What is setting no-cache="Set-Cookie" - cache-control

I'm trying to get my header rounder Caching. I have the following code in vb.net:
With HttpContext.Current.Response
.Cache.SetCacheability(HttpCacheability.Public)
.Cache.SetRevalidation(HttpCacheRevalidation.AllCaches)
.Cache.SetLastModified(Now)
.Cache.SetExpires(DateTime.UtcNow.AddSeconds(120))
.Cache.SetMaxAge(TimeSpan.FromSeconds(120))
End With
Which returns the following headers:
Cache-Control: public, no-cache="Set-Cookie", must-revalidate, max-age=120
Content-Type: application/xml; charset=utf-8
Expires: Mon, 22 Aug 2016 13:54:36 GMT
Last-Modified: Mon, 22 Aug 2016 13:52:36 GMT
But I'm trying to figure out what is setting no-cache="Set-Cookie" and how can I switch that on or off?

The no-cache="Set-Cookie" tells the browser not to cache the server "Set-Cookie" header, but follow different rules for the rest of the request.
Here's a discussion from W3C
http://www.w3.org/Protocols/HTTP/Issues/cache-private.html
In http 1.1, Roy has proposed some features for the new cache-control
directive that allow servers to selectively disable caching on
specific headers. This would be, for example:
cache-control: no-cache="set-cookie"

Related

PDF.JS Cross Domain

I am attempting to use PDF.JS in order to render user's PDFs in the browser.
We store the PDF files in Azure Blob Storage and we have CORS & SAS to allow our front-end to interact directly with Blob for upload/download.
I have tested our setup with Chrome, Firefox, and Safari, and Chrome is the only browser to fail retrieving the file. The errors I get are related to unsafe headers, the exception below I know results from the inability to read the Content-Range header.
Refused to get unsafe header "Content-Encoding"
Refused to get unsafe header "Content-Range"
Uncaught TypeError: Cannot read property '1' of null
at NetworkManager_onStateChange [as onStateChange]
The response headers from Azure look like:
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Accept-Ranges,Content-Range,Content-Encoding,Content-Length
Cache-Control: max-age=1209600
Content-Disposition: attachment; filename=tracemonkey.pdf
Content-Length: 65536
Content-Range: bytes 0-65535/1016315
Content-Type: application/pdf
Date: Tue, 09 May 2017 15:31:33 GMT
Etag: "0x8D49632DD6406EC"
Last-Modified: Mon, 08 May 2017 16:54:17 GMT
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: 56258985-0001-0062-15d9-c8130c000000
x-ms-server-encrypted: false
x-ms-version: 2015-12-11
This is our setup for Blob Storage
Can anyone help me figure out what additional configuration I need to provide to Azure Blob Storage to get this working in Chrome?
set this rules,working on same issue
<Cors>
<CorsRule>
<AllowedOrigins>http://www.contoso.com, http://www.fabrikam.com</AllowedOrigins>
<AllowedMethods>PUT,GET,POST</AllowedMethods>
<AllowedHeaders>x-ms-meta-abc,x-ms-meta-data*,x-ms-meta-target*</AllowedHeaders>
<ExposedHeaders>x-ms-meta-customheader,x-ms-meta-data*</ExposedHeaders>
<MaxAgeInSeconds>200</MaxAgeInSeconds>
</CorsRule>
<Cors>
So this was a bit of PEBKAC. I will leave my settings here for anyone else that comes along. We had an application running that set ExposedHeaders=* and AllowedHeaders=* every time we would new our blob service class. So, every time I went into our portal to update the configs, the app would come in after me and change it back.
The settings that work are as follows:
{
Cors: {
CorsRule: [
{
AllowedOrigins: [‘*’],
AllowedMethods: [‘GET’, ‘PUT’, ‘DELETE’],
AllowedHeaders: [‘Accept-Ranges’, ‘Content-Encoding’, ‘Content-Length’, ‘Content-Type’, ‘Range’, ‘Authorization’,'x-ms-blob-content-type', 'x-ms-blob-type', 'x-ms-version'], // x-ms headers for upload
ExposedHeaders: [‘Accept-Ranges’, ‘Content-Range’, ‘Content-Encoding’, ‘Content-Length’, ‘Content-Type’],
MaxAgeInSeconds: Constants.timeout,
},
],
},
}
Thanks #async5 for the help.

