Twitter 403 error for update_with_media everytime - iphone

I am using MGTwitterEngine, and I am using update_with_media api call for posting status as well as image. It works some times but now it is giving me error message with error code 403.
I am getting message from twitter,
equest A281E76C-889C-4E79-B8CE-B8D9B89CAD5D failed with error: Error Domain=HTTP Code=403 "The operation couldn’t be completed. (HTTP error 403.)"
headers for failed response: {
"Cache-Control" = "no-cache, no-store, must-revalidate, pre-check=0, post-check=0";
Connection = "Keep-Alive";
"Content-Encoding" = gzip;
"Content-Length" = 146;
"Content-Type" = "application/xml; charset=utf-8";
Date = "Wed, 09 May 2012 13:59:18 GMT";
Expires = "Tue, 31 Mar 1981 05:00:00 GMT";
"Keep-Alive" = "timeout=15, max=100";
"Last-Modified" = "Wed, 09 May 2012 13:59:17 GMT";
Pragma = "no-cache";
Server = hi;
"Set-Cookie" = "k=121.242.223.26.1336571957410684; path=/; expires=Wed, 16-May-12 13:59:17 GMT; domain=.twitter.com, guest_id=v1%3A133657195794826993; domain=.twitter.com; path=/; expires=Sat, 10-May-2014 01:59:17 GMT, dnt=; domain=.twitter.com; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT, lang=en; path=/, lang=en; path=/, lang=en; path=/, lang=en; path=/, twid=u%3D309516512%7Ccj5mm3XKJjrOylGjj9dBeiIYQXM%3D; domain=.twitter.com; path=/; secure, _twitter_sess=BAh7CToPY3JlYXRlZF9hdGwrCMWS5TE3AToHaWQiJWIxYTFiNjkyYWFhMzA4%250AN2E3MDZlZmY0MWE4MmZlMDgzIgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy%250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsAOgxjc3JmX2lkIiUzNzg5%250AOGJhN2Q4M2MzY2NkODZiYmI0OGI1MjFkMzI3Ng%253D%253D--d5860bbfc91c1a86b279feeb0a5f6a902809c18a; domain=.twitter.com; path=/; HttpOnly";
Status = "403 Forbidden";
Vary = "Accept-Encoding";
"X-Access-Level" = "read-write";
"X-Action-Name" = "update_with_media";
"X-Controller-Class" = "Api::StatusController";
"X-Frame-Options" = SAMEORIGIN;
"X-MID" = 10eaf9e95fb949887d309c590873aa70188770d4;
"X-MediaRateLimit-Class" = photos;
"X-MediaRateLimit-Limit" = 30;
"X-MediaRateLimit-Remaining" = 30;
"X-MediaRateLimit-Reset" = 1336658357;
"X-Runtime" = "0.07889";
"X-Transaction" = ecd0661ac173c9ab;
"X-Transaction-Mask" = a6183ffa5f8ca943ff1b53b5644ef1141757cb62;
}
I am not getting what should be done in this case.
In twitter documentation 403 error is for duplicate tweet, but I am tweeting for the first time.
Thank you in advance.

