Using express JS I'm trying to add some headers to the redirection I'm returning
However, everything I tried just work for the response headers and not for the request headers of the redirection. I.E., when inspecting it with the developer tools I can see the response headers but when the next call is made, I can not see the request headers
req.headers['x-custom-header'] = 'value'
res.setHeader('x-custom-header', 'value')
res.redirect('example.com')
Does anybody could explain how the response and request headers work on ExpressJS?
A redirect just does a redirect. It tells the browser to go to that new location with standard, non-custom headers. You cannot set custom headers on the next request after the redirect. The browser simply doesn't do that.
The usual way to pass some type of parameters in a redirect is to put them in a query string for the redirect URL or, in some cases, to put them in a cookie. In both cases of query string parameters and data in a cookie, those will be available to your server when the browser sends you the request for the redirected URL.
It also may be worth revisiting why you're redirecting in the first place and perhaps there's a different flow of data/urls that doesn't need to redirect in the first place. We'd have to know a lot more about what this actual operation is trying to accomplish to make suggestions there.
If your request is being processed by an Ajax call, then you can program the code receiving the results of the Ajax call to do anything you want it to do (including add custom headers), but if it's the browser processing the redirect and changing the page URL to load a new page, it won't pay any attention to custom headers on the redirect response.
Can anybody explain how the response and request headers work on ExpressJS?
Express is doing exactly what you told it to do. It's attaching the custom headers to the response that goes back to the browser. It's the browser that does not attach those same headers to the next request to the redirected URL. So, this isn't an Express thing, it's a browser thing.
Related
so I'm very new to node.js and back-end.
I've just deployed a restful api on AWS just as a little test, it really does nothing special, only some get-post requests updating a json.
It works as expected.
Problem is: the address is of course very long so i also wanted to redirect the requests from a domain easy to remember.
And so i did.
If the domain is unmasked, it works fine, and i can for example get a json:
apiunmasked.pileoni.site/all
Settings on namecheap:
If i do try to mask it, it still works but the browser don't format it as a json:
api.pileoni.site/all.
Also there is something weird in the marging that happen with the masked version on the main page:
api.pileoni.site
apiunmasked.pileoni.site
I guess is some wrong setting on namecheap?
Thanks
Direct request to the EC2 do not adds the Content-Type header in HTTP response, so the browser tries to guess the datatype and correctly recognize and manages it as JSON.
The Namecheap forward service adds the header, probably falling back to "text/html", and the browser display the content as HTML.
Eventually, try to enforce the Content-Type header to "application/json" in your Node application with setHeader().
I am using express in one of my application. I want to make a post request to a url but it should also redirect to that url. Like when we submit a form using GET/POST method it redirect us to that url (). The only solution which is coming in my mind is
make a hidden form
redirect to that form from controller with data
Submit form using js on page load.
The only disadvantage of this solution is user will see a black page for some time till the form gets loaded.
Can anyone suggest some better solution ?
I think what you are looking for is not a "redirect." It's a solution which will send an extra request to another(or the same) URL and get the result from there instead of showing a blank page to the client for redirecting.
If that's correct, please refer to this similar question:How to forward a request to other endpoint in node.js
If you're looking for redirection (HTTP 301 & 302), the easiest way to do it is passing your data through GET URL query string. You can encrypt your data to prevent security risks.
I just could not get the http-proxy module to work properly as a forward proxy. It works great as a reverse proxy. Therefore, I have implemented a node-based forward proxy using node's http and net modules. It works fine, both with http and https. I will deal with websockets later. Among other things, I want to log the URLs visited or requested through a browser. In the request object, I do get the URL, but as expected, when a page loads, a zillion other requests are triggered, including AJAX, third-party ads, etc. I do not want to log these.
I know that I can distinguish an AJAX request from the x-requested-with header. I can distinguish requests coming from a browser by examining the user-agent header (though these can be spoofed thru cURL). I want to minimize the log entries.
How do commercial proxies log such info? Or do they just log every request? One way would be to not log any requests within a certain time after the main request presuming that they are all associated with the main request. That would not be technically accurate.
I have researched in this area but did not find any solution. I am not looking for any specific code, just some direction...
No one can know that with precision, but you can find clues such as, "HTTP referer", "x-requested-with" or add your custom headers in each ajax request (squid proxy by default sends a "X-Forwarded-For" which says he is a proxy), but anybody can figure out what headers are you sending for your requests or copy all headers that a common browser sends by default and you will believe it is a person from a browser, but could be a bash cURL sent by a bot.
So, really, you can't know for example, if a request is an AJAX request because the headers aren't mandatory, by default your browser or your framework adds an x-requested-with or useful information to help to "guess" who is performing the request.
What is the use of res.location() method? I can use res.redirect() to redirect to a particular URL and i cannot see any change if i use res.location() before res.redirect()
They are very similar in their description, but one does much more. The easiest way to see the difference is look at the source.
res.location just sets the response header. It does not set a response status code or close the response, so you can write a response body if you want, and you have to call res.end() on your own after.
res.redirect on the other hand sets the status to 302, sets the header (using res.location) and sends a nice response body saying that the user is being redirected, and renders a link if their browser doesn't automatically redirect them for some reason.
Kinda off topic but worth a mention if you're going to add res.redirect its a good thing to keep in mind the type of redirects. 301 vs 302 as loganfsmyth said, res.redirect sets the status to 302 by default but this is bad SEO. To change the status code for res.redirect add 301 then the route to redirect to.
Ex-> res.redirect(301, 'new-page');
The standard res.redirect('/some/path'); behaves as expected and immediately redirects the request to /some/path, but if I add a status code, e.g., res.redirect(401, '/some/path') and I navigate to the redirecting page, express doesn't redirect to /some/path, instead I just get the following page:
<p>Unauthorized. Redirecting to /</p>
and it never redirects. This is the same for any status code I supply just by the way.
Why doesn't a code specified redirect work as I'm expecting it to and how can I return a custom status code and redirect to a different path?
The behavior of the Location header, which is used to to redirect someone, is only defined for status codes in the 3xx range, and for 201/202 statuses. Since you are setting the status code to 401, it is ignoring the header and just rendering the response content. It just happens that Express includes some nice text explaining that the user is being redirected in case the redirect is slow.
Also, given the definition of the 401 status code, you are likely misusing it. The 401 code is to let the client know that it needs to send additional authentication information with a give request, e.g. http://en.wikipedia.org/wiki/Basic_access_authentication, so you should not be redirecting to another URL.