I'll start with the log that I am receiving below:
Dec.15.11.56-Rf: Incoming Request URL: /
Dec.15.11.56-Rf: SECURE GET Path: / From: mlocal.cldeals.com Rewritten: www.cldeals.com
Dec.15.11.56-Rf: Received 302 Found [text/html; charset=UTF-8] response for /
Dec.15.11.56-Rf: Sending 302 text/html; charset=UTF-8 response for /
Dec.15.11.56-Rf: Stats. Total: 0.52088702, Upstream: 0.48212701, Processing: 0.00105600, ProcessingOther: 0.04037500
Basically, when I go to mlocal.cldeals.com, it loads fine. If I click on another page, say mlocal.cldeals.com/products, that loads fine as well. The issue seems to be when I go to the account page and try to switch back to the homepage, maybe some type of security issue? When I try to switch back to mlocal.cldeals.com, the home page, it boots me off and sends me to www.cldeals.com. Is there something I can add to force this from not happening? Additionally, is this just a local server issue that would go away when I launch it on Moovweb's server? Any help is greatly appreciated.
Thank you.
It looks like the backend response to https://www.cldeals.com is a 302 to http://www.cldeals.com:80/. Not sure why that is the case (see note below *)
curl -v -o /dev/null https://www.cldeals.com
This response contains a hardcoded Location header and your project is passing along the response as is, which is why you are being booted off your local server.
Because the Location header value has a port specified, you'll need to modify your config.json to include this line in the mapping:
{
"host_map": [
"$.cldeals.com => www.cldeals.com",
"$.cldeals.com => www.cldeals.com:80"
]
}
This way, the SDK knows to rewrite that specific host:port value... (By default all HTTP requests go through port 80, so that information isn't really necessary)
*This is might be bug in the backend implementation because once you log in, you should be in HTTPS mode until you log out. (I can see some pages with personal information being transmitted over plain HTTP)
Related
I'm trying to deploy a SAILS app & a VUE app on heroku with a custom domain. I'm currently facing with something that seems to be a CORS issue, but I do not understand this one.
Problem
When I send a GET request to my backend in stage mode, (with postman or my frontend-app) I get an error message :
"... blocking Cross-Origin Request : the "same origin" policy does not
allow access to the resource located at
https://app-frontend.herokuapp.com/api/v1/account/user-controller
...".
The HTML response is :
Status 503 →Service Unavailable
Cache-Control →no-cache, no-store
Connection →keep-alive
Content-Length →511
Content-Type →text/html; charset=utf-8
Date →Tue, 24 Jul 2018 08:17:13 GMT
Server →Cowboy
And my sails console gives me this info :
Redirecting GET request from 'undefined.' subdomain...
But with POST requests, I don't face to this problem and my route is well defined as it works in dev mode.
Did you try setting csrf: false in the config/security.js? It shouldn't affect GET requests, but the key to your problem might be somewhere there.
wget hangs there while it accesses the following website. But when I use a browser to access it, it will be redirected to https://nyulangone.org. Does anybody know why wget can not get redirected in this case? Thanks.
$ wget http://nyumc.org
--2018-02-20 20:27:05-- http://nyumc.org/
Resolving nyumc.org (nyumc.org)... 216.165.125.106
Connecting to nyumc.org (nyumc.org)|216.165.125.106|:80...
When I used wget on the site you mentioned, this is what I get:
--2018-02-21 21:16:38-- http://www.nyumc.org/
Resolving www.nyumc.org (www.nyumc.org)... 216.165.125.112
Connecting to www.nyumc.org (www.nyumc.org)|216.165.125.112|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 179 [text/html]
Saving to: ‘index.html’
index.html 100%[==================================>] 179 --.-KB/s in 0s
2018-02-21 21:16:38 (8.16 MB/s) - ‘index.html’ saved [179/179]
In the index.html file, which bears the logo of NYU Langone Medical Center, it says: "The following URL has been rejected for security concerns. If you believe you have received this message in error, please summit an incident with our helpdesk at 212-263-6868..." So, it may not redirect because the website can detect that you are a bot and not a browser. You could attempt to change the user agent string and other HTTP headers to avoid detection, but I'm not sure why you wouldn't just turn wget on https://nyulangone.org. Judging from information on archive.org, nyumc.org has been redirecting to other sites for at least the last 5 years. It was redirecting to http://www.med.nyu.edu until 2016, at which point it started redirecting to https://www.nyulangone.org.
I hope that helps.