Related

Paypal REST API javascript SDK error 400 while paying with cards

I have integrated the PayPal REST API via SDK Javascript:
<script>
paypal.Buttons({
enableStandardCardFields: true,
createOrder: function (data, actions) {
return actions.order.create(<?=$order_details?>);
},
onApprove: function(data, actions) {
$('.loader').removeClass('hidden');
return actions.order.capture().then(function(details) {
saveOrder(details.status, details.id);
});
},
onError: function (err) {
$('.loader').addClass('hidden');
openModal('paypal error', 'error');
}
}).render('#paypal-button-container');
</script>
Everythings works fine if the customers pay with Paypal account but when they use the form to pay by credit or debit card they'll get some 400 errors which stuck the payment flow just a few seconds after customers are prompted by their card issuing bank to complete an additional verification. The errors in the console are:
POST https://www.paypal.com/webapps/helios/api/switch/threeDSLookUp 400
POST https://www.paypal.com/webapps/helios/api/checkout/83T90328GR130744R/session/clear3DSContingency 400
I try to pay with testing card on PayPal sandbox and the payment successfully ends.
Does PayPal have some problem or are there any errors in my implementation?
Edit:
The response body of the two requests which give the 400 status are empty, I can paste the response headers from the network tab:
General
Request URL: https://www.paypal.com/webapps/helios/api/switch/threeDSLookUp
Request Method: POST
Status Code: 400
Remote Address: 2.17.140.171:443
Referrer Policy: strict-origin-when-cross-origin
Response Headers
cache-control: max-age=0, no-cache, no-store, must-revalidate
content-length: 477
content-security-policy: default-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; script-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' 'unsafe-eval'; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.cardinalcommerce.com https://*.qualtrics.com; img-src https: data:; form-action 'self' https://*.paypal.com https://*.cardinalcommerce.com; base-uri 'self' https://*.paypal.com; object-src 'none'; block-all-mixed-content;; report-uri https://www.paypal.com/csplog/api/log/csp
content-type: application/json; charset=utf-8
date: Wed, 31 Mar 2021 10:57:55 GMT
dc: phx-origin-www-1.paypal.com
etag: W/"1dd-PCgk17aCFosoAOdUfcJ2eD6QiiM"
paypal-debug-id: 5d9937b9701fc
set-cookie: enforce_policy=gdpr_v2; Max-Age=31536000; Domain=.paypal.com; Path=/; Expires=Thu, 31 Mar 2022 10:57:55 GMT; Secure; SameSite=None
set-cookie: cookie_prefs=; Path=/; Expires=Thu, 01 Jan 1970 00:00:00 GMT; Secure; SameSite=None
set-cookie: cookie_prefs=T%3D1%2CP%3D1%2CF%3D1%2Ctype%3Dexplicit_banner; Max-Age=31536000; Domain=.paypal.com; Path=/; Expires=Thu, 31 Mar 2022 10:57:55 GMT; Secure; SameSite=None
