. In this case, it's not defined. So this method only leaves you one option:
To supply the first argument with an instance of
Symfony\Component\HttpFoundation\Cookie
<?php
use Symfony\Component\HttpFoundation\Cookie;
$response
->withCookie(
new Cookie($name, $value, $expire)
);

Related

Prevent URL-encoding of values when adding headers to TRESTClient

I'm working on a Delphi REST client for a public API that requires an HMAC256/Base64 signed string to be added to the headers of the request to authenticate. I've spent hours trying to figure out why it's not working, so I compared the raw request from my Delphi client to that of a working C# library (using Wireshark).
It turns out my request matches perfectly the request generated by the working C# library, except that Delphi's REST client is URL-encoding the values added to the request's header, therefore invalidating the carefully crafted signature.
This is how I'm adding the signature string to the header:
RESTRequest1.Params.AddHeader('SIGNATURE', FSignature);
The signature string may have slashes, plus signs, and/or equal signs that are being URL-encoded when they shouldn't. For example when the value of the signature string is...
FSignature = '8A1BgACL9kB6P/kXuPdm99s05whfkrOUnEziEtU+0OY=';
...then the request should should output raw headers like...
GET /resource HTTP/1.1
User-Agent: Embarcadero URI Client/1.0
Connection: Keep-Alive
<snip>
SIGNATURE: 8A1BgACL9kB6P/kXuPdm99s05whfkrOUnEziEtU+0OY=
<snip>
...but instead Wireshark shows this as the real value being sent...
SIGNATURE: 8A1BgACL9kB6P%2FkXuPdm99s05whfkrOUnEziEtU%2B0OY%3D
Is there a way to prevent the URL-encoding of values when using AddHeader? Or maybe another way to add raw headers to a TRESTClient request?
PS: I already tried both TRESTRequest.Params.AddHeader and TRESTClient.AddParameter with TRESTRequestParameterKind.pkHTTPHEADER as the Kind parameter. Both resulted in URL-encoded values.
PS2: Using Delphi RAD Studio 10.3.
You should include poDoNotEncode in the Options property of the TRESTRequestParameter.
This can be done using:
RESTClient1.AddParameter('SIGNATURE', FSignature, pkHTTPHEADER, [poDoNotEncode]);
or by using:
RESTClient1.Params.AddHeader('SIGNATURE', FSignature).Options := [poDoNotEncode];

AWS Api Gateway Setting the header value to a default value using http Integration

I am using AWS API Gateway and I want to set my Integration type to http. I have the integrated url as https:// xxxxxx.com which takes a header "apikey". I am not expecting the end user to pass the header rather I want to set the apikey to some constant value.
I see that there is a way to force the user to make him pass the header(by making header required under the Method Request section. However, I want to set it to default.
For example in all the requests which are internally calling the URL inside the API gateway should pass the header value as "12345".
You can add/remove/override headers with an Integration Request Mapping Template.
In the API Gateway console, chose the relevant api/resourece/method. Go to Integration Request > Mapping Templates and chose your Content-Type (if requests are going to be received without a Content-Type header, set the Content-Type for the mapping template to application/json, which is the default behaviour).
Then in the actual mapping template add the following:
{
#set($context.requestOverride.header.apikey= "testMe")
}
This will add (or overwrite if it already exists) a header called apikey with the value "testMe" to all http requests downstream.
If you take this route, then you will need to also map over any other headers, path parameters, query parameters or body that you wish to pass through.
You could loop through the headers and query parameters like this.
## First set the header you are adding
#set($context.requestOverride.header.apikey= "testMe")
## Loop through all incoming headers and set them for downstream request
#foreach($param in $input.params().header.keySet())
#set($context.requestOverride.header[$param]= $input.params().header.get($param))
#if($foreach.hasNext) #end
#end
## Loop through all incoming query parameters and set them for downstream request
#foreach($param in $input.params().querystring.keySet())
#set($context.requestOverride.querystring[$param]= $input.params().querystring.get($param))
#if($foreach.hasNext) #end
#end
As you need to ensure that the header apikey is set to a default value, you should set the override for apikey before looping through the rest of the headers as only the first override will take effect.
The relevant AWS documentation can be found here.
The other alternative would be to point your API Gateway at a Lambda and make the call from the Lambda instead.
Firstly thanks to #KMO for his help. The following is the solution:-
Enable Http Proxy Integration.
Add the headers apikey=xxxx and Accept-Encoding=identity under the same Integration
Request -> Http Headers.
Under Settings -> Binary Media Types set the following as separate Binary Media Types
'*', */*. I mean as two different lines.This step is needed to resolve the Gzip action while returning the response.
Add the Query parameter country in the URL Query String Parameters section.
In the Integration Request map the country parameter to ctry by adding the value under mapped from as method.request.querystring.country. This will ensure that the query parameter country you passed in the main URL will be fed to the downstream url as parameter ctry.
The advantage of this apporoach is that, even if you override the header apikey, the one set under the Http Headers will take the precedence.

