We have a Java Spring application where one of the URLs is mapped as a GET,
#RequestMapping(value = "/advanced-search", method = RequestMethod.GET)
public String advancedSearchHome(Model model) {
//...
}
All references to this URL are from an HREF, link (<a href=..>) or JS location.href:
1)
<a href="<spring:url value="/advanced-search?token=${searchToken}"/>"
<button onclick="location.href='../idp/advanced-search/'" ...
In some very rare instances, the browser sends an incorrect POST request to /advanced-search (99% of the time this doesn't happen). What could possibly explain the following rare occurrence? Could it be something like an Incognito mode, or some other explanation?
10.243.114.139 - - [28/Jul/2022:17:23:51 -0400] "POST /idp/advanced-search/ HTTP/1.1" 200 13357
10.243.114.139 - - [28/Jul/2022:17:24:01 -0400] "GET /idp/advanced-search/ HTTP/1.1" 200 170552
Related
I want to implement single sign on from my website(assume it as a.com) to vendor website(assume it as b.com)
My vendor is providing a service which will take user Id as input and returns token and cookies in response header. I need to call this service and redirect to vendor url with session token through post request and set cookies(which are received from service response).
In my code after making service call i am returning url and token to a jsp and cookies in httpservletresponse . Javascript in this jsp will autosubmit the form on page load to make post call. But when it is redirected, browser is not setting the b.com cookies in the request header.
Controller code :
#RequestMapping(value = "/sso", method = RequestMethod.GET)
public String ssoToVendor(final Model model, final HttpServletResponse response) {
/**
*Service call happens here and returns tok
*/
model.addAttribute("url","https:\\b.com");
model.addAttribute("tok",tok);
for (String cookie : cookies) {
response.addHeader("Set-Cookie", cookie);
}
return "dummyjsp"
}
JSP sample code :
<body>
<form id="redirect" action="${url}" name="redirect" method="POST">
<input type="hidden" name="tok" id="tok" value="${tok}"/>
</form>
</body>
<script type="text/javascript">
var redirect = document.getElementById("redirect");
redirect.submit();
</script>
I know that it is not possible to set cross domain cookies but some how there is another application which is implemented in c# is able to set those cookies.
Is there a way we can set b.com cookies in response header and that is created by browser and sent to b.com when redirected from a.com in java.
I'm using Dropzone in Codeigniter. I can see in Chrome's Network inspector that the URL is picked up (it sends a request to the URL), but it seems that the upload function in the controller is not executed.
Whatever URL I put in the Dropzone config, the Network inspector always indicates that it returns a HTTP 200 code.
View
<div class="dropzone" id="my_dropzone"></div>
Javascript
Dropzone.autoDiscover = false;
var myDropzone = new Dropzone('#my_dropzone', {
paramName: "file",
url: '/pretty/url/upload-photos',
}
Note; whatever URL parameter I put here the Network inspector always indicates that it returns a HTTP 200 which is weird to me. Even if I put a non-existing URL like /asdfasdf.
With CodeIgniter I'm used to working with pretty URLs in AJAX and then mapping them to a controller in the routes config, this always works fine.
I've also tried directly putting the path to the function and controller as the URL parameter, like url: /folder/subfolder/Edit/upload_photos. This doesn't work as well.
In config/routes.php
$route['/pretty/url/upload-photos'] = '/folder/subfolder/edit/upload_photos'
In the controller 'Edit.php' (that's located in application/folder/subfolder)
public function upload_photos()
{
echo 'test 1';
if(!empty($_FILES)) {
echo 'test 2';
var_dump($_FILES);
}
}
I am implementing a scrapy spider to crawl a website that contains real estate offers. The site contains a telephone number to the real estate agent, which can be retreived be an ajax post request. The request yielded by scrapy returns an error from the server, while the same request sent from Postman returns the desired data.
Here's the site URL: https://www.otodom.pl/oferta/piekne-mieszkanie-na-mokotowie-do-wynajecia-ID3ezHA.html
I recorded the request using Network tab in chrome's dev tools. The url of the ajax request is: enter link description here The data needed to send the request is the CSRFtoken contained in the page's source, which changes periodically. In Postman giving only the CSRFtoken as form-data gives an expected answer.
This is how I construct the request in scrapy:
token_input = response.xpath('//script[contains(./text(), "csrf")]/text()').extract_first()
csrf_token = token_input[23:-4]
offerID_input = response.xpath('//link[#rel="canonical"]/#href').extract_first()
offerID = (offerID_input[:-5])[-7:]
form_data = {'CSRFToken' : csrf_token}
request_to_send = scrapy.Request(url='https://www.otodom.pl/ajax/misc/contact/phone/3ezHA/', headers = {"Content-Type" : "application/x-www-form-urlencoded"}, method="POST", body=urllib.urlencode(form_data), callback = self.get_phone)
yield request_to_send
Unfortunately, I get an error, though everything should be ok. Does anybody have any idea what might be the problem? Is is maybe connected with encoding? The site uses utf-8.
You can find the token in page source:
<script type="text/javascript">
var csrfToken = '0ec80a520930fb2006e4a3e5a4beb9f7e0d6f0de264d15f9c87b572a9b33df0a';
</script>
And you can get it quite easily with this regular expression:
re.findall("csrfToken = '(.+?)'", response.body)
To get the whole thing you can use scrapy's FormRequest which can make a correct post request for you:
def parse(self, response):
token = re.findall("csrfToken = '(.+?)'", response.body)[0]
yield FormRequest('https://www.otodom.pl/ajax/misc/contact/phone/3ezHA/',
formdata={'CSRFToken': token},
callback=self.parse_phone)
def parse_phone(self, response):
print(response.body)
#'{"value":"515 174 616"}'
You can debug your scrapy requests by insersting inspect_response call and looking into request object:
def parse_phone(self, response):
from scrapy.shell import inspect_response
inspect_response(response, self)
# shell opens up here and spider is put on pause
# now check `request.body` and `request.headers`, match those to what you see in your browser
I am trying to use Http_client.Convenience.http_post to make a http post request.
