Special characters in Password are converting URL into a String and truncating the URL after the password in the URL .
Here is what I am using
webbrowser.navigate("http://username:pww#word#www.something.com")
when I see the above request in the VS browser it is like ..
http://username:pww
and the result is "Page Not Found "
When there is no special character in the password the link goes fine without any issues ..Please Help Thanks In Advance
webbrowser.navigate("http://username:pww%40word#www.something.com")
Please use HTTP POST instead of HTTP GET to send passwords to your website. Special characters don't matter so much with POST, and it's somewhat more secure (user's neighbor can't see the password in the URL bar).
If you must use GET, URL-encode the password. For example, you can replace "#" with "%40". For C#, see HttpUtility.UrlEncode. You'll probably need to encode username and password separately, and then build the URL.
Related
In a web application I'm running, I suddenly started getting these odd tokens containing a huge string of periods at the end.
This happens even when I bypass my application code and call the function from the Google OAuth library directly.
Here's an example token:
ya29.c.Kp8BCgi0lxWtUt-_[Normal JWT stuff, redacted for security]yVvGk...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
Could this be an upstream issue with Google OAuth? Has anyone else seen tokens like this?
Same here, it suddenly started. Had to remove them from the received token, now it works again.
I found the problem is on the Google server-side. It's actually returning the JWT with the trailing "." chars. I'm updating Chilkat to automatically trim the trailing "." chars if found before returning the JWT.
Same with me. And it leads to Error: Invalid login: 555 5.5.2 Syntax error for my nodeMailer application.
Solved with the following code:
tokensCache.access_token = tokensCache.access_token.replace(/\.+$/, '');
The problem is that clients should be able to handle the token sizes declared in https://developers.google.com/identity/protocols/oauth2#size. Also, tokens must be opaque to clients, meaning, assuming token start with "ya29.blabla" is wrong. Instead, the token must be parsed as a string encoded Web-safe base64 which standard is https://www.base64encode.org/enc/safe/
In fact the dots make no difference. You can still use the access_token to call apis. If you get an error response, you'd better check a further reason. Do you set the correct scope (https://developers.google.com/identity/protocols/oauth2/scopes)? Does the
permission of the service account is right?
I have a tiny (Classic) ASP file being used for a redirect. I want to send the user to a URL that may have some characters in (I'm taking this from the incoming URL, as it's redirecting all paths from domainA to domainB, but I've hard-coded it here to simplify things).
Here's an example URL, as it comes to the the redirect script:
https://old.example.org/my%20test/?name=Danny%20Tuppeny
The URL contains two spaces, which I am certain are both encoded correctly. If you paste the URL into your browser with literal spaces, both will be converted to %20 by the browser.
I'm passing this url to Response.Redirect (hard-coded here for simplicity):
<%
Response.Redirect "https://new.example.org/my%20test/?name=Danny%20Tuppeny"
%>
However the location header being output has one of the %20's encoded again, and looks like this:
Location: https://new.example.org/my%2520test/?name=Danny%20Tuppeny
This is unexpected! This has been asked before but all answers (including the excepted one) appear to be incorrect. I do not believe I should be randomly decoding parts of a valid URL to offset what appears to be unexpected/undesirable behavior from ASP.
The docs make no mention of this behavior (they even say "Always validate and encode the URL that is passed to Response.Redirect"), and even worse, have samples on how to apply HTML encoding to values being passed to Response.Redirect which seems even more incorrect.
Note: ASP.NET does not have this stupid behaviour.
Is there a way to pass a well-formed URL to Response.Redirect and have it do what is expected?
To work around the encoding issue you can add a Location header to perform the redirection. No encoding will be applied to the URL.
Response.Status = "302 Moved Temporarily" ''// or use whatever status code is appropriate
Response.AddHeader "Location", "https://new.example.org/my%20test/?name=Danny%20Tuppeny"
We received a request to create a REST api. I was a little confused in the example of provided by our client. As you can see below, they've identified the app_id and secret in the URL before the #. The remainder of the URI looks like what I would expect.
Is this valid? I thought maybe this is some weird cURL format I haven't seen before.
https://{application_id}:{api_secret}#api.example.com/entity/{entity_id}/
https://{application_id}:{api_secret}#api.example.com/entity/{entity_id}/entity_locations/{locations_id}/
Just seeing if anyone has seen this format before?
A URI is made up of various parts, one of them being the authority part, which can feature optional username:password element.
The full scheme is:
scheme://username:password#domain:port/path?query_string#fragment_id
This way your REST api remains stateless [not relying on previous app states like storing stuff in session]. But I advice you not to explicitly go with the username:password#stuff route, but to rely on Basic HTTP Auth, so the credentials are sent encoded in Base64 at least.
EDIT: a brief note about BasicAuth now you're asking - things go like this:
you make a request to http://johndoe:12345#service/api/foo/bar;
are credentials good? Ok, you get a 200 OK response with proper body;
are they not? You get a 401 Unauthorized response.
In the latter case, it's the browser [or any other program / script performing the request] that should prompt the user with the login popup.
Usually browsers ask you to cache credentials not to ask them every time, but this does not mean that they are not sent - it's just that every request to protected resources are featured with such header:
Authorization Basic base64encode(username:password)
Where base64encode is your custom way to encode the username:password string.
I am posting image with image title and in the image title I have added url, I am able to share image and url also but,there is slight modification in the url.The = symbol is converted to %3D ,as shown below the both URLs(dummy url).
posted URL:
http://....=418ioekVlhTIu2sr9qpdAQ==
URL on Facebook
http://...=418ioekVlhTIu2sr9qpdAQ%3D%3D
So is there any better way to post url and image in one post only or
help me so that by doing some change in the code I should be able to share correct url in the Image title itself.
This happens because the URL format converts it's reserved special characters to HTML entity codes (percent escaping) as shown in here:
http://www.w3schools.com/tags/ref_urlencode.asp
you have 2 options to pass the URL string correctly:
On the receiver side (after the URL Request is sent by the client), decode the URL string that you received, this will normalize the string back to normal.
Use the POST method of html instead of the GET method to store your parameters. although I'm not sure you have an option for that.
On the iOS obj-c, Conversion between URL Percent escapes is done like so-
[normalText stringByAddingPercentEscapesUsingEncoding:NSUTF8StringEncoding];
[encodedText stringByReplacingPercentEscapesUsingEncoding:NSUTF8StringEncoding];
Just for fun:
You can enter a URL and see it's encoded/decoded value on this website: http://meyerweb.com/eric/tools/dencoder and see how it works in practice.
How can I turn domain.com into https://www.domain.com (the actual address)? Is there an easy API for this?
The purpose is to allow a user to enter a domain in preferences and allow my app to convert that into a fully qualified web URL like a web browser does when I type google.com it returns http://www.google.com (ish).
If typing your domain.com results in https://www.your domain.com then the server is redirecting. Here is a rule to follow:
Construct "https://domain the user typed". Connect to that, and follow any 301 (permanent) redirects until you get a 200 response. Save the URL you end up at as the permanent one.
If your connection failed, try again with http:// instead of https://.
Do not assume that the "proper" URL contains "www."; if it should, then the server will redirect.
What's so hard about putting "http://www." in front?
How does that require an API?
Are you asking about the string concatenation API?
Use the NSURL class. More specifically, use initWithScheme:host:path where scheme is "http", host is your string and path is empty.