I just installed some nodejs restful app in IIS (Windows server 2008 R2), and seems to be ok. I can access all the get methods using any browser, even from other computers... all these when using the IP address, however, when specifying the URL for that website (example.dev.company), I can only access localy....
My concerns is that when using POSTMAN or SOAPUI to test these methods (even internally), it just waits, and waits till timeout. Any suggestions on what is going on here? I need some other QA members to test these get and post methods using either POSTMAN or SOAPUI...maybe some permissions in IIS, firewall?
thanks in advance
Related
HTTPS conflicts with HTTP
I make my first full-stack project on React and NODEjs and deployed it on netlify.
My backend server runs on HTTP localhost.
And here is a problem:
My app works on my Mac in Chrome but doesn't work properly on other browsers and computers.
Other computers can download index.js (display sign-up and sign-in pages) and it seems there is no problem with CORS but authentication doesn't work.
Safari logs mistakes:
[blocked] The page at https://MYAPP.netlify.appwas not allowed to display insecure content from http://localhost:3500/register.
Not allowed to request resource
XMLHttpRequest cannot load http://localhost:3500/register due to access control checks.
I don't understand why the app works on my MAC but
doesn't on other computers and can't find an answer on how to solve this HTTPS - HTTP conflict
I have tried to find a problem in CORS but it looks like CORS is ok. Also, I tried rewriting the server with HTPPS but it didn't work.
I've never worked with Netlify, so I could be wrong, but I suspect your problem isn't directly related to Netlify.
The Safari error message indicates that your frontend is trying to talk directly to localhost. localhost is an alias for "the computer that is making the connection attempt" under normal circumstances. This means that when someone runs your frontend, the browser tries to talk to the backend running on the same computer that the browser is running on.
This works on your computer in Chrome because you probably have the backend running on your computer for testing. Safari is only complaining that the frontend was loaded via HTTPS but is trying to talk to non-HTTPS servers. It is not stating that it can't talk to the backend, it's stating that it won't even try.
If I'm right and you shut down the back end on your computer, it will start to fail on your computer as well, even on Chrome.
If this is the problem, the solution can be one of two things: You can either run the backend somewhere where it has a domain name/ip address that everyone can connect to, or you need to run a proxy for your backend somewhere where it also meets those conditions, and has a way to pass the request on to where your full backend does run.
You need to find a way to run your backend somewhere other than your own computer or have something somewhere else proxy requests to your computer which then gets relayed to the localhost address. How you go about that will depend on things you didn't specify in the original question.
I am getting a Network Error while calling my server(nodejs) API.
I have rechecked my localhost, server, and port.
They are all working fine. I have also confirmed using POSTMAN and also ran the server on the web locally to fetch data.
I think I have also added the cors properly in my server.js file.
Want some help on this.
I have also tried with dummy API and they worked fine.
My imports from front-end
Here is LogCat
Response Header in Postman
ngrok status
Hi I think you can try exposing your local host to the internet using a service like ngrok which will generate a url for you, and then try using the url to send requests instead of localhost:3000. Simply download and follow the instructions here: https://ngrok.com/docs
It seems that you are having a problem in react native code, not in backend. That's why you are not getting any error in postman.
I am guessing that you are importing the dependencies is problematic way.
if you are trying to use local server API in mobile application development, all you need to do is replace "localhost" in the URL with your pc IP address. This worked for me.
I have a project, It's a web application that requires Windows Authentication.
I've setup an Active Directory at home using my NAS virtualization. Then I've created a VMWare Server for IIS which is a member of that domain on my desktop which I also use for development. I've created the Web API and installed it into that VMWare server. When I call a routine directly, it works and return results but when I use the Web API routine from my javascript web application I keep on getting 401 error. I then put the code on the IIS server and the web application works.
I've seen a lot of solutions like changing the sequence of the Provider in IIS Authentication. Added Everyone read/write permission on the folders. I've also added entry on the web.config. But none of them work.
*****Update as per request on the comment *****
Below is when I run directly from Web API
Calling the Web API from Javascript
Here's the error I'm getting
Just FYI, I tried running the web api from Visual Studio on the same machine but also with 401 error
Is there anything I could add to AD to make my development machine as trusted?
********************A new issue after the code change **********
****************Another Update******
This is definitely weird, so I installed Fiddler 4 to see what's going on. But still no luck.
Then I made changes on the IIS HTTP Response Header
The weird thing is when I run Fiddler the error is gone but when I close it it comes back.
