I am trying to call a Postman GET endpoint, and it is returning HTML and status 200, instead of a valid JSON response and status 200. It looks like it is not hitting the backend at all. I have a separate POST endpoint, which works fine and returns me a valid JSON response.
Could this be due to authorization headers? I am using the same authorization for both.
I managed to resolve the issue. I had to add a cookie header, which I got from the browser since I was able to call the service from the browser and I had authenticated on browser level.
Related
ajax call
postman url
console error
Postman returns a response, but browser gives me 403. I have attached my postman request, my ajax call as well as the browser error. Any advice is helpful
You need to pass credentials. follow this link for more information.
I ran into this issue as well. While cedric is right, the Authorization header needs to be specified, another issue can cause this as well. Postman does not include an Origin header in its requests (see: https://stackoverflow.com/a/68380707/1029688). This could cause it to ignore CORS errors that you would normally encounter when making web requests from a browser.
I'm attempting to login to a website that uses IdentityServer with JMeter but am getting stuck at the point where I post my credentials.
If I inspect the request via fiddler, I can see that it returns a 302 with a redirect, however when I attempt to post the same request in JMeter, I get a 200 with 'Error' in the html with no details.
This is my request in JMeter....
This is the request in Fiddler....
And this is the HTML response in JMeter (200 OK)...
And this is the Fiddler response...
And this is the HTML response in Fiddler, after the redirect...
I can confirm that my JMeter variables ${COOKIE_idsrv.xsrf} and ${SignIn are populated with the correct values.
Other points to note
I have a HTTP Cookie Manager
The HTTP Manager Referer headers are set correctly
All requests are set to Follow Redirects
I retrieve all embedded resources for each request
Does anybody know what could be the issue here?
In your POST request, why do you have "signin" parameter included?. You have already added "signin" as a query parameter and it appears to be redundant and not required for the actual POST body data. Fiddler does not have it in both the places. Please check.
After much frustration it turned out the issue was due to ${COOKIE_idsrv.xsrf} not containing the correct value for idsrv.xsrf. Once I changed this to pull it from a previous request it seemed to work okay.
I am creating different HTTP Requests for a site and taking an access token as a variable from Regular Expression Extractor and using it in another HTTP Request.
The Thread group is working fine; i.e. no error in View Results Tree. But Response data is only coming for the Request with POST Method. Nothing is coming for the Request with GET Method and both requests are taking the access token properly.
In some cases you may get response code 200 ok and request still may fail. In case of your get request that seems to be happening.
Check following:
Headers being sent with get request. (Compare request being sent from JMeter and from real browser.)
Add response assertion to get request to be assure the correctness of the response. (Check what response you get for the request made from browser.)
Make sure you have added cookie manager in the test plan.
I am learning jmeter.
I am passing json request in Body of http request. I set content-type as application/json. passing cookie value using cookie manager. I am getting response code as 403. how to resolve it??
I have passed all the headers which is caputred in Firebug.. Only the difference is the captured cookie in the firebug has lot of values but when i run the test, the below only is passing (if I use, Cookie Manager) other than that all are same.. No clue why it is returning 403..
Cookie Data:
connect.sid=s%3AFBcljlVYI2p1WyjuxcDgWQKJ.kSrLYIsSy9T%2FEgSB25yUq0T3qTjpqF69GJhyW9GzJpU; TOKEN=ZU3cf9fKGCPJXM6qi7JX6DVv2%2B3Jw8q%2Flnb2A%3D
403 is a "Forbidden" error. Most likely is that something needs to be sent in the body of your http request, like a token, which needs to be extracted from the log in request.
Add Http authorization manager, specify the url along with the crednetials in it. Keep the encoding mechanism to BASIC_DIGEST. Enable log viewer so that you can trace the exact issue
My main goal is to understand what exactly occurs during an authorization process between a client (browser) using ajax and asp.net web api back-end.
So initially, I make a simple GET request to one of my controllers (allowing "Access-Control-Allow-Origin") via ajax from my browser. I take the response that I want and everything is OK so far.
Then, I am setting an authorize attribute on the same controller on web api and I make again a simple GET request in order to study the result. So, with the help of firebug, I see that there is a "NetworkError: 401 Unauthorized - localhost/api/values".
Besides, on the result object I see the following values: readyState : 0, responseText : "", status : 0, statusText : "error". Is this normal? Should not I see for example status : 401?
I think I could use the accepted solution of this thread: Unauthorized AJAX request succeeds
but I prefer to check a potential 401 result more strictly.
One thought that I made is that maybe the asp.net web API by default, when you use the authorize attribute, on an unauthorized response does not include the "Access-Control-Allow-Origin" header, so I added globally a custom action filter which adds the "Access-Control-Allow-Origin" to each response, but it did not solve my problem, so I guess this is not the case.
I found a solution. My assumption concerning what caused this problem was eventually proved accurate. When an unauthorized request was arriving to a controller, which was requiring authorization (using the authorize attribute), then the response was not including the header "Access-Control-Allow-Origin". Consequently the status of the jqXHR on the client was 0 instead of 401.
So I added the "Access-Control-Allow-Origin" to asp.net web api Web.config and finally worked properly.