I've hosted to IIS in Azure a WCF. I need to do a post CORS client side (I'm using dojo js).
I expect this scenario
POST REQUEST -> OPTIONS PRE-FLIGHT -> POST RESPONSE
but if I see the chrome dev tools network I get:
POST Request -> OPTIONS PRE-FLIGHT -> AUTOMATICALLY GET REQUEST -> METHOD NOT ALLOWED (my WCF method only accept POST method)
There also a strange thing, if i see the GET response, it has status code 302 found and in the response header LOCATION : /rest/(X(1)S(xnrhdgei0ecua5s550yxqiv1))/login/ but I don't know what (X(1)S(xnrhdgei0ecua5s550yxqiv1)) is.
How can I solve this problem?
Thank you!
I solved adding <sessionState mode="InProc" cookieless="false"/> into the web.config. See my previous comment for additional details
Related
I am trying to make Rest Web-service POST method call with custom header . Tried to add the custom header in enrichHeaders still getting HTTP 403 Forbidden response. Could you please help with right code snippet?
.enrichHeaders(h -> h.header("X-API-Key","ABCEDABCED").header(CONTENT_TYPE, APPLICATION_JSON_VALUE).header(APP_NAME, XXX).header(ACCEPT,
APPLICATION_JSON_VALUE))
.handle(Http.outboundGateway(config.getXxxWebServiceUrl()).httpMethod(HttpMethod.POST)
.expectedResponseType(String.class).requestFactory(xxxRequestFactory()),
c -> c.advice(sendToArchive.sendToArhive()))
.log().get();
Error Logs :-
[bean 'xxxDispatcher1.http:outbound-gateway#0' for component 'xxxDispatcher1.org.springframework.integration.config.ConsumerEndpointFactoryBean#2'; defined in: 'class path resource [service/xxxDispatcher.class]'; from source: 'bean method xxxDispatcher1']; nested exception is org.springframework.web.client.HttpClientErrorException$Forbidden: 403 Forbidden: [{"message":"Forbidden"}]
at
See Header mappings section in the docs: https://docs.spring.io/spring-integration/docs/current/reference/html/http.html#http-header-mapping
By default, all standard HTTP headers are mapped from the message to HTTP request or response headers without further configuration.
So, since you don't provide a mappedRequestHeaders() option for the Http.outboundGateway() therefore your APP_NAME custom header is not mapped and not transferred over the HTTP to the REST service.
While testing the API definition of my Azure Function (within the portal) I get this CORS error:
This is a cross-origin call. Make sure the server at ***.azurewebsites.net accepts POST requests from functions.azure.com. Learn more
I verified that this is listed as a CORS allowed origin within the function settings:
https://functions.azure.com
Am I missing something?
I cannot reproduce this on my side.
I added the following to ALLOWED ORIGINS:
The output in the Azure portal:
I also test it by making a POST request to the function in the browser via jQuery:
If you want us to dive into this problem you may need to provide detailed steps to reproduce.
The problem turned out to be the API definition. CORS was working fine although that was indicated as the problem in the error messages. The missing piece in the API definition was
security: []
which was missing in the POST section. I guess the security entry is required even if it's empty. It would've been nice if there was a warning that this was missing.
I am trying to test a stripe webhook for subscription trial ending. When I go to send the test even to my webhook receiving route I get error 302. I am using a middleware called stripe-webhook-middleware. My route looks like this:
app.post('/stripe/events',
stripeWebhook.middleware,
stripeEvents
);
I know that route goes against what they docs say but I did get it directly from the package creator. So it should work, then I have the stripe-events.js from the package. I am just adding in a console.log to the route to find the correct data I need.
I tried different webhooks and all give the same error, it has to be in how I have it set up. I hope anyways.
Edit **
I have also done a new route that is just a basic post route with a console.log and still getting the 302 error. What could possible causes be? I can't post a github because of a credential I accidentally leaked.
I am/was using cloud9.io as my development environment and had my test site as private. That was causing stripe to need to login in order to do anything. I made it public and now it works. I had completely forgotten I had to login to see the site because I always was logged in to cloud 9 when I accessed the site. If you are getting a 302 error, make sure you don't need to log in to get to that route.
Just in case anyone sees this 302 error with Codeigniter 3, my webhook route was pointing to a Subscription controller that always exits the constructor if a user isn't logged in and authorised - so I moved the method to my Home controller (used for registration, login etc) thus:
$route['webhook']['post'] = 'home/webhook';
and the 302 error went away. I hope this helps a tired CI dev down the road.
Just in case someone receives this error with dJango, my webhook route was pointing to a language redirection. You can investigate it with curl -IvL http://localhost:8000/webhooks/stripe as #duck suggested above.
Here was my output:
HTTP/1.1 302 Found
...
* Issue another request to this URL: 'http://localhost:8000/en/webhooks/stripe/'
...
You can see the redirected URL in the output.
So, when I let Stripe CLI listen to that URL, it works:
stripe listen --forward-to localhost:8000/en/webhooks/stripe/
IOwinContext does not appear to have the HTTP Referrer in it, and I need to grab it. What is the right way to get that particular variable? IOwinContext has several Typed PEMs but I don't see referer in particular.
The system I am working is self-hosted.
Thanks.
The OwinContext doesn't have 'HTTP Referer' as item in Request header. This has been renamed in Owin self host context. It's now known as 'Referer'. So once you have object of owin context you can get the information by using:
context.Request.Headers["Referer"]
Using a browser REST client to POST to the activity stream at e.g.
https://connectionsww.demos.ibm.com/connections/opensocial/basic/rest/activitystreams/#me/#all
...with the settings prescribed in IBM Connections OpenSocial API > POSTing new events
...results in the following response:
<error xmlns="http://www.ibm.com/xmlns/prod/sn">
<code>403</code>
<message>You are not authorized to perform the requested action.</message>
<trace></trace>
</error>
What am I missing?
This same approach works nicely on IBM Connections 4.0.
Which setting needs 'switching on'?
Try a URL like this... https://sbtdev.swg.usma.ibm.com:444/connections/opensocial/basic/rest/activitystreams/#me/#all
I added the Basic/Rest component, and it worked for me.
1 - Added URL https://sbtdev.swg.usma.ibm.com:444/connections/opensocial/basic/rest/activitystreams/#me/#all
2 - Changed Method to Post
3 - Added Content-Type: application/json
4 - Authentication -> Basic
5 - Logged IN
6 - Posted
Same thing here: 403 when I make an AJAX call to an IBM Connections 6.0 REST API url. Same error in Chrome, Firefox and IE11. When I open the same URL in a separate browser tab, everything works fine.
Comparing the http headers of both calls, and fiddling with Postman, the diference is the presence and value of the atribute Origin.
Seems that Connections allows calls from its own server. For example, when: Origin: connections.mycompany.com.
It also allows calls when Origin is not defined, which happens when the url is called from a separate browser tab.
There is a doc at IBMs Support site that confirms this - http://www-01.ibm.com/support/docview.wss?uid=swg21999210. It also suggests a workaround that did the job for me: unsetting the Origin attribute in the IBM HTTP Server that is in front of your Connections instance. Add the lines below to the httpd.conf file:
Header unset Origin
RequestHeader unset Origin