I installed the nginx(Port 80 connection passed to express 3000 port) and express apps on AWS lightsail. Sometimes an unknown request occurs. like..
GET /_ignition/execute-solution
GET /config/getuser?index=0
GET /owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f
GET /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
...more...
There were mainly many requests for php. these requests end with a 404 response.
All my API use JWT authentication. Is express safe for these requests? Is there anything I can do?
Related
I am making an application in which i have a node backend, and an angular frontend.
I am using socket.IO to communicate between my client and server.
I was facing CORS issue, which i solved (tried to) as:
const io: SocketIOServer = new SocketIOServer(server, {
cors: {
origin: true
}
}); // only for development
But still, upon making my request from my client app (running in another port) gives me CORS issue.
So i went to my terminal, and made a request with curl,as shown here:
me#Desktop:~$ curl "http://127.0.0.1:5000/socket.io/?EIO=4&transport=polling&t=NV5sBAn"
0{"sid":"jAhPIEEkdy8EY8I_AAAD","upgrades":["websocket"],"pingInterval":25000,"pingTimeout":5000}
This suggests me that curl is being able to access the server, and is not facing CORS issue.
In my client, i am trying to connect to my server as:
socket = io.connect('http://locahost:5000'); // server running at port 5000
Help me with my issue, so i can connect with my server.
Also on a sidenote: If the version of server.io in the app is 3, the curl request to the server is also failing. only upon server.io version 4, the curl request is passing.
The error in firefox if that helps:
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://locahost:5000/socket.io/?EIO=4&transport=polling&t=NV5vi1_. (Reason: CORS request did not succeed).
EDIT: my issue is not being able to connect to the server with client. I showed the curl because it was suggested in the socket.io cors configuration webpage.
Because socket.io initiates its connection with plain http requests, it is subject to CORs restrictions. CURL does not enforce CORs restrictions (like the browser does) so that's why you don't see it there.
You have a couple options:
You can enable this specific CORs request in your server to permit it.
You can specify the {transports: ['websocket']} option for your socket.io connection in the socket.io client code that initiates the connection. This will tell socket.io to immediately start with a webSocket connection which is not subject to CORs.
Curl does not implement CORS security restrictions, thus it will always be able to connect. You have different ports for your frontend and backend which are considered different CORS origins. So you either need to set your allowed origins correctly on your server and make sure it handles the pre-flight requests, or have the process serving your frontend proxy requests to the backend so that everything is on the same url from the browser’s point of view
Apprrently, the issue was:
socket = io.connect('http://localhost:5000');
changing this to:
socket = io.connect('http://127.0.0.1:5000');
worked!! I have no idea why this name was not getting resolved!!
So let's start with little info in the beginning.
I have nodejs server side app and client app on angular. I send only get requsts to server app just to read data from database. When i started my apps on local machine they were working pretty well. But when i deployed them to server i got such error : (below in screen)
screen with error from angular
So, i added cors support in server app and add Allow Headers. code in nodejs
But it doesn`t help. When i post "GET" request i get my allow headers in response header and my data that i need in body.
screen with response headers in postman
screen with response body in postman
Server - apache. One interesting thing that server app works good with http protocol and when i am using htttps get this errror error with https
But angular works on https.
This is my stack:
Frontend server: Node + ReactJS (f.com)
Backend server (API): Golang (b.com)
I'm doing this in development environment where I use create-react-app to run my frontend server via npm start command. I want to perform authentication using SSO served at sso.example.com/login. Ideally whenever there's a request to the Backend server without proper authorization, it will be responded with HTTP 302 Redirect to the SSO page. So the sequence is:
ReactJS sends GET request to b.com/users
Golang responded with http.Redirect("sso.example.com/login")
ReactJS app gets CORS error from sso.example.com of which I don't have control of adding Access-Control-Allow-Origin:* respond header
How can I redirect my GET request successfully?
In your case, it would be easier to do the redirection in browser on the client side, so you won't have CORS issues (because you are accessing it from the SSO website url directly).
You can either do it with react, which is complicated: Programmatically navigate using react router V4
Or do it with window with plain JavaScript, which is easy but might cause problems with browsing history:
window.location.href = "https://www.example.com";
https://appendto.com/2016/04/javascript-redirect-how-to-redirect-a-web-page-with-javascript/
I have deployed BeaconCtrl project on heroku, it has a server to server api,
I tried requesting some routes using postman, with the same headers, body and the same route, it responds with 500 internal server error !.
does requesting from server to another server differ from requesting from postman to a server ?
My express server send this request, but I don't know which file send it and why it response with 404. Please help me track this down:
GET /sw-import.js?baseURI=http%3A%2F%2Flocalhost%3A3000%2Fbower_components%2Fplatinum-sw%2Fplatinum-sw-register.html&clientsClaim=true&defaultCacheStrategy=networkFirst&importscript=http%3A%2F%2Flocalhost%3A3000%2Fbower_components%2Fplatinum-sw%2Fbootstrap%2Fsw-toolbox-setup.js&importscriptLate=http%3A%2F%2Flocalhost%3A3000%2Fbower_components%2Fplatinum-sw%2Fbootstrap%2Fsw-toolbox-setup.js&precache=&skipWaiting=true&version=1.0 404 6.503 ms - 255
The request means service worker is registered in the scope http://localhost:3000/
You can verify whether it's running by entering chrome://inspect/#service-workers or see the registration using chrome://serviceworker-internals