Powershell Net-Cookie Expires

We are using PoSH Server for our Webservices.
Does anyone know how to change / set the cookie expires in our script? This is how we currently try to do it:
$Response = $Context.Response
$Response.Headers.Add("Accept-Encoding","gzip");
$Response.Headers.Add("Server","PoSH Server");
$Response.Headers.Add("X-Powered-By","Microsoft PowerShell");
$Cookie = New-Object Net.Cookie
$Cookie.Name = "SessionID"
$Cookie.Value = New-TimeStamp
$Cookie.Expires = now+10
$Response.AppendCookie($Cookie)
We also tried s.th. like: $Cookie.Expires = DateTime.Now.AddMinutes(10) a.s.o.
The cookie is read in the following way:
$Cookies = $Request.Cookies["PoSHSessionID"];
The Cookie Expires (Lifetime) does not change. It´s always: Lifetime ends of session.
I am able to get it to set send along a value based on the date set to the Expires property, but it sends it as "max-age" instead of "expires" in the http header, which it would seem (from a quick internet search) isn't supported by at least IE of lower versions.
I'm not used to using the System.Net.HttpListenerResponse type (more used to the System.Web namespace used in ASP.NET) so I'm very likely missing something very obvious, but the only way I could get it to work as I wanted was to add the Set-Cookie header manually. An example on how to do this would be the following:
$Context.Response.Headers.Add("Set-Cookie", "myCookieName=myCookieValue; expires=Tue, 12-Jan-2016 01:14:40 GMT")
Do be aware, however, that you might have special characters in your cookie value which makes your Set-Cookie string invalid. A possible way to work around that could be to create the cookie value string using the System.Net.Cookie class, like you are doing, and just add the Set-Cookie header with the ToString() of the cookie with a manually appended expires value (ensure they are separated with a semicolon).
This does feel very much like an ugly work-around which shouldn't at all be necessary. I'm probably missing something, but on my virtual test machine (Win7, PowerShell 2.0, .NET 4.0, IE10, FF26) I couldn't get it to send Expires instead of Max-Age.
You can find a description of the format for the expires date at the Wikipedia page about HTTP cookies under the header 'Expires and Max-Age'.

BigCommerce API Update Order with PUT

I need to update an order which is done via PUT method passing the order id as part of the https url string and a single parameter, the status_id.
https://mystore.mybigcommerce.com/orders/12345.json
I have tried several methods to pass the status_id value but no matter what I try "status_id=12" or formatted as JSON "{"status_id": 12,}" I always get the same response:
[{"status":415,"message":"The specified input content type is not valid."}]
I have also tried as a POST request passing the JSON or XML code as raw data but that method is not supported.
How am I supposed to pass that field=value pair? can I embed it in the url string?
I also tried it but it wouldn't work for me.
Any ideas?
In case you are wondering I am doing it within FileMaker with TROIUrl plugIn, not a very popular technology, but the GET method retrieving orders works like a charm
TURL_Put( ""; $url ;"status_id=12") (I have also tried other FM plugIns to no avail)
Don't get too caught up in the Filemaker part, I don't expect many people out there to be familiar with BigCommerce and Filemaker. I just need a generic answer.
Thanks
Commandline tool curl is worth a try. It supports put and https.
Mac OS X: curl already installed, call from FileMaker via AppleScript do shell script.
Windows: must be installed, call via Powershell.
It works for me using { "status_id": "3" } which means you probably need to put quotes around the actual number.
Also, it is a PUT operation and application/json which is part of the request content.
The error message received by the OP:
[{"status":415,"message":"The specified input content type is not valid."}]
Is saying that he did not supply the 'Content-Type' header in his request or that the header supplied is for a content type that is not allowed. For the OP's case using JSON he would need to include the header:
Content-Type: application/json
in his HTTPS request. This description can be found along with those of the other status codes you may see here:
https://developer.bigcommerce.com/api/status-codes

How to force 'Date' value on HTTP POST Request in JavaScript/Ajax

I'm trying to force the Request Header value for 'Date' Parameter in Javascript on XMLHTTPRequest object by using the following:
request.setRequestHeader("Date", "Mon, 04 Mar 2011 03:31:18 EST");
I need to override the default Date value as above in order to pass the authentication for using a service using the POST request.
But when I run this code in Firefox, I don't see the "Date" parameter being sent out as part of the HTTP request. Any idea on how to force the Date parameter with the desired value as part of the HTTP Post request in Ajax/Javascript?
Any help is appreciated.
Maybe it is explicitly forbidden?
I can see this jquery code creating an additional header in the firebug net tab
$.ajax(
{
type: 'POST',
url:'http://fiddle.jshell.net/',
headers: {'d':'abc'}
}
);
Yet if I change the header from d to Date it disappears