IIS + SharePoint 2013 + CMIS: Disable Multi-part SOAP Response

I have activated CMIS in a SharePoint 2013 hosted in IIS 8.5, the problem is that I'm able to invoke the SOAP services but the response is always returned with Content-Type: multi-part / related which is not supported by the source application (and it won't).
Could anybody please help me to disable the multi-part content-type? I have search about it for days and I have been exploring all the SharePoint and IIS options without any luck.
The problem is also that I'm not sure who is sending it as multi-part: CMIS, SharePoint, IIS... although I think is IIS as I at least could change the response header adding a custom header from IIS, but I don't find any way to disable the multi-part thing...
This is an example, ignore the response content...
Cache-Control: private
Content-Length: 998
**Content-Type: multipart/related;** type="application/xop+xml";start="<http://tempuri.org/0>";boundary="uuid:4748e8de-7139-47e4-914e-1d42beac1762+id=2";start-info="text/xml"
Server: Microsoft-IIS/8.5
X-SharePointHealthScore: 0
MIME-Version: 1.0
X-AspNet-Version: 4.0.30319
SPRequestGuid: ec016e9d-8e7d-7035-4d00-69b3136bea29
request-id: ec016e9d-8e7d-7035-4d00-69b3136bea29
X-FRAME-OPTIONS: SAMEORIGIN
SPRequestDuration: 41
SPIisLatency: 4
X-Powered-By: ASP.NET
MicrosoftSharePointTeamServices: 15.0.0.4569
X-Content-Type-Options: nosniff
X-MS-InvokeApp: 1; RequireReadOnly
Date: Thu, 31 Mar 2016 18:31:38 GMT
**--uuid:4748e8de-7139-47e4-914e-1d42beac1762+id=2**
Content-ID: <http://tempuri.org/0>
Content-Transfer-Encoding: 8bit
Content-Type: application/xop+xml;charset=utf-8;type="text/xml"
.......
....
....
Thank you.
UPDATE:
I discovered that the Service is deployed as WCF Service (.svc), so the new question is:
How can I change the messageEncoding to "Text" for all the Operations in an Service that I have no access to the code and is deployed as .svc?
ServiceName = ObjectService
Binding = ObjectServicePortBinding
I would be surprised if you can turn it off. The CMIS specification mandates the use of MTOM (multipart). And it's actually necessary to transfer document content.
I'm finally using the REST API instead of SOAP, so the problem has disappeared, although I'll never know the answer to the original question :(

