While trying to generate the wsdl for my services I get the message:
Handler for Request not found:
Request.PathInfo: /metadata/soap12
I've already found the issue - just post this here if somebody else runs into the same issue.
This is just a minor issue, but maybe someone else is struggeling.
if I point to the URI http://localhost:49490/api/ the request is forwarded (302) and the generated wsdl links point to the correct URI
http://localhost:49490/api/soap12
but if I point to the URI http://localhost:49490/api/metadata directly the generated wsdl links looks like this: http://localhost:49490/api/metadata/soap12
which cause the problem described above.
Related
I'm using a node soap client to connect to the Bing Ads API and I log the URL within the sendRequest() method:
https://clientcenter.api.bingads.microsoft.com/Api/CustomerManagement/v13/CustomerManagementService.svc?wsdl
Which is correct according to the Bing docs here.
But when I get the error output (after the code hangs) it's a different URL. The entire error is:
Error: Invalid WSDL URL: https://clientcenter.api.bingads.microsoft.com/Api/CustomerManagement/v13/CustomerManagementService.svc?xsd=xsd1
Side by side of the two URLs:
https://clientcenter.api.bingads.microsoft.com/Api/CustomerManagement/v13/CustomerManagementService.svc?wsdl
https://clientcenter.api.bingads.microsoft.com/Api/CustomerManagement/v13/CustomerManagementService.svc?xsd=xsd1
It looks like the only difference is that wsdl in the correct URL is being replaced by xsd=xsd1.
Also, I know very little about SOAP APIs so I'm just trying to figure out what is happening.
Why is the URL being altered?
I am trying to test a stripe webhook for subscription trial ending. When I go to send the test even to my webhook receiving route I get error 302. I am using a middleware called stripe-webhook-middleware. My route looks like this:
app.post('/stripe/events',
stripeWebhook.middleware,
stripeEvents
);
I know that route goes against what they docs say but I did get it directly from the package creator. So it should work, then I have the stripe-events.js from the package. I am just adding in a console.log to the route to find the correct data I need.
I tried different webhooks and all give the same error, it has to be in how I have it set up. I hope anyways.
Edit **
I have also done a new route that is just a basic post route with a console.log and still getting the 302 error. What could possible causes be? I can't post a github because of a credential I accidentally leaked.
I am/was using cloud9.io as my development environment and had my test site as private. That was causing stripe to need to login in order to do anything. I made it public and now it works. I had completely forgotten I had to login to see the site because I always was logged in to cloud 9 when I accessed the site. If you are getting a 302 error, make sure you don't need to log in to get to that route.
Just in case anyone sees this 302 error with Codeigniter 3, my webhook route was pointing to a Subscription controller that always exits the constructor if a user isn't logged in and authorised - so I moved the method to my Home controller (used for registration, login etc) thus:
$route['webhook']['post'] = 'home/webhook';
and the 302 error went away. I hope this helps a tired CI dev down the road.
Just in case someone receives this error with dJango, my webhook route was pointing to a language redirection. You can investigate it with curl -IvL http://localhost:8000/webhooks/stripe as #duck suggested above.
Here was my output:
HTTP/1.1 302 Found
...
* Issue another request to this URL: 'http://localhost:8000/en/webhooks/stripe/'
...
You can see the redirected URL in the output.
So, when I let Stripe CLI listen to that URL, it works:
stripe listen --forward-to localhost:8000/en/webhooks/stripe/
I got a sample servlet using Olingo lib: https://odata-demoservice.run.aws-usw02-pr.ice.predix.io/DemoService.svc/Products. It works fine in Chrome/IE/FF or in Postman. But when I query in Excel 2016/OS Windows 10 with the steps like:
New Query
From Other Sources
From OData Feed
Got the error like: "We encountered an error while trying to connect. Details: Invalid URI: The hostname could not be parsed"
Any ideas are appreciated.
Thanks
#RodolfoOliveira: yes, I resolved this issue. the reason is that when I deployed it to Cloud, the uri in metadata is still http. What I did is implement a CustomProcessor and correct the url.
More detail is here: https://issues.apache.org/jira/browse/OLINGO-758
just need to do the custom Processor. Do the same as the original source but change a bit about the url. Detail in here: https://olingo.apache.org/javadoc/odata4/org/apache/olingo/server/api/processor/DefaultProcessor.html
Register it with the Handler at first, then the issue should be solved.
ODataHttpHandler handler = odata.createHandler(edm);
handler.register(new CustomDefaultProcessor());
Hope this help.
my problem is when i trying to generate token respond is 404 not found.
request url: http://localhost:5280/oauth/authorization_token?response_type=token&client_id=Client1&redirect_uri=http://localhost:5280&scope=get_roster+sasl_auth
respond url: http://localhost:5280/?error=access_denied&state=
in ouath errors list i found that access_denied will be returned if "The resource owner or authorization server denied the request".
please help me to solve this issue...
From your feedback, it seems you did not add a handler in ejabberd_http listener, as described in documentation: https://docs.ejabberd.im/developer/ejabberd-api/oauth/#toc_3
You should make sure ejabberd_oauth is declared for that listener and mapped to the path you expect.
The app I'm working on has a controller that issues templates to the front end (single page app). It's very basic, and simply consists of
#path = params[:path]
render template: "templates/#{#path}", layout: nil
Here my concern however is the direct use of the users input. Everything about this to me feels like it can be attacked with something as simple as path traversal. The route for this is
get "/templates/:path.html" => "templates#file", constraints: { path: /.+/ }, defaults: { format: 'html' }
I've tried multiple things to attempt a path traversal attack, such as
request /templates/path/to/../somewhere/else.html
request /templates?path=/path/to/../../something.rb
request /templates/index.html?path=/path/to/../../config/something.html
request /templates/path/../../../file.html
Fortunately, I haven't had any success with this. The requests that just start with /templates and don't specify anything after it, don't match the route thanks to the constraint so that is good.
It seems as though when that route is matched, rails doesn't allow you to override the path parameter through a url parameter, so I don't seem to be able to inject it there.
The ones that interest are the first and last examples above, where rails seems to internally be changing the requested URL before invoking the routes file. When I request /templates/path/to/../somewhere/else.html, my console output shows a request for /templates/path/somewhere/else.html. When I make a request for /templates/path/../../../file.html, the log shows a request for /file.html.
Am I missing something somewhere that will leave the app open to security issues, or is this just rails being sensible and protecting itself for me?
UPDATE
I've done some more digging, and if I try doing some URL encoding then I can cause the server to simply not respond at all. If I request /templates/%2e%2e%2f%2e%2e%2f%2e%2e%2ffresult.html then I just get an empty response with a connection: close header.
I assume that the parameter parser higher up in the rack is checking all urls for this type of attack? Regardless, my original question still stands. Am I missing something here?