WebSphere Liberty and Open Liberty, all version.
I want remove "Content-Language" header from Servlet/JSP response, because of browser translation function accidentally popup. It seems that Liberty adds this header on all response in default, and there is no setting option to prevent this behavior. I've tried response.setLocale(Locale.ROOT); and servlet filter that ignore setHeader/addHeader of Content-language. But I couldn't eliminate the header.
Does anyone have an idea?
There is no direct way to stop or remove the response "Content-Language" header. However, if you set response header "Content-Language" before the response is committed, the server won't change it and retain your setting.
Thanks,
As of Open Liberty 21.0.0.12 you can use the "Configurable Response Headers" support to remove any header you want. See the following blog post for additional details on how to use the feature: https://openliberty.io/blog/2021/11/26/jakarta-ee-9.1.html.
For instance you can do the following in your server.xml:
<httpEndpoint id="defaultHttpEndpoint"
httpPort="9080"
httpsPort="9443">
<headers>
<remove>Content-Language</remove>
</headers>
</httpEndpoint>
Related
When nothing is specified in "accept" header in the request, why is XML response returned by default in Web API? I mean is there anything which makes the framework to do so?
XmlMediaTypeFormatter is the default formatter, as this is the order in which they are found in the 'Formatters' collection of the HttpConfiguration object
https://stackoverflow.com/a/20192316/1538039
You can change the behaviour here by clearing down and only adding in a Jsonformatter, e.g.
configuration.Formatters.Clear();
configuration.Formatters.Add(new JsonMediaTypeFormatter());
The link to StrathWeb contains additional information
The spring security (4.0.1.Release) set the HSTS host by default for https protocol and you can see Strict-Transport-Security: max-age=31536000 ; in the response header (I used Firefox>Web Development>Network ).
But when I look at firefox console I see an error which says: The site specified an invalid Strict-Transport-Security header.
I also set the hsts header manually in spring config as :
<headers>
<hsts />
</headers>
The same response header is generated and the FireFox show error again.
According to the https://developer.mozilla.org/docs/Security/HTTP_Strict_Transport_Security the header must be correct !
Any comments ?!
I found it was a bug in firefox as mentioned in The site specified an invalid Strict-Transport-Security header - firebug.
The self-signed certificate seems to generate this issue.
Also refer to: https://jira.spring.io/browse/SEC-3021
Try this, so I solved a similar problem:
You could enter about:config into the firefox address bar (confirm the info message in case it shows up) and search for the preference named security.enterprise_roots.enabled double-click it and change its value to true and restart firefox.
I'm building a proxy using Apigee that transmits sensitive data. I need to ensure that clients of this API use HTTPS.
I've coded a Raise Fault policy that does something like this
proxies/default.xml
<PreFlow name="PreFlow">
<Request>
<Step>
<FaultRules/>
<Name>Require-HTTPS</Name>
<Condition>request.scheme != "https"</Condition>
</Step>
</Request>
<Response/>
</PreFlow>
policies/Require-HTTPS.xml
<RaiseFault async="false" continueOnError="false" enabled="true" name="Require-HTTPS">
<DisplayName>Require-HTTPS</DisplayName>
<FaultRules/>
<Properties/>
<FaultResponse>
<Set>
<Headers/>
<Payload contentType="application/json">\{
"status" : 400,
"message" : "Sensitive transactions may only be executed over HTTPS",
}
</Payload>
<StatusCode>400</StatusCode>
<ReasonPhrase>Requires HTTPS</ReasonPhrase>
</Set>
</FaultResponse>
<IgnoreUnresolvedVariables>true</IgnoreUnresolvedVariables>
</RaiseFault>
The problem is, the fault is always raised, whether I use HTTP or HTTPS to access.
I can see in the debugging console that the condition in proxies.xml always resolves to true, whether I use HTTP or HTTPS to access the API. In fact, the request.scheme always seems to be HTTP.
However, I do see the following header using HTTPS access that's not present using HTTP
X-Forwarded-Proto : https
Can I depend on this header to enforce HTTPS only access to my API? Or is there some other recommended way to do this?
You might try detecting the virtual host rather than the scheme by using the virtualhost.name variable (default or secure).
However, I suggest you create a two proxies -- one for https and one for http. This will remove the possibility of a consumer slipping past your conditional roadblock. Click on the word "default" under Proxy to edit the entire proxy file and scroll down to the HTTPProxyConnection
<HTTPProxyConnection>
<BasePath>/testme</BasePath>
<VirtualHost>default</VirtualHost>
<VirtualHost>secure</VirtualHost>
</HTTPProxyConnection>
Just remove the VirtualHost for default and the consumer will no longer be able to connect using https. I beleive you can then create a second API with the same path, only then remove "secure" and create a RasieFault without a condition. Worst case, you can rely on the Apigee error if you just disable default in your API.
I wish to change my URL of proxy service due enhanced application.
Previously my URL like differet than ESB default endpoint.
Now proxy providing this URL.
http://soccerhome:8280/services/Customer_Proxy
Where as my existing applications are running on some other endpoint's
like
http://soccerhome:8280/Customer_Proxy
So they can't able to change there endpoint how would i remove the service part in above URL any way to do that.
Thanks in advance.
Just provide a Service URL in your_proxy.
<parameter name="ServiceURI">Customer_Proxy</parameter>
Then You will get Your desire URL.
Change parameter servicePath in repository/conf/axis2/axis2.xml
Edit the repository/conf/axis2/axis2.xml in dispatcher phase :
<phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
to add the following handle.
<handler name="CustomURIBasedDispatcher"
class="org.apache