The API is fairly simple:
val http_post : string -> (string * string) list -> string
Does a "POST" request with the given URL and returns the response
body. The list contains the parameters send with the POST request.
What I wish to do is to construct a http post request to get the flight information via google flights, explained as part 1 in here: http://www.nohup.in/blog/using-json-google-flights
To maintain the format of the Post request, I took a screenshot as this:
So finally, I construct a Http_client.Convenience.http_post for it:
open Http_client.Convenience;;
let post_para = [("(Request-Line)", "POST /flights/rpc HTTP/1.1");
("Host", "www.google.com");
("Content-Type", "application/json; charset=utf-8");
("X-GWT-Permutation", "0BB89375061712D90759336B50687E78");
("X-GWT-Module-Base", "http://www.google.com/flights/static/");
("Referer", "http://www.google.com/flights/");
("Content-Length", "275");
("Cookie", "PREF=ID=2dc218fc830df28d:U=29aaf343dd519bca:FF=0:TM=1307225398:LM=1308065727:GM=1:S=RWC3dYzVvVSpkrlz; NID=52=VTp1QILW1ntPlrkLx7yLUtOYhchNk35G4Lk35KBd7A3lCznVV5glz7lwDoDP2RkjtTJVNZSomv3iffPqiJz4oXfpoph3ljb2eInGOe-FwosvrmSXPpnLkEWxMHIbuaid; S=travel-flights=YFCjkd9M9h3Z_uEqBmgynA");
("Pragma", "no-cache");
("Cache-Control", "no-cache");
("data", "[,[[,\"fs\",\"[,[,[\"SJC\"]\n,\"2012-04-05\",[\"EWR\",\"JFK\",\"LGA\"]\n,\"2012-04-12\"]\n]\n\"]],[,[[,\"b_ca\",\"54\"],[,\"f_ut\",\"search;f=SJC;t=EWR,JFK,LGA;d=2012-04-05;r=2012-04-12\"],[,\"b_lr\",\"11:36\"],[,\"b_lr\",\"1:1528\"],[,\"b_lr\",\"2:1827\"],[,\"b_qu\",\"3\"],[,\"b_qc\",\"1\"]]]]")];;
let search () = try (http_post "http://www.google.com/flights/rpc" post_para) with
Http_client.Http_error (id, msg) -> msg;;
let _ = print_endline (search());;
When I run it, it just give me the following error html page:
<HTML>
<HEAD>
<TITLE>Internal Server Error</TITLE>
</HEAD>
<BODY BGCOLOR="#FFFFFF" TEXT="#000000">
<H1>Internal Server Error</H1>
<H2>Error 500</H2>
</BODY>
</HTML>
Can anyone tell me why? What's wrong with my http_post?
Drop this from post_para, it is not an HTTP Header, OCamlnet will send that automatically for you: "(Request-Line)", "POST /flights/rpc HTTP/1.1".
To send the headers and POST data separately you need to set the headers use set_request_header on the http_call object.
Also the Convenience module in OCamlnet will send the data as application/x-www-form-urlencoded, but I think you need the data sent as is. You can do that by using Http_client.post_raw.
I have a form which is generated from a database. In the database I have strings such as 'Española' which will become options in a drop down menu.
A the moment my html looks like:
<option value="Española">Española</option>
I am using these values for a dynamic part of the form from which I need to send AJAX requests.
I can see that, when using IE, the header is like so:
GET /collections/find_island?island_group=Espa�ola HTTP/1.1" 500 63206
when it should be:
GET /collections/find_island/?island_group=Espa%C3%B1ola HTTP/1.1" 200 164
As generated by other browsers.
Is there some way I can get this output in my template:
<option value="Espa%C3%B1ola">Española</option>
Any help much appreciated.
EDIT:
My form:
def form(forms.Form):
...
island_group = forms.ModelChoiceField(
required=False,
label=ugettext_lazy('Island Group'),
initial=None,
queryset=Localityonline.objects.values_list('islandgroup', flat=True).distinct('islandgroup').order_by('islandgroup'),
empty_label=ugettext_lazy("Not Specified"),
widget=forms.Select(attrs={"class":'searchfield', "onChange":'getIslandName()'})
)
the javascript:
function getIslandName(lang) {
var islandGroup = document.getElementById("id_island_group").value;
if (islandGroup == '') {
// if Not Specified re-selected then set data to null and bypass updatePage()
var data = null;
update_select($('select[name=island_name]'), data);
}
else {
var url = "../collections/find_island?island_group=" + islandGroup;
request.open("GET", url, true);
request.onreadystatechange = updatePage;
request.send(null);
}
}
You can call encodeURI in javascipt to give the encoded value that you are looking for. Perhaps mozilla and chrome do it automatically and IE doesn't???
encodeURI('Española')
// "Espa%C3%B1ola"
var url = "../collections/find_island?island_group=" + encodeURI(islandGroup);
or encode the whole url I don't know which one makes more sense...
Encode URL in JavaScript?
https://developer.mozilla.org/en/JavaScript/Reference/Global_Objects/encodeURIComponent
https://developer.mozilla.org/en/JavaScript/Reference/Global_Objects/encodeURI