set-cookie: x-pp-s=eyJ0IjoiMTYxNzE4ODI3NTExMCIsImwiOiIxIiwibSI6IjAifQ; Domain=.paypal.com; Path=/; HttpOnly; Secure; SameSite=None
set-cookie: x-csrf-jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ0b2tlbiI6InpNOTJKdjNUQk5XSTVtUWMtVk5Iajl2cVUzV0RWTHlhWThyVFRLOVBVT0ZaU3ZLVFg4b052WmRpQm9LUnJLTFp5NGFlUzBlU2JaOFRSQmI3OGdkdkpxWFlLZmVKRTI4Nm1NUTZySlYxb3ZvTWlqbU1CWndLVWJNVXU5QVFkNnNLMFNQUHNKV201OU1nMEViQmxvVnRreFZ5UkhyYzF5QndRX19ENDZuQWhyRXg3R2J3SkRsODNBRU1BZ0MiLCJpYXQiOjE2MTcxODgyNzUsImV4cCI6MTYxNzE5MTg3NX0.TIt4J4zYOv46V_tdUBdMh_Qw1_zXrmmJBFxMp98U3-E; Domain=.paypal.com; Path=/; Expires=Wed, 07 Apr 2021 10:57:55 GMT; HttpOnly; Secure; SameSite=None
set-cookie: l7_az=dcg14.slc; Path=/; Domain=paypal.com; Expires=Wed, 31 Mar 2021 11:27:55 GMT; HttpOnly; Secure; SameSite=None
set-cookie: ts=vreXpYrS%3D1711882674%26vteXpYrS%3D1617190074%26vr%3D64ed90e41780a48f12706c19f7edbfa1%26vt%3D87e554a81780ad0452ba4611ff12d2a4%26vtyp%3Dreturn; Path=/; Domain=paypal.com; Expires=Sat, 30 Mar 2024 10:57:55 GMT; HttpOnly; Secure; SameSite=None
set-cookie: ts_c=vr%3D64ed90e41780a48f12706c19f7edbfa1%26vt%3D87e554a81780ad0452ba4611ff12d2a4; Path=/; Domain=paypal.com; Expires=Sat, 30 Mar 2024 10:57:55 GMT; Secure; SameSite=None
set-cookie: x-cdn=akamai; path=/; domain=.paypal.com; secure
set-cookie: akavpau_ppsd=1617188875~id=ec9ace54472ec90ac4d21553c8f7b468; Domain=www.paypal.com; Path=/; HttpOnly; Secure; SameSite=None
strict-transport-security: max-age=63072000
x-content-type-options: nosniff
x-csrf-jwt: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ0b2tlbiI6IkFLbnNfRmI4X1FCbk1BY3JicVg0N1hfNW1wOTZJdnlpRm8tbW9ZN1dBeF9ULUlqNy10TWNTUDhwdUtUQ3ZQbExoRlpodDhvTlFINzNmbHpYS2NvMVJ5MFluSVAtREhOZ0xSSGVRLTd0ekFOemdZUnF2RGt5OFJqbE9IUVRxQXZXRVlBbVhvUEVWQjZNaTJJUFdGa0t0aTFYSnpudXkzS2daUlpJb2dlZHBNM1dJQ19xNWg3dWJSa2pSMk8iLCJpYXQiOjE2MTcxODgyNzUsImV4cCI6MTYxNzE5MTg3NX0.HHR4G6wt7trB8Tay6S4Kx8VKqVadYklrVjH03u9AF8w
x-csrf-jwt-hash: f2527332411817d44f2014fd6e02276e524de88ab17b95955bee59bd811df9b9
x-edgeconnect-midmile-rtt: 160
x-edgeconnect-origin-mex-latency: 220
x-xss-protection: 1; mode=block
and
General
Request URL: https://www.paypal.com/webapps/helios/api/checkout/83T90328GR130744R/session/clear3DSContingency
Request Method: POST
Status Code: 400
Remote Address: 2.17.140.171:443
Referrer Policy: strict-origin-when-cross-origin
Response Headers
cache-control: max-age=0, no-cache, no-store, must-revalidate
content-length: 502
content-security-policy: default-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; script-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' 'unsafe-eval'; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.cardinalcommerce.com https://*.qualtrics.com; img-src https: data:; form-action 'self' https://*.paypal.com https://*.cardinalcommerce.com; base-uri 'self' https://*.paypal.com; object-src 'none'; block-all-mixed-content;; report-uri https://www.paypal.com/csplog/api/log/csp