In python (and my browser), I am able to send a request to https://www.devrant.com/api/devrant/rants?app=3&sort=algo&limit=10&skip=0 and get a response, as expected, but with Lua, I get HTTP/1.1 301 Moved Permanently. Here is what I have tried so far:
http = require("socket.http");
print(http.request("https://www.devrant.com/api/devrant/rants?app=3&sort=algo&limit=10&skip=0")
which outputs an HTTP error page (moved permanently) and
301 table: 0x8f32470 http/1.1 301 Moved Permanently
the table's contents are:
location https://www.devrant.com/api/devrant/rants?app=3&sort=algo&limit=10&skip=0
content-type text/html
server nginx/1.10.0 (Ubuntu)
content-length 194
connection close
date Mon, 11 Dec 2017 01:41:35
Why does only Lua get this error? If I request to google, I get the google home page HTML. If I request to status.mojang.com, I get the mojang server statuses in a JSON response string, so the socket is functional for certain.
It's because you are using socket.http to request a page from https URL; since socket.http doesn't handle https, it sends the request to port 80, which gets forwarded to https URL, but socket library doesn't follow that redirect, as it doesn't "know" what to do with https, so it simply reports 301.
You need to install and use luasec and use ssl.https instead of socket.http, which will make it work.
I have a domain from Namecheap.com and hosted a page through github pages. Sometimes the my page fails to load and gives "too many redirects" error. I think the problem in somewhere in my advanced DNS. Take a look at it-enter image description here
Basically I have got 2 A records pointing to the IP address of Github and a CNAME record pointing to mygithubusername.github.io and an URL redirect record pointing to my domain. What am I doing wrong?
As far as I can see the problem comes from the URL redirect record. When trying to reach www.akshayud.me it redirects to akshayud.me and when it hit the URL redirect it redirects back to www.akshayud.me, which redirects to akshayud.me and is making an infinite loop.
To solve it remove the URL record from the DNS (which is my preferred solution) or fix the redirection from www to root on web server level.
Here is my wget output (I used only the URL record IP to guaranty 100% usage of the URL redirect record):
$ wget www.akshayud.me
--2017-12-19 08:03:18-- http://www.akshayud.me/
Resolving www.akshayud.me (www.akshayud.me)... 151.101.1.147, 151.101.65.147, 151.101.129.147, ...
Connecting to www.akshayud.me (www.akshayud.me)|151.101.1.147|:80... connected.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: http://akshayud.me/ [following]
--2017-12-19 08:03:18-- http://akshayud.me/
Resolving akshayud.me (akshayud.me)... 162.255.119.148
Connecting to akshayud.me (akshayud.me)|162.255.119.148|:80... connected.
HTTP request sent, awaiting response... 302 Found
Location: http://www.akshayud.me/ [following]
--2017-12-19 08:03:18-- http://www.akshayud.me/
Connecting to www.akshayud.me (www.akshayud.me)|151.101.1.147|:80... connected.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: http://akshayud.me/ [following]
--2017-12-19 08:03:18-- http://akshayud.me/
Connecting to akshayud.me (akshayud.me)|162.255.119.148|:80... connected.
HTTP request sent, awaiting response... 302 Found
Location: http://www.akshayud.me/ [following]
--2017-12-19 08:03:19-- http://www.akshayud.me/
Connecting to www.akshayud.me (www.akshayud.me)|151.101.1.147|:80... connected.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: http://akshayud.me/ [following]
I had the same issue, and the solution was for me that in my github CNAME file, I had to change my webpage title. So after I changed it to "www.mywebpage.hu" (before it was without "www."), then no more redirect problems happened. I've checked your CNAME, and you don't have 'www.' too, maybe it will help if you complete your title with this.
I got into the same trouble and in my case,
How I Fixed :
the mistake was in my CNAME record. I pointed CNAME www to my github pages domain (username.github.io), so when I hit the domain it creates a loop of github domain -> custom domain -> github domain ..... as github domain auto redirects to the custom domain. Changing the CNAME value to my custom domain fixed the issue
I have HAproxy is behind an AWS ELB. As soon as i remove the ELB, i can get the custom error page. but, with ELB in the front of Haproxy, i get HTTP/1.1 504 GATEWAY_TIMEOUT Content-Length: 0 Connection: keep-alive.
Can anyone tell me what is going on please? Thanks
errorfile:
HTTP/1.0 403 Forbidden
Cache-Control: no-cache
Connection: close
Content-Type: text/html
<html><body><h1>403 Forbidden</h1>
Request forbidden by administrative rules.
</body></html>
Me and a coworker just had the same problem. After receiving the timeouts, and reading amazon definition for this type of http code, i got in my head my error file was "malformed". After a lot of trys, we managed to discover that there is something funny with the CL-RF (new lines) on the error file "header".
I downloaded HaProxy default file from their git (https://raw.githubusercontent.com/haproxy/haproxy/60220bbc4b6b3c4279d3c96232cf2c2461ecc55e/examples/errorfiles/503.http) and when you open it on vi(m) it has a ^M (CR) sign on the headers(everything before the body, including the empty line separating them). If you cant download it, you could just write it (just the top part) on wordpad or something like it (dos) and then send it to you unix machine.
So i wrote my on file using their header and now everything works fine.
Cheers.