Develop Reference

What is the request that whatsapp cloud api does to verify a webhook?

I'm able to verify the webhook using glitch from the getting started:
https://glitch.com/edit/?fbclid=IwAR2YTjZuGGM9Hi6T_v1eZh_nV6_HY3RYn_8lll4gY1REa_bJy6ZAuq6tkKQ#!/whatsapp-cloud-api-echo-bot
my local server (in a subdomain with https enabled) has the same behavior as glitch and show "WEBHOOK_VERIFIED" on the log for the request:
/webhook?hub.mode=subscribe&hub.verify_token=xpto123&hub.challenge=123
but when try to verify my local server the request from meta does not reach the server.
chrome showing that the connection to the server is secured

After more tests I found that my local server was been blocked by the ISP, understood it after test with another connection.

I made my own server and had tried ngrok and other programs to run it from local host with https redirect but whatsapp doesn't allow the use of those programs.
In the end, my error was that the URL HAS to end in /webhook or else, it won't even send the request. Then it'll send a GET request and you have to return the hub.challenge query param after making sure that the provided token from them is the one you set up. This is my code using NodeJS
if(req.query['hub.verify_token'] === process.env.VERIFY_TOKEN) return res.status(200).send(req.query['hub.challenge'])

CORS request did not succeed

I have a problem when I want to create an authentication system using VueJs as the frontend (http://localhost:8080/#/login) and Laravel 5.6 as the backend. When I try to submit login form using the api login url http://127.0.0.1:8000/api/v1/login, I get the error message:
Cross-Origin Request Blocked: The Same Origin Policy disallows
reading the remote resource at http://127.0.0.1:8000/api/v1/login.
(Reason: CORS request did not succeed).
I don't know how to solve this problem.
Could anyone here help me to solve my problem?
NOTE : I have to install laravel-cors before

This is an old question, but I'll reply nonetheless.
For me this error was caused by a self-signed certificate. If you open developer tools, select the network tab, click the call that failed CORS you can see the security tab. Click it to open it. If a cert is giving you problems the text "An error occurred: SEC_ERROR_INADEQUATE_KEY_USAGE" should be visible.
To resolve this just go to the URL that gave you the CORS error, and accept the cert manually.

Cross Origin Resource Sharing is a mechanism that uses additional HTTP headers to tell a browser to allow the web application running on one origin (client) have permission to access selected resources from a server at a different origin.
Basically, your Vue app (http://localhost:8080) needs to be allowed access to your Laravel endpoint (http://127.0.0.1:8000/api/v1/login) This is to prevent me from hitting your Laravel endpoint from my malicious website and acting like an authenticated user.
Based on the docs, you need to add 'allowedOrigins' => ['*'], but that means you're opening up your backend to all requests. That's fine if it's a public API but in this context it doesn't sound like you want that. Instead, in this case it would be 'allowedOrigins' => ['localhost:8080'], so that your Vue app can consume your Laravel server.

You have to use either localhost or 127.0.0.1 for all the requests. In general in your code you should make calls to the server by just appending the URI to the current host, without re-adding the host and port in the URI string. If you load your page from a given host, for example 127.0.0.1 and then try to make an AJAX request to another host, for example www.host.com, the request gets blocked to prevent XSS attacks

It sounds like you are running this in dev mode via webpack currently? If that is correct and your workflow is that you are going to build the Vue application and have it co-reside with your Laravel backend then you just need to update config/index.js to have a proxyTable entry that forwards webpack requests to the correct dev Laravel backend server.
This would look something like this.
module.exports = {
dev: {
proxyTable: {
"/": "http://127.0.0.1:8000/api/v1/login"
}
}
}
There is additional information available on how this works; https://vuejs-templates.github.io/webpack/proxy.html

I was stuck with this error recently while I was trying to get one of our old websites hosted via Azure (App Services) up and running again.
Reason: CORS request did not succeed was the error showing in the browser console, however, it turned that for our case the URL mentioned in the CORS error doesn't exist anymore - its referring to the old https://******.azurewebsites.net service url we had (previous hosted in Azure - App Services).
So also check that the URL mentioned in the CORS-error is in fact working.

In my case the computer was not displaying the correct date and time. When I try to view the page I would get the "CORS request did not succeed." Once I updated to the correct time and date the page displayed normally.

I had to change the base URL of axios. I didn't notice it was https://, not http://
file: src\store\index.js
change the
axios.defaults.baseURL = 'https://127.0.0.1:8000/api'
to
axios.defaults.baseURL = 'http://127.0.0.1:8000/api'
Note: Make sure it's exactly same URL and Port. You can see that in terminal where you start the laravel application (php artisan serve).