content-type: application/json; charset=utf-8
date: Wed, 31 Mar 2021 10:57:56 GMT
dc: phx-origin-www-1.paypal.com
etag: W/"1f6-AvJ2sqQswE251OZ1PTs3yJOewDs"
paypal-debug-id: dc051a9676ef9
set-cookie: enforce_policy=gdpr_v2; Max-Age=31536000; Domain=.paypal.com; Path=/; Expires=Thu, 31 Mar 2022 10:57:55 GMT; Secure; SameSite=None
set-cookie: cookie_prefs=; Path=/; Expires=Thu, 01 Jan 1970 00:00:00 GMT; Secure; SameSite=None
set-cookie: cookie_prefs=T%3D1%2CP%3D1%2CF%3D1%2Ctype%3Dexplicit_banner; Max-Age=31536000; Domain=.paypal.com; Path=/; Expires=Thu, 31 Mar 2022 10:57:55 GMT; Secure; SameSite=None
set-cookie: x-pp-s=eyJ0IjoiMTYxNzE4ODI3NTYyMSIsImwiOiIxIiwibSI6IjAifQ; Domain=.paypal.com; Path=/; HttpOnly; Secure; SameSite=None
set-cookie: x-csrf-jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ0b2tlbiI6InA2OXdaWWdTc1Bfa0d2NG42LVp5VDlOYjEyMF9LcnRiYjhCSEtQX2M2MUhvWmVyUk5YbXhDdHlpMzEtQ1lrRE5GMUxKblpjTXRQNkJhMVk0NEo5ZzU4bXkyMk1fYjN1SURXTmVTR2cwUnJzbl92Q1UxNk5sMVNBY1hPRFBOMkgyOUYyckJqQzRBSGo1LXJMeFJGOUV6bE50US1wNERkLXMxY1RaX1E3czZzYVZxM0hkbzM0dHNNcTVjQk8iLCJpYXQiOjE2MTcxODgyNzUsImV4cCI6MTYxNzE5MTg3NX0.QRxuuY0WTAxfrr-YD20kHGrmYoMtf68HPu85axDF4Qc; Domain=.paypal.com; Path=/; Expires=Wed, 07 Apr 2021 10:57:55 GMT; HttpOnly; Secure; SameSite=None
set-cookie: l7_az=dcg14.slc; Path=/; Domain=paypal.com; Expires=Wed, 31 Mar 2021 11:27:56 GMT; HttpOnly; Secure; SameSite=None
set-cookie: ts=vreXpYrS%3D1711882675%26vteXpYrS%3D1617190075%26vr%3D64ed90e41780a48f12706c19f7edbfa1%26vt%3D87e554a81780ad0452ba4611ff12d2a4%26vtyp%3Dreturn; Path=/; Domain=paypal.com; Expires=Sat, 30 Mar 2024 10:57:56 GMT; HttpOnly; Secure; SameSite=None
set-cookie: ts_c=vr%3D64ed90e41780a48f12706c19f7edbfa1%26vt%3D87e554a81780ad0452ba4611ff12d2a4; Path=/; Domain=paypal.com; Expires=Sat, 30 Mar 2024 10:57:56 GMT; Secure; SameSite=None
set-cookie: x-cdn=akamai; path=/; domain=.paypal.com; secure
set-cookie: akavpau_ppsd=1617188876~id=afd894e1916b2c1aca2a5ac9cf916c1e; Domain=www.paypal.com; Path=/; HttpOnly; Secure; SameSite=None
strict-transport-security: max-age=63072000
x-content-type-options: nosniff
x-csrf-jwt: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ0b2tlbiI6IkZRWVp0U0tzQ1RyTExuN3BrZ2Z6eGU0TTNqNEpOZ2RBREt6UzRUM1ZkcEZRaXExbXVUb1pqQ1ZLVVRFb1h1ZngwOFpiN09RVlZuVE9sNWh3WU4yeGFsZTRGUmZsLVhCZVdkd0dKVjVkbWtyNGJxdVZMVlRieENRUkx4SEtQeXVNQWFzaktRY2dXUXQxWXB6YWExVmlCeHJxMFc4LUVSX21KOERranJzWmFVdkFrSVh1cjRjS3dvdGZNSWEiLCJpYXQiOjE2MTcxODgyNzUsImV4cCI6MTYxNzE5MTg3NX0.NrhhEi6Pk2xNCskmIUvqRBiBVKbvo2nv0W7ZjUUE79o
x-csrf-jwt-hash: 04c44dce1db758b9a87b32491486597340a5a1f359df17d18e7adc2184f4d4ed
x-edgeconnect-midmile-rtt: 158
x-edgeconnect-origin-mex-latency: 683
x-xss-protection: 1; mode=block

