I'm working on handling history within my GWT application.
If, during the History.ValueChanged event, the history tag value is unknown,
I'd like to show the user a 404.
How can I return a standard "Page Not Found" from GWT?
URL tokens (the part after the #) are not sent to the server - changes to that URL part don't create an HTTP request, so there is no HTTP response, and hence no HTTP error code.
(Of course you can react to URL token changes from within your History's ValueChangeHanler, and manually trigger an HTTP request - which could then return a 404. But to show that 404 to the user, you'd have to relocate to that URL, which is probably not what you want. How about showing a nice error message to the user instead?)
Related
I have an API (TalkDesk) where when I request a specific report, I need to pass in an Authorization header in my request and then the service will generate the report and respond with a 302 status code which has a Location response header. That Location header contains the link I need to go to in order to bring back the actual report data.
However, in ADF, using a Web Activity, I send my GET request to the API, the API responds, and ADF seems to automatically be following the 302 redirect. When it follows the redirect url, the new url returns an error message because ADF is passing in the original Authorization header and the redirect url responds with "only one Authorization method is allowed". It turns out the redirect url from the Location header comes with an authorization token as a url parameter (X-Amz-Signature).
What I want to do is stop ADF from following the Redirect url so I can capture the original response headers and go to the Location url in a seperate Web Activity.
Is there any way I can tell ADF not to follow Redirects and just give me the original response (vs giving me the response from the second url)?
I am using cas 5.x.
I have cas-server and two web apps client-1 and client-2.
currently, I can single sign on and single sign out, but there is one problem in following steps:
access client-1, it will ask me for login in cas server, then redirect me back to client-1 after login success.
click one button to access the protected resources of client-2 via ajax in page of client-1, however this ajax call return 401.
if i access protected resources of client-2 from browser address bar directly in step 2, it works.
ajax cannot handle the redirect cause this problem, thus how to solve this problem?
my ajax call is :
//test() is in client-1
function test() {
jQuery.ajax({
url:"http://192.168.0.14:8445/client-2/user/userInfo",
headers: {'X-Requested-With': 'XMLHttpRequest'},
success: function(res) {
//...
}
});
}
Per the pac4j documentation,
When you're using an Indirect Client, if the user tries to access a protected URL, the request will be redirected to the identity provider for login. Though, if the incoming HTTP request is an AJAX one, no redirection will be performed and a 401 error page will be returned.
So what you're seeing is expected behavior.
Next, the HTTP request is considered to be an AJAX one if the value of the X-Requested-With header is XMLHttpRequest or if the is_ajax_request parameter or header is true. This is the default behavior/condition when handling/detecting AJAX requests, and by default, pac4j will only compute the redirection URL and add it as a header (assuming the addRedirectionUrlAsHeader is set to true for the indirect client) when it passes back the 401 http status.
ajax cannot handle the redirect cause this problem
It's not designed to handle the redirects. You need to catch the 401 in your AJAX call, take the redirect url from the header that is passed back to you and do the redirect yourself automatically, or do any other activity/action that is correct behavior for your application (display message, redirect to another URL, etc).
I have an endpoint that requires a parameter passed via the query string (is a GET verb).
What is the appropriated status code to give when this parameter is missing from the request? 400 is the one? or should I respond with a 404?
[GET /search?q=ok] => 200 OK
[GET /search] => 400 Bad Request? or 404 Not Found? Or 422 Unprocessable Entity? Others?
TLDR It's an HTTP 400 - Bad Request.
It's a 400 because the user did not send the Required input field.
why not 422 - because this case fits to 400. Keeping your consumers in mind, you shouldn't go to non-popular response codes if you don't really need to.
Cases for HTTP 404:
Url which the client requested is not existing in your server (usually this will be handled by your server. Application developer usually doesn't have to do anything unless you want a nice looking 404 page or for SEO reasons).
If it was a path parameter and client was looking for an entity with an id (for Example (/students/{id} and your application couldn't find such entity, you may respond with an HTTP 404.
Let's say, user send the query parameter and you did not find any items matching the query param, make no mistake, it's still an HTTP 200 with body as an empty array or so (not a 404 unlike mentioned in the previous case). Example: /customers?lastname=unobtanium
It should be 400 - Bad Request.
The request could not be understood by the server due to malformed
syntax. The client SHOULD NOT repeat the request without
modifications.
404 - Not Found
The HTTP 404 Not Found Error means that the webpage you were trying to
reach could not be found on the server. It is a Client-side Error
which means that either the page has been removed or moved and the URL
was not changed accordingly, or that you typed in the URL incorrectly.