Gmail REST api batch support for getting messages

We need to switch from google client library to Gmail REST api in our project, and I've encountered a problem with batch() because it is not available in REST api - you can only get list of ids of messages and then get each message one by one using it's id.
If we use that gmail library everything seems to be clear. We create a batch object and then queue each GET request inside of it. We don't have to care how it's implemented inside.
At the moment I'm trying to do some POC and I'm testing these suggestions https://developers.google.com/gmail/api/guides/batch
with Postman but with no luck..
I'm getting 400 bad request.
How should a proper request body look like in Postman (or other application)?
The next step will be implementing multipart request in Java and sending POST using RestTemplate but I need to present some POC in Postman first.
I'm setting it like on this screenshot ->
Postman
What am I doing wrong?:)
You are close. Here is a working example:
Request
POST https://www.googleapis.com/batch
Content-Type: multipart/mixed; boundary="foo_bar"
Authorization: Bearer {ACCESS_TOKEN}
--foo_bar
Content-Type: application/http
GET /gmail/v1/users/me/messages/152d10540c21bd07
--foo_bar
Content-Type: application/http
GET /gmail/v1/users/me/messages/152d1050d666d7ad
--foo_bar--
Response
--batch_7Xp52oGIwpA_AAEAc7ERnGU
Content-Type: application/http
HTTP/1.1 200 OK
ETag: "A-DdBGA6g-wV4rIZCu5Hcm3JQpY/w2hzEg9kqXFH7AEJ-oSc-y10HNQ"
Content-Type: application/json; charset=UTF-8
Date: Thu, 11 Feb 2016 16:02:06 GMT
Expires: Thu, 11 Feb 2016 16:02:06 GMT
Cache-Control: private, max-age=0
Content-Length: 2809
{
"id": "152d10540c21bd07",
"threadId": "152d1050d666d7ad",
"labelIds": [
"SENT",
"INBOX",
"IMPORTANT"
],
"snippet": "Likewise buddy.", ...
}
--batch_7Xp52oGIwpA_AAEAc7ERnGU
Content-Type: application/http
HTTP/1.1 200 OK
ETag: "A-DdBGA6g-wV4rIZCu5Hcm3JQpY/7v2nqQFBDmEHVvEQoboiwSidilE"
Content-Type: application/json; charset=UTF-8
Date: Thu, 11 Feb 2016 16:02:06 GMT
Expires: Thu, 11 Feb 2016 16:02:06 GMT
Cache-Control: private, max-age=0
Content-Length: 1752
{
"id": "152d1050d666d7ad",
"threadId": "152d1050d666d7ad",
"labelIds": [
"SENT",
"INBOX",
"IMPORTANT"
],
"snippet": "Nice to meet you.", ...
}
--batch_7Xp52oGIwpA_AAEAc7ERnGU--
You don't have to specify the host in each part of the batch, and giving the access token in the Authorization header is enough. You don't have to specify the Content-Length yourself, and don't forget to wrap you boundary string with ".
Then you just have to parse the JSON of each part and you are done.
You need to include gmail/v1 on the POST URL and on each request.
Don't forget about the " around your boundary on the Content-Type header.
See original batch gmail requests documentation: https://developers.google.com/gmail/api/guides/batch
The following worked for me:
POST /batch/gmail/v1 HTTP/1.1
Host: www.googleapis.com
Authorization: Bearer {YOUR_ACCESS_TOKEN}
Content-Type: multipart/mixed; boundary="foo_bar"
--foo_bar
Content-Type: application/http
GET /gmail/v1/users/me/messages/1732ebdcb9b8cccf
--foo_bar
Content-Type: application/http
GET /gmail/v1/users/me/messages/1732ecadae4907e2
--foo_bar--
Creating request with Postman - body screenshot
Creating request with Postman - headers screenshot
Just wanted to say that Lucila's answer is now the correct one - the global (https://www.googleapis.com/batch) endpoint is now deprecated, and you must make a post request to your request-specific endpoint (https://www.googleapis.com/batch/gmail/v1 for gmail, for instance).
See this link for additional context.
Apologies for making a new answer for this, I don't have enough reputation to leave a comment.

HttpResult or HttpError with response dto does not get serialized into body

i am trying to return a BadArguments Error along with a custom DTO in the body:
var result = new HttpResult(response, "application/json", HttpStatusCode.BadRequest);
I have tried to use HttpError, HttpResult, setting the response by hand etc etc but i get only
HTTP/1.1 400 BadRequest
Cache-Control: private
Transfer-Encoding: chunked
Content-Type: text/html
Server: Microsoft-IIS/7.5
X-Powered-By: ServiceStack/3,22 Win32NT/.NET
X-Powered-On: ITDEVELOP36-PC
Test-Header-ValidationError: TestValidationError
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Thu, 26 Feb 2015 10:36:12 GMT
b
Bad Request
0
No body, no content type is set. What am i missing?
ServiceStack version is 3.3.6.29935.
After poking a while i have found that the ServiceStack framework works just fine. Even in the older version we are using.
The issue exist only when the web.config enables the section.
After removing this section all worked well.

How does a web browser determine what to do with a resource?

In the browser's address bar, I can specify a resource using any extension or none, e.g., http://www.something.com/someResource.someExtension. How does the browser determine what to do with this resource? e.g., should the browser parse it as an HTML document, or treat it as some script? Is there a notion of a resource type? Thank you.
P.S. I could not believe what I was thinking! :( (see my flaw in the comment to Luka's answer). How could the browser look at a resource locally! The browser is a client, and the resource resides on the server side. Duh! (I've found myself on this "mental" drug occasionally)
The HTTP response returned by server typically contains "Content-type: text/html" or similar line (application/octet-stream, etc).
Here's an example (the easiest way to view similar results is to open firebug's Net tab):
Cache-Control public, max-age=60
Content-Encoding gzip
Content-Length 9334
Content-Type text/html; charset=utf-8<----------------here's it
Date Sat, 05 May 2012 20:34:36 GMT
Expires Sat, 05 May 2012 20:35:36 GMT
Last-Modified Sat, 05 May 2012 20:34:36 GMT
Vary *
It looks at the Mime Type of the document.
HTML pages have the mime type text/html, JPEG images have image/jpeg
More information: http://en.wikipedia.org/wiki/Internet_media_type
It does using MIME types http://en.wikipedia.org/wiki/Internet_media_type.

Resources