Flutter http get() 403 status code problem

I'm practicing on making some get requests using flutter's http plugin, and when I make a request to [https://www.pexels.com], I get 403 Status Code.
But when I open the target Url with chrome browser It works fine.
Is it something that can be solved using some headers?? If so, How??
Here is my Code:
void getData() async {
Response response = await get(Uri.encodeFull('https://www.pexels.com'));
if (response.statusCode == 200) {
print('connected');
} else {
print('connection error');
}
print(response.statusCode);
print(response.headers);
}
Status Code: I/flutter (28151): 403
response.headers:I/flutter (28151): {connection: close, cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0, set-cookie: __cfduid=d22dd51645467ea70238107d1e15f9a2d1607634921; expires=Sat, 09-Jan-21 21:15:21 GMT; path=/; domain=.pexels.com; HttpOnly; SameSite=Lax,__cf_bm=d4c93b1eb4dd2f86fe359617a86f82ba9c90e0d0-1607634921-1800-Ae/p5j0v/53c10n4CBxIlK2mTPDdau3ZpYqbReQLNVrOEyX6pjZBZ6RU0TWU8mxnL4MfxpFfNiLeHkgAlCjwzJY=; path=/; expires=Thu, 10-Dec-20 21:45:21 GMT; domain=.pexels.com; HttpOnly; Secure; SameSite=None, transfer-encoding: chunked, date: Thu, 10 Dec 2020 21:15:21 GMT, cf-request-id: 06f01b415e0000af9c2d97d000000001, content-encoding: gzip, vary: Accept-Encoding, content-type: text/html; charset=UTF-8, expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct", server: cloudflare, cf-ray: 5ff9fb156d4baf9c-BGW, cf-chl-bypass: 1, x-frame-options: SAMEORIGIN, expires: Thu, 01 Jan 1970 00:00:01 GMT}
Request headers from Google Chrome Browser:

LWP::UserAgent returns incomplete 2GB response message

I am using LWP::UserAgentto send request on a URL. But sometime in the response I am getting incomplete XML response.
Code
$args->{pua} = LWP::UserAgent->new();
$args->{header} = HTTP::Headers->new;
$args->{header}->header("Content-Type" => "text/xml", "SOAPAction" => $args->{soapaction});
$request = HTTP::Request->new( "POST", $args->{endpoint}, $args->{header}, $args->{xml});
$response = $args->{pua}->simple_request($request);
my $xmlResponse = $response->content;
In the $xmlResponse sometime I am getting incomplete response. Why is it happening?
ResponseHeader
Connection: close
Date: Tue, 19 May 2015 11:07:37 GMT
Server: nginx/1.6.2
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: text/xml;charset=ISO-8859-1
Client-Date: Tue, 19 May 2015 11:07:40 GMT
Client-Peer: 202.77.98.11:80
Client-Response-Num: 1
Client-Transfer-Encoding: chunked
X-Frame-Options: SAMEORIGIN
LWP may return incomplete response when it failed to read whole body because of the timeout or other read error. In this case $response->is_success will be true and $response->code will be 200, but response headers will contain special header called X-Died.
So you can check this header:
unless ($response->is_success) {
die "Response failed: ", $response->status_line;
}
if ($response->header('X-Died')) {
die "Response failed (internal): ", $response->header('X-Died');
}

WebAuthenticationBroker returns a UserCancel WebAuthenticationResult on a successful Facebook authentication