Its means server is not able to find the URI you specified. but in your case URI is valid but parameters are missing so 400 is right way to do it.
What is the appropriated status code to give when this parameter is missing from the request? 400 is the one? or should I respond with a 404?
I would argue that 404 is appropriate
The 404 (Not Found) status code indicates that the origin server did
not find a current representation for the target resource or is not
willing to disclose that one exists.
The fact that your routing implementation happens to send /search and /search?q=ok to the same handler does not mean that they are the same resource. /search identifies a resource, there's no current representation available for it, so you send a response back to the consumer explaining the problem, and put 404 in the meta data.
The big hint in the spec is this one:
A 404 response is cacheable by default
That lets us inform the client (and any intermediary components) know that this response can be reused.
It's a useful property, and it doesn't apply (out of the box) to 400 Bad Request
Heuristic: your web api should act like a document store. If you ask a document store to give you a document, but you spell the key wrong, what do you get? Some flavor of KeyNotFound exception. Same thing you would get if you asked a web server for a document in your home directory, but your spelled the file name incorrectly.
The semantics of the response indicate the right status code to use, not the implementation details.
By default all the GET requests go to DefaultGetServlet first. Based on the extension, it delegates the request to renderers. Now, if there is no extension in the request URI, why AEM sends 403 (Forbidden) ? At the most, if AEM is unable to serve this, it may send a BAD REQUEST instead. AEM sends 403 even if you are logged in as an admin user (Which has highest level of authorization, if that helps).
Example:
http://localhost:4502/content/geometrixx/en/events
this URL will be responded with 403. Whereas
http://localhost:4502/content/geometrixx/en/events.html
will be served without any problems.
Adding to the above, as mentioned by Ahmed:
With the URL "http://localhost:4502/content/geometrixx/en/events" StreamRendererServlet will get executed and resolves to redirect logic ending with /.
// redirect to this with trailing slash to render the index
String url = request.getResourceResolver().map(request,resource.getPath())+ "/";
response.sendRedirect(url);
Once redirected to "http://localhost:4502/content/geometrixx/en/events/"
The same StreamRendererServlet resolves to directory listing logic.
// trailing slash on url means directory listing
if ("/".equals(request.getRequestPathInfo().getSuffix())) {
renderDirectory(request, response, included);
return;
}
In the renderDirectory as indexing will be false,
if (index) {
renderIndex(resource, response);
} else {
response.sendError(HttpServletResponse.SC_FORBIDDEN);
}
a 403 Forbidden response will be sent.
You can change this behavior by enabling "Auto Index" for "Apache Sling GET Servlet" felix configuration console.
As of this sling ticket SLING-1231 closed in 2009, if no renderer is found the return status code should be 404.
you can see that in the sling sourcecode for DefaultGetServlet.java in the doGet method. source
The following tested on AEM 6.3 but should be the same for 6.0+
For example, if you tried to visit http://localhost:4502/content/geometrixx/en/events.something you'd get a 404 and the sling progress tracker would log No renderer for extension something
Now, if I may rephrase your question, why does extension=null return a 403?
If you look at the sling progress tracker response, you'll probably notice this log:
Using org.apache.sling.servlets.get.impl.helpers.StreamRendererServlet to render for extension=null
Which means that for a null extension, Sling will use the StreamRendererServlet(source) to try and render the resource. Somewhere in that code or probably a filter applied after causes the 403 response code you see. You'll have to debug that one yourself and find out where exactly a 403 is returned.
Adding on to what Ahmed said:
Without extension, Sling assumes that you are trying to list the contents of that directory path and looks for an index file under that path. When it doesn't finds that index file, it throws back the forbidden error.
If you add an index file under the events node and try to request the same extensionless url, it will serve that index file.
That is to say, when you add the index file (index.html) under /content/geometrixx/en/events,
all requests to http://localhost:4502/content/geometrixx/en/events or http://localhost:4502/content/geometrixx/en/events/index.html will return the same result.
I am trying to create a surveymonkey webhook to receive my survey response and i am passing my SugarCRM custom entry point URL as "Subscription Url". But i am getting error " 'mycustomEntryPointUrl' did not return a success status code. Status code is 301". My Entry point is working fine if i run it in browser using its URL also my Sugar is working smoothly.
So, i just want to know any other reason which can cause this error.
Yes so HTTP status code 301 means the page has moved permanently. If you visit it in your browser, for example, you would see a network request to the page specified with a status code of 301, then a second one to the new page. Our API request won't do any redirect, so if a 301 is returned it will raise an error.
This sometimes happens when you go to a page with http and then it redirects to https due to rules on your server.
You also want to make sure your subscription URL supports a HEAD request without any redirect.