I am looking for a solution to interrupt or pause a 301 ( redirect ) request in Chrome dev tools. My scenario is I have an API integration with a local payment gateway which requires 301 redirect to their server ( HTTP GET and then redirect with 301 to an external URL). As 301 HTTP status code happens on the client-side so this can be compromised as the current system does not protect the integrity of the data, for instance, the amount to pay. I might send 100$ and the user might change it to 20$.
To prove this I need to stop the request manually which is very inconvenient and hard to test. I am looking for a solution that implements in one of my favorite browsers above that allows me to config to interrupt or pause the 301 HTTP status code so I can easily modify the value in the URL before resuming the request.
I found a chrome extension to solve this issue.
Requestly is easy to use and test. This is what being mentioned in the extension page:
Chrome Extension to modify HTTP requests (Setup Redirects, Run Custom
Javascript, Modify Headers
But my scenario is about modifying url query string - not being mentioned in the description but it works perfectly.
Related
I'm working on a Chrome extension that detects and redirects certain domains, but when the origin server sends a 301 redirect, the cached response interferes with detecting whether I should perform my own redirect on subsequent requests. I need the extension to prevent the browser from caching the redirect.
I've looked into the onHeadersReceived event, as this seems to be the first event that fires after we get the 301 response, but that event fires after caching directives are received, and won't prevent the response from being cached.
If you're having a hard time with a 301 redirect on your website never changing on your browser, even using the network -> Disable cache (while DevTools is open) with dev tools open. Try in DevTools to put in the console: $.get(“https://redirect.url.com/page”) which returned the post response as 200. Check this blogpost for more details.
Netlify noob here.
I'm currently migrating an old Ruby on Rails app to use Netlify for a static site. There are some legacy static pages that we want to keep on our old code base, and these legacy static pages make POST requests to our server.
It seems like redirects for POST requests aren't possible (see the W3 documentation for 301/302 redirects- If the 301 status code is received in response to a request other than GET or HEAD, the user agent MUST NOT automatically redirect the request unless it can be confirmed by the user, since this might change the conditions under which the request was issued.), but I was wondering if this is different when you proxy/rewrite the URL.
Currently, we rewrite a user's request to www.domain.com/legacy_slug via Netlify's splat redirect (similar to what the author of this blog post did). Is it possible for this redirect to work as well when the user sends a POST request to www.domain.com, causing it to go to Netlify? Or would I have to change the client's code to POST to <different_subdomain>.domain.com/legacy_slug and migrate the POST endpoint to the different subdomain?
Proxies (https://www.netlify.com/docs/redirects/#proxying) accept POSTs, redirects (https://www.netlify.com/docs/redirects/#basic-redirects) or rewrites (HTTP 200 that transform from one path to another, both on netlify-hosted sites), no.
Kind of a subtle distinction. So - I'd send the POST to some other path (not some other domain - just /place-we-post-to on your Netlify site, and use a proxy redirect to get to your remote service (/place-we-post-to https://legacybackend.com 200 in _redirects)
If I load a page https://example.org over HTTPS that contains references to HTTP resources like
<script src="http://example.org/script.js"></script>
I understand that the browser refuses to load the script unless it's src="https://example.org/script.js".
My question is, if I implement a 301 redirect from http://example.org/script.js to https://example.org/script.js, will the browser follow the redirect and load the script via HTTPS, or will it still refuse to load it?
I believe browsers that block mixed content will still block a script from HTTP->HTTPS redirect.
They certainly should do, because it's not secure. An attacker could have intercepted the HTTP request and changed it to redirect to an HTTPS address that is not the one the page referencing the script intended.
When my browser loads "wikipedia.com" it will replace it by "http://www.wikipedia.org".
How does my browser know it has to change ".com" in ".org"? I assumed this was DNS related but I was not able to find any DNS record that provides a link from "wikipedia.com" to "wikipedia.org". This happens in all major browsers.
Can anyone explains what happens under the hood?
It's just a simple server side 301 permanent redirect. There's a script on wikipedia.com which redirects all requests to wikipedia.org by sending the 301 status code:
How can I test that I'm being redirected to an external location using Cucumber? For example after an action is executed I may want to redirect the user to an external location. Is this possible with capybara?
HTTP redirection mechanism includes two steps:
HTTP server returns a 301 HTTP status ("Moved Permanently") with a new location (URI)
HTTP agent (capybara in your case) re-sends previous request to the new location
You are to find a way to recognize 301 HTTP response status (shouldn't be hard) using Capybara's DSL.
Also, you may want to turn Capybara's "follow_redirect" (or something similar) option off in order to prevent step #2.
Hope it helps.