Using the WebAuthenticationBroker for Single Sign On in a Windows Phone Store app (WinRT / WP8.1), i use the following code to engage the Facebook login process :
string redirectUri2 = Windows.Security.Authentication.Web.WebAuthenticationBroker.GetCurrentApplicationCallbackUri().AbsoluteUri;
FacebookClient fb = new FacebookClient();
Uri loginUri = fb.GetLoginUrl(new {
client_id = FacebookAppID,
redirect_uri = redirectUri2,
response_type = "token",
scope = FacebookScope,
display = "popup"
});
WebAuthenticationBroker.AuthenticateAndContinue(loginUri, new Uri(redirectUri));
In the ContinueWebAuthentication(WebAuthenticationBrokerContinuationEventArgs args) callback, the WebAuthenticationResult.ResponseStatus I get is UserCancel, even on a successful sign in.
Trace of the last response from Facebook :
HTTP/1.1 200 OK
X-Content-Type-Options: nosniff
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
X-XSS-Protection: 0
X-Frame-Options: DENY
Facebook-API-Version: v2.0
Pragma: no-cache
Content-Type: text/html; charset=utf-8
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=-1413367561; path=/; domain=.facebook.com; httponly
X-FB-Debug: {edited out}
Date: Wed, 15 Oct 2014 10:06:02 GMT
Connection: keep-alive
Content-Length: 411
<script type="text/javascript">window.location.href="ms-app:\/\/s-1-15-2-908865707-3825634006-813379085-3082126904-2549935584-1522363559-xxxxxxxxxx\/#access_token={edited out}&expires_in=5113018";</script>
What is going on with the WebAuthenticationBroker ?
Additional information on the issue : the date/time/timezone on the phone are correct.

Twitter api response unreadable

We have been using twitter api for a while now but suddenly it stopped working. Tracing it back it seems that the response from the MSXML2.ServerXMLHTTP request is unreadable by ASP vbscript.
Even a simple GET request to a page turns into invalid charactors. Opening https://api.twitter.com/oauth/request_token in a browser will show a string "Failed to validate oauth signature and token". When I try to get the same thing in ASP it returns unreadable data.
<% #LANGUAGE="VBSCRIPT" %>
<%
Set objXMLHTTP = Server.CreateObject("MSXML2.ServerXMLHTTP")
objXMLHTTP.open "GET", "https://api.twitter.com/oauth/request_token", false
objXMLHTTP.send ""
Response.Write "<pre>"
Response.Write objXMLHTTP.responseText
Response.Write "<hr>"
Response.Write objXMLHTTP.getAllResponseHeaders()
Response.Write "</pre>"
%>
output is:
?
------
Date: Thu, 06 Dec 2012 09:12:17 GMT
Status: 401 Unauthorized
X-MID: caa889032d29f5316a855dcadd748211ed4ee276
X-Frame-Options: SAMEORIGIN
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Content-Type: text/html; charset=utf-8
Last-Modified: Thu, 06 Dec 2012 09:12:16 GMT
Pragma: no-cache
X-Transaction: dd71c8da0813a966
Expires: Tue, 31 Mar 1981 05:00:00 GMT
X-Runtime: 0.02056
Set-Cookie: k=10.36.75.125.1354785136971277; path=/; expires=Thu, 13-Dec-12 09:12:16 GMT; domain=.twitter.com
Set-Cookie: guest_id=v1%3A135478513698331395; domain=.twitter.com; path=/; expires=Sat, 06-Dec-2014 21:12:16 GMT
Set-Cookie: _twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCFihfG87ASIKZmxhc2hJQzonQWN0aW9uQ29u%250AdHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7ADoHaWQiJTMx%250AMzI0YjhkNDc4YmQ4MDExMjlhNTI2NWU5OTAxNDVi--97206a42b05d8cb85fbd88ccd9ccb8aaca39ebef; domain=.twitter.com; path=/; HttpOnly
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 62
Server: tfe
the ? is infact a string with more charactors but cannot be handled because it contains a CHR(0).
Now I figured it might be because of the Content-Encoding: gzip, but even when sending an objXMLHTTP.setRequestHeader "Accept-Encoding", "none" (or any other format) it returns the same.
Anybody has any idea what I can do to solve this?
I have been looking at this for hours now and just after asking I find the awnser! Twitter API requires a user-agent to be sent a long with the request. So it was as simple as:
Set objXMLHTTP = Server.CreateObject("Msxml2.ServerXMLHTTP.6.0")
objXMLHTTP.open "GET", "https://api.twitter.com/oauth/request_token", false
objXMLHTTP.SetRequestHeader "User-Agent", "something"
objXMLHTTP.send()