Browser not responding to www-authenticate challenge for bookmarked ssl (https url) to restricted resource

I have set up SSO using weblogic on windows and Kerberos, It is working fine for the http pages, however I observed a strange behavior on https pages which requires CONFIDENTIAL setting for the transport, It works fine if I first access a page on http which is not configured as secured in web.xml(Transport-Gurantee as None) and then the https page.
But If I try to hit the https url directly which is configured with Transport-Gurantee as CONFIDENTIAL then it shows the Basic Auth Dialog and a 401 Unauthorized response, Looking at the logs I see that the Server responded with the WWW-Authenticate but browser showed the Basic Auth Dialog in response instead of getting the Authorize token.
Does anyone has any idea on what might be issue here, If there is any problem with the browser settings then it would not have worked irrespective of accessing the http url first.
I can see the following error log in weblogic console
Malformed request "Can not parse URI from http request". Request parsing failed, Code: -1
Found one of the link here
SPNEGO on IBM WebSphere Portal 6.1 with https
For my case it is weblogic 12c , I don't think reinstalling 12c is a valid solution for it

Ok I got it fixed , It turns out to be an issue with the browser configuration , the https://myserver.domain.com was not inside the intranet domain and the control to do that rests with the windows Admin team, once they added it , the https urls are also working fine.

Google OAuth 2 authorization - Error: Redirect Uri Mismatch

JSON File
{"web":{"auth_uri":"https://accounts.google.com/o/oauth2/auth",
"client_secret":"c-kaafSexciO7It3QcKxx3BO",
"token_uri":"https://accounts.google.com/o/oauth2/token",
"client_email":"xxx678964-tjkl572knihtgocll9tnadvsdngmnld6#developer.gserviceaccount.com",
**"redirect_uris":["http://www.alfrosia.com"]**,
"client_x509_cert_url":"https://www.googleapis.com/robot/v1/metadata/x509/798911678964-tjkl572knihtgocll9tnadvsdngmnld6#developer.gserviceaccount.com",
"client_id":"xxx1678964-tjkl572knihtgocll9tnadvsdngmnld6.apps.googleusercontent.com",
"auth_provider_x509_cert_url":"https://www.googleapis.com/oauth2/v1/certs",
"javascript_origins":["[http://www.alfrosia.com][1]"]}}
I am specifying proper redirect url in the json file above, but during authentication it is giving wrong url message on browser. While I have given, this as Redirect Uri in json file.
In the error message it says that
redirect_uri=http://localhost:57826/authorize/
is uri_mismatch while I have not specified it in json
But Google OAuth2 authorization Failed ,this error message occurs during authentication process
- Error: redirect_uri_mismatch.
Request Details
scope=https:[//www.googleapis.com/auth/youtube.readonly][3]
response_type=code
redirect_uri=http://localhost:57826/authorize/
access_type=offline
pageId=none
client_id=xxxxx964-tjkl572knihtgocll9tnadvsdngmnld6.apps.googleuserconten

redirect_uri must exactly match what you have set in the Google Developer console. My guess is that your code / client library / IDE is automatically setting the redirect URI based upon the url you are browsing from.
Visual studio for example has a habit of randomly changing the port.
Option 1:
Fix your redirect uri in the Google developer console to
http://localhost:57826/authorize/
option 2:
assuming you are using visual studio fix the project settings so it stops adding a random port.
option 3:
assuming you are using java or visual studio IDE that may be adding this random port. Create a Client ID for native application instead of a Client ID for web application and use that for testing on local host. Do not release Client ID for native application to your live webserver.

"localhost" is not working in Google developer console.
Try 127.0.0.1 as redirect URI and don't use symbols in the URI.

Tasker HTTP Get returns file not found

I'm attempting to use tasker to go back and forth with the ecoBee API. In doing so, I've been unable to get past the first step due to an issue I'm running into with tasker.
Here's my setup:
Server:Port - https://api.ecobee.com:443 (I've also tried without the port, and without the https://
Path - /1/authorize
Mime Type - application/json
Trust Any Certificate
When running this i get a Tasker toast message that states "Input/Output error for https://api.ecobee.com:443/1/authorize : java.io.FileNotFoundException: https://api.ecobee.com:443/1/authorize"
Going to that URL works from the phone browser and a computer browser. Am I missing something obvious?

Try using https://api.ecobee.com/authorize URL instead. Seems like your URL is wrong. You can also see valid URL's for Authorize call here: Authorization Endpoints