Here's what I'm trying to do...
oXMLHTTP = Server.CreateObject("MSXML2.ServerXMLHTTP.3.0");
oXMLHTTP.open("GET", "ccte://recservice.com", false);
oXMLHTTP.send();
And here is the error I get in return...
msxml3.dll error '80072ee6'
The URL does not use a recognized protocol
It works fine if I make the request using the HTTP protocol (i.e. http://recservice.com instead of ccte://recservice.com). Is there anything I can do within the IIS configuration to get ServerXMLHTTP requests working with my custom protocol?
While I've not been able to find anything conclusive I would be very surprised if this was supported.
The error
msxml3.dll error '80072ee6'
The URL does not use a recognized protocol
is the first clue as it's the ServerXmlHttp object that is raising the error, not IIS or other lower level sources.
Another clue is the name ServerXmlHttp, which tells you this object supports the HTTP protocol (to by extension to a certain extent HTTPS).
This object is not a TCP/IP Client, it's a Web Client so anything over than standard Web Protocols is not going to be supported.
Useful Links
Frequently asked questions about ServerXMLHTTP
A: Differences between XMLHTTP and ServerXMLHTTP
Related
I have developed a node js application which works fine as long as use http. Now I need to upgrade the code too be able to work ssl and I am having problems to load the socket.io-client/socket.io.js file. (The rest is working fine. I installed the certificates and the server works well)
Firefox fails with the following message: Blocked loading mixed active content "http://"url"/socket.io/?EIO=3&transport=polling&t=NX-uS5E". which is weird because the link states a http request.
Chrome fails with this message: socket.io.js:3511 Mixed Content: The page at 'https://"url"?' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://"url"/socket.io/?EIO=3&transport=polling&t=NX-s_OB'. This request has been blocked; the content must be served over HTTPS.
It seems that socket.io-client is trying to load a resource using http instead of https. Is that possible?
How can I correct this? Any idea?
I have been searching the web for two days noow and I have not come to any indication of someone else having this issue
Ok, after letting it go for the evening and having a good rest I checked my whole code again and found the error!
I had one obfuscated code line where I was using a http request instead of a https one. I had to correct this on both, the server and the client side.
I also had to include the port number on each of the calls and force the socket on the client side to use polling instead of websockets by adding the option "transports: ['polling']"
I have a project, It's a web application that requires Windows Authentication.
I've setup an Active Directory at home using my NAS virtualization. Then I've created a VMWare Server for IIS which is a member of that domain on my desktop which I also use for development. I've created the Web API and installed it into that VMWare server. When I call a routine directly, it works and return results but when I use the Web API routine from my javascript web application I keep on getting 401 error. I then put the code on the IIS server and the web application works.
I've seen a lot of solutions like changing the sequence of the Provider in IIS Authentication. Added Everyone read/write permission on the folders. I've also added entry on the web.config. But none of them work.
*****Update as per request on the comment *****
Below is when I run directly from Web API
Calling the Web API from Javascript
Here's the error I'm getting
Just FYI, I tried running the web api from Visual Studio on the same machine but also with 401 error
Is there anything I could add to AD to make my development machine as trusted?
********************A new issue after the code change **********
****************Another Update******
This is definitely weird, so I installed Fiddler 4 to see what's going on. But still no luck.
Then I made changes on the IIS HTTP Response Header
The weird thing is when I run Fiddler the error is gone but when I close it it comes back.
There are two things going on here:
A 401 response is a normal first step to Windows Authentication. The client is then expected to resend the request with credentials. AJAX requests don't do this automatically unless you tell it to.
To tell it to send credentials in a cross-domain request (more on that later), you need to set the withCredentials option when you make the request in JavaScript.
With jQuery, that looks like this:
$.ajax({
url: url,
xhrFields: {
withCredentials: true
}
}).then(callback);
These problems pop up when the URL in the address bar of the browser is different than the URL of the API you are trying to connect to in the JavaScript. Browsers are very picky about when this is allowed. These are called "cross-domain requests", or "Cross-Origin Resource Sharing" (CORS).
