New to coding here... Just got my validation form working, now after submitting the form, I am getting a Server Error in '/' Application after submitting form. This type of page is not displayed.
<form action="ContactUsResults.cshtml" method="POST">
When I change my page type to .htm
<form action="ContactUsResults.htm" method="POST">
Then I get the 405 error message 'Method Not Found'
Ideally, I am just trying to get to a confirmation page after they submit the form.
Thanks!
The web server that is running as part of your WebMatrix environment is not configured to allow the POST method, hence the 405 "Method Not Found" error. You will need to enable the POST method in settings or a configuration file in order for your form action to work.
Related
I am trying to test a Web API using Postman on a project which I have inherited from previous developers. All I know so far is that Authentication has been configured using ASP.Net Identity and Identity Server 4.0 which implements OAuth and issues short lived JSON Web Tokens (JWT) and Refresh Tokens.
If I navigate to the development website, log in (successfully), and use Chrome Developer Tools to inspect the initial log in request I can see that the body of the request contains a Form with 3 fields; userName, password and returnUrl. If I right-click on the request I can copy the request as cURL (bash) and in Postman I can import the data to create a new request. If I send the request I get a status 200 OK back and the response includes 6 cookies. However the body of the response contains an htlm page which Postman can't render and a message You need to enable JavaScript to run this app.
I'm lost now as to how I can use the response to authenticate a request for some data. Is the Token I need contained within one of the cookies? How do I extract the Token and use it within a request for some data? Any advice or suggestions would be very welcome.
Normally, with JavaScript enabled in the browser, <form> would be automatically posted to its' destination defined in action, using method. JavaScript would do somethign like the following:
window.addEventListener('load', function(){document.forms[0].submit();});
So without JavaScript, you would need to somehow parse the form that you received and recreate equivalent request.
The form, received upon successful login, contains data that should be sent back to your origin website, to authenticate the end-user.
For example, form's body contains hidden input fields, defined by OpenID protocol:
...
<input type='hidden' name='token_type' value='Bearer' />
<input type='hidden' name='expires_in' value='600' />
...
Form action attribute points back to sign-in endpoint on your website. For example:
<form method='post' action='https://{hostname:post}/signin-oidc'>
I am getting error in AMP Form
<form class="innler-left" method="post" action-xhr="//mydoma.com/ xxxx/xxx/xxx/send.php" target="_top">
On submit getting below error in console.
Response must contain the AMP-Access-Control-Allow-Source-Origin header
Form submission failed: Error:
Response must contain the AMP-Access-Control-Allow-Source-Origin header _reported_
Once user submit the form it goes it php file in where I put the following header
header('HTTP/1.1 200 OK');
header("access-control-allow-credentials:true");
header("AMP-Same-Origin: true");
header("Access-Control-Allow-Origin:".$_SERVER['HTTP_ORIGIN']);
header("amp-access-control-allow-source-origin: https://".$_SERVER['HTTP_HOST']);
header("Access-Control-Expose-Headers: AMP-Access-Control-Allow-Source-Origin");
header("access-control-allow-headers:Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token");
header("access-control-allow-methods:POST, GET, OPTIONS");
header("Content-Type: application/json");
I got it working offline on local machine but once i upload files, it not working :(
tried https://github.com/ampproject/amphtml/blob/master/spec/amp-cors-requests.md
POST __amp_source_origin is not matching!
I was also facing the same issue to fix this, make sure your URL start with https. And try to replace the following line in your code :
header("Access-Control-Allow-Origin:".$_SERVER['HTTP_ORIGIN']);
with
header("Access-Control-Allow-Origin: ". str_replace('.', '-','https://www.example.com') .".cdn.ampproject.org");
Note : Replace https://www.example.com with your AMP website URL
Hope it helps.
I use in my template:
<g:formRemote id="accountInfoForm" name="updateInfo" url='[controller:"settings", action: "updateProfile"]' onSuccess="triggerReload()" update="personal-info" accept-charset="utf-8">
I have in my form the following submitButton:
<g:submitButton type="submit" class="update-button" name="Update" id="updateInfo"></g:submitButton>
When I click on the submitButton a request to the URL happens though the form is not valid (The errors are displayed)
Of course that the form is not updated because the is an error in the post request. But the request shouldn't be sent at all if the form is not valid.
The standard FormRemote Tag doesn't validate the Form, the Validation is made on the Application Side, that's why you got the Error back.
To send the Form to the URL only when the form is valid you have to use an Client Side Validation like this
Before form is submit it go through session checking and if session was timeout it will redirect to login page. This is where the problem occur because it is ajax form submit so failure: handle this, but what extjs return to separate redirect from other kind of error ?
If your session is timed out, do you need the server to return a json and handle it in the failure or success handler of the ajax request?
But if your session has expired, you need to redirect the user to your login page. In that case, you need not worry about what the json response would be and how ExtJS will handle it.
For a 302 error, its the web server that provides the alternate URL and not the browser. The 302 response from the Web server should always include an alternative URL to which redirection should occur. So, in your case you should redirect the user to the login page of your application.
If I visit the link http://mega.1280.com/file/EKOZKE/, enter the captcha code and click the Download button, I can download the file.
I wonder if I can submit the form without clicking the 'Download' button? I mean typing the captcha code directly on the address bar and hit Enter?
I try http://mega.1280.com/file/EKOZKE/?code_security=xxxxxx where 'code_security' is the name of the textbox of the captcha code but it failed. Any ideas?
The form has a POST method. You can't emulate a POST request with a different url, that's what GET requests do.
Even if the server doesn't check the method of the request, you still have to provide every mandatory data. If you look at what is sent by the form, you'll see there are 3 other parameters (action, btn_download, file_id), and more importantly several cookies that the server need to recover your php session (PHPSESSID), which is in turn needed to match your security_code with the provided CAPTCHA.
Bottom line: you can emulate the request, but not by submitting a simple GET request. You have to use a real user agent, one that is able to send post requests and handle cookies.
...But of course, that's exactly what CAPTCHA are here to prevent you to do :-).
edit: to reply to your comment "I just want to find out the technique that this website use to submit form." :
This website doesn't submit the form, actually. It's your browser that submits the form, and it does so by conforming to HTML and HTTP standards. On the webpage, the form is coded
<form name="frm_download" method="post" action="">
So when you click on the "submit" button, your browser collects all the data from the inputs (text, hidden, whatever) and sends a HTTP POST request to the same url that the form originated from, with a bunch of HTTP headers (including a Cookie header that contains all the stored cookies information attached to this server domain) and a body containing the form data : a list of key/value pairs.
The server receives the request. It can check that it's actually a POST request. It can and will retrieve all submitted pairs of data (parameters). It can retrieve the cookies, and will do so to restore your php session. It will then compare your security_code parameter with the correct data stored in your php session. If the CAPTCHA matches, then it will send you a response containing the file pointed by your file_id parameter.