There are two things going on here:
A 401 response is a normal first step to Windows Authentication. The client is then expected to resend the request with credentials. AJAX requests don't do this automatically unless you tell it to.
To tell it to send credentials in a cross-domain request (more on that later), you need to set the withCredentials option when you make the request in JavaScript.
With jQuery, that looks like this:
$.ajax({
url: url,
xhrFields: {
withCredentials: true
}
}).then(callback);
These problems pop up when the URL in the address bar of the browser is different than the URL of the API you are trying to connect to in the JavaScript. Browsers are very picky about when this is allowed. These are called "cross-domain requests", or "Cross-Origin Resource Sharing" (CORS).
It looks at the protocol, domain name and port. So if the website is http://localhost:8000, and it's making an AJAX request to http://localhost:8001, that is still considered a cross-domain request.
When a cross-domain AJAX request is made, the browser first sends an OPTIONS request to the URL, which contains the URL of the website that's making the request (e.g. http://localhost:8000). The API is expected to return a response with an Access-Control-Allow-Origin header that says whether the website making the request is allowed to.
If you are not planning on sending credentials, then the Access-Control-Allow-Origin header can be *, meaning that the API allows anyone to call it.
However, if you need to send credentials, like you do, you cannot use *. The Access-Control-Allow-Origin header must specifically contain the domain (and port) of your webpage, and the Access-Control-Allow-Credentials must be set to true. For example:
Access-Control-Allow-Origin: http://localhost:8000
Access-Control-Allow-Credentials: true
It's a bit of a pain in the butt, yes. But it's necessary for security.
You can read more about CORS here: Cross-Origin Resource Sharing (CORS)
I want to add a load balancer to an existing asp.net project using Application Request Routing. So I made myself familiar with the concepts and created a local test-setup:
IIS locally running on Windows 10:
Installed Application Request Routing 3.0 with Windows Platform Installer
Created server farm with following servers:
<test-server-name>.de (Microsoft 2012 R2 Server: contains the asp.net project)
www.google.com (just to see if load balancing and url rewriting works because I don't have two test servers available)
URL-Rewriting rule:
After typing localhost multiple times in any browser, I can see that load balancing (weighted round robin) is working fine. It's alternating between 1. and 2. website.
The problem I'm facing is a 404 Error on both websites.
I already tried the following:
Installing and enabling Failed Request Tracing Rules (on local IIS): URL Rewriting is working properly i think.
Failed Request Log for www.google.com: google drive, unzip and open xml in e.g. IE for better view
Create Server Farm without automatic creation of URL Rewrite rules
(selecting No and create own URL Rewrite rule)
Change "Managed Pipeline Mode"-setting of Applcation Pool from Integrated to Classic
Healthcheck on other Websites I have absolutly no clue why it's working on Git-websites and why facebook is returning a 400 error code.
Enabling/disabling proxy (IIS-Manager -> Application Request Routing Cache -> Server Proxy Settings...)
I don't know what i could do next, so I appreciate any help. Thanks.
Answer can be found here: https://forums.iis.net/t/1238739.aspx?Why+some+sites+return+HTTP+404+some+don+t+
Some websites simply don't support localhost as hostname, which is why localhost can't be found (error 404) e.g. on google.com
Detailed answer if link above is not working in future:
That is not an effective test.
What you are doing is sending the hostname of your request to the third party servers. Like Google.
So if your request is say http://example.com you are sending this to say www.google.com and the Google servers will likely reject this as you can see
Web server admins generally don't let themselves receive traffic from domain thet do not host.
If you sent a request to my servers IP with mysite.com I too would likely reject it. (Things get complex if you have wildcard sites and you allow all traffic through)
But simply showing that 404 page from Google means tour request hit there server so that implies ARR is working.
If you really wanted to test it this way have a local host file with www.google.com resolving to your servers IP. Set up a site with www.google.com as the hostheader and then you should see the correct info hitting Google. But there is no accounting for what 3rd party admins do on their side.
I need to call an external web api which runs on the same server as my application, but don't get permission to do so. When I run the application locally, it works fine. But when I deploy it, error 502 on every remote request.
I searched to the suggested questions when I made this question.
Is it possible to have the same issue as him: Steam API Access-Control-Allow-Origin Issue
Because there was no way around this problem. We hosted everything on the same server, so there couldn't occur an Access control allow origin error.