It looks at the protocol, domain name and port. So if the website is http://localhost:8000, and it's making an AJAX request to http://localhost:8001, that is still considered a cross-domain request.
When a cross-domain AJAX request is made, the browser first sends an OPTIONS request to the URL, which contains the URL of the website that's making the request (e.g. http://localhost:8000). The API is expected to return a response with an Access-Control-Allow-Origin header that says whether the website making the request is allowed to.
If you are not planning on sending credentials, then the Access-Control-Allow-Origin header can be *, meaning that the API allows anyone to call it.
However, if you need to send credentials, like you do, you cannot use *. The Access-Control-Allow-Origin header must specifically contain the domain (and port) of your webpage, and the Access-Control-Allow-Credentials must be set to true. For example:
Access-Control-Allow-Origin: http://localhost:8000
Access-Control-Allow-Credentials: true
It's a bit of a pain in the butt, yes. But it's necessary for security.
You can read more about CORS here: Cross-Origin Resource Sharing (CORS)
i have a simple XPage and i access it through an reverse proxy.
My problem is now to get the correct URL on server side.
context.getUrl().toString()
and
XSPContext xspContext = new ServletXSPContextFactory().getXSPContext(FacesContext.getCurrentInstance());
XSPUrl xspUrl = xspContext.getUrl();
return xspUrl.toString();
did not work correct.
For example:
URL in the Browser is https://myip/db.nsf
But the SSJS function as well as the Java function returns just http://myip/db.nsf
When i try this without a reverse proxy, everything work fine.
Is there a way to get location.href on server side?
Unless you want to send out links to other places, you don't need the protocol part. If you are on the same browser //someserver/somepage will link to a different server using the currently used protocol. Other than that the proxy probably set a header.
You can use the following code to create the URL manually:
var path = facesContext.getExternalContext().getRequest().getContextPath()
var url = "https://" + path
This will return the path to your nsf-file with the https prefix
Hmm... this may be an administrative setting: with an internet site document you can additionally create a website rule (type = substitution) to automatically compute the whole URL by the incoming pattern. Have a look at the IBM Domino administration help on how to setup a site document as well as a web site rule.
The goal is to get both URLs to have the same scheme so that XSP computation will result in correct values dynamically.
I believe what you want is to set the $WSIS header from the reverse proxy to Domino to True. Much like the other WebSphere connector headers, this should cause Domino to think that the incoming protocol is HTTPS in all situations. Note that this also has the unfortunate side effect of causing Domino to revert to its behavior of only using one Site document per IP; if you've been taking advantage of the reverse proxy to avoid this bug, you will have to find another route, such as looking for an X-SSL header from the proxy.
I am using Google Translate on my website. After I updated to HTTPS, Google Translate stopped working. I even used https://www.google.com/jsapi instead of http://www.google.com/jsapi, but this didn't help.
It is because most of the browsers don’t accept mixed content i.e. calling http resource from HTTPS site.However you can enable it forcefully in your browser.
Using HTTPS for calling jsapi wont be helpful in your case as the real problem occurs when this website internally calls http://www.google.com/inputtools/try/.
What is a cross-domain error?
It happens when Javascript (most of the time) try to access something which it shouldn't.
Such as if you try to read another domain's cookie, that won't work. If you try to do XMLHTTP request to another domain or protocol (HTTP > HTTPS) that won't work. Because if you can do that you can hijack, steal your visitors session in other websites.
It's security feature and now it's a standard in all browser.
As I understand it, client-side tools such as Silverlight (and maybe Flash/Javascript) throw a cross-domain error when you attempt to make a connection to a server that is normally only allowed when it is made to the same domain that the page was served from (some origin policy).
A cross-domain error may be thrown when, for example, you are viewing a page on your test server when it is trying to call your live server, or when you are viewing a test page as a local file using a file:// protocol.
Try ensuring that the domain you are testing on is the same as that which the site was designed to be on. Note that Flash has the crossdomain.xml feature which specifically allow you to do cross-domain requests. Javascript also has ways to get around same origin policy, but you should be aware of the implications of what you're doing.