I'm using SoapUI 5.2.0 (the free version) to test among other things a API Gateway.
While testing it, I noticed that the log in the API GW registers two requests every time I submit a single SOAP request from SoapUI.
I ran a test client consuming the same service through the API GW, and only a single request was registered.
When googling this issue, all I find it someone never answered about a similar problem when posting REST from SoapUI 3.something.
I have tried turning the switch between using pre-emptively authentication and not - and it only toogles a initial first repeat of the request, rejected with a request for auth.
(Basically that just changes the amount of requests between 3 and 2, instead of 2 and 1)
I fail to find any reference to this being a "feature" in SoapUI.
Why is it doing this double posting?
Can it turned off?
Has anybody else registered this behavior in SoapUI?
After some further digging, it turned out that SoapUI had proxy set to "Automatic".
When I toggled it to "None", the issue of double posting disappeared.
I do not fully understand why a proxy would somehow result in double SOAP requests being sent to the service, but at least in my case it seems very much to be exactly what is going on.
So - if you came here with a similar problem, go check the "Proxy Settings" tab in "SoapUI Preferences" (File -> Preferences or Ctrl+Alt-P - at least in SoapUI 5.2.0).
Related
The short story: If I hit my endpoint /api/something with a PUT and no body, it goes through to my Lambda (via CF -> API GW -> Lambda). If I add a body to the request, it doesn't work and seems to die before hitting the API Gateway. I'm not sure why it would do this.
The long story:
I've set up a CloudFront distribution that sends requests to /api to our API gateway and all other requests just vend static website resources.
It has been working great so far for our simple use cases. We previously only hit the API Gateway with GET requests, but now we're going to start needing to send PUT or POST requests to the API Gateway. I had to update the CloudFront distribution "behaviors" for the /api path pattern (the one going to the API gateway) to allow all HTTP methods after that, I was able to start getting responses from the API Gateway for PUT and POST responses (previously only worked for GET).
However, I noticed that if I try to send a payload or body with the request (regardless of the request type), I don't think it actually hits the API Gateway or the Lambda that the API Gateway is routing to because I get a response of "You need to enable JavaScript to run this app". I tried looking at the logs but couldn't find anything. The heads shows "Error from cloudfront" but I'm not sure why or where to find what the error was.
Any tips on how to troubleshoot this or what the issue might be?
Update (10/8): I figured out the "enable javascript" thing was coming up because of my custom error pages for 403&404 errors. I deleted them in my development environment and now get a clearer error.
"This distribution is not configured to allow the HTTP request method
that was used for this request. The distribution supports only
cachable requests. We can't connect to the server for this app or
website at this time. There might be too much traffic or a
configuration error. Try again later, or contact the app or website
owner."
However, I still don't know what to do, as the request type (PUT) is enabled and the request works as long as I don't provide a body. Not sure how to get it to be ok with a body at the moment.
We have a Client Toolkit provided by our partner that allows us to access their web services. It started giving errors yesterday on any call and initially their support wanted us to provide a Fiddler log. I tried to do so, however there was no activity shown in Fiddler when the call was made.
From this I would have assumed that the error would have to have occurred before an actual web request was sent out. However, the issue turned out to be an update they did that requires an SSL connection. They rolled back the change but advised us to update our calls to use https so they can re-implement their update.
So if the change was on their end, that means that communications obviously were going on with their server. Why wouldn't that have shown up in Fiddler? Are there scenarios where communications occur but a request isn't fully created or something like that? I just assumed that if there was any communication whatsoever that "something" would show up in Fiddler.
I have implemented an authorized action as explained in this question as well as the answer by #vdebergue.
This was working great, and the requests made by the front-end application were automatically adding an X-XSRF-TOKEN request header, with the token obtained from the login response.
However upon deploying both front-end and back-end, the requests issued from the browser are no longer adding the X-XSRF-TOKEN request header, thus causing an Unauthorized response from the server (rightfully so).
What I am failing to understand is, what is it that changed between development and deployment?
I do have the request header specified in cors.allowedHttpHeaders:
play.filters.cors.allowedHttpHeaders = ["Accept", "Origin", "Content-Type", "X-XSRF-TOKEN"]
I doubt I have to add this header manually from React (in fact the issue probably has nothing to do with the front-end).
Thanks!
Edit 1:
List of XHR requests:
Details of the login POST request, can see the X-XSRF cookie and the token being passed:
Details of the unauthorized GET that is not setting the X-XSRF as request header:
Same as previous screenshot, but running on localhost, getting authorized with the header added:
Assuming you implemented correctly, and the cookie is not attached during deployment, the issue might be related to the domain of your cookie. The way I did it is to define an an env variable and use it to hold the domain value; so it does not break the implementation during development and tests.
You can look at the Playframework API documentation for more information on how to use the cookie.
Solved in an unconventional matter: front end was made with react, which offers a way to build a static production version.
I simply integrated those static files with play framework's index.scala.html, instead of trying to run it as a separate app on a different port.
It works, however i will not mark it as a best answer yet, because i don't know whether a mobile app connecting to the same play framework backend will play along nicely when it comes to authorisation and cookies. Mobile apps are not browsers (and maybe don't abide by their limitations), and Postman had no issues with cookies.
To be checked.
I'm using the guest auth for TeamCity REST calls, however every once in a while it response to a request for json (or xml) with the HTML from the login screen.
Has anyone else experienced this? have any pointers?
I also experienced such a behavior, depending on data, which I request from Rest - when I am requesting agent configuration, it is not allowed to be served to guest (at least, this seems so, starting from 7.1 till 8.0.2)
Has anyone got a sample SOAP payload for the ideone.com service?
I've tried several clients including the Firefox SOA client ( which returns an error from the service), the 360Works java soap client which crashes on reading the wsdl, and the online soapclient.com which returns nothing.
I tried two of the SOAP clients you mentioned, soapclient.com and Firefox SOA, and successfully accessed the service at ideone.com.
First, make sure you are using the API password when trying the service and not the site password.
With soapclient.com, make sure that you're viewing the results as XML. You won't see anything if you choose HTML (one of their options).
With both clients, make sure you don't interpret the status with a key name of "error" as meaning that an error has been returned, if the value of this field is "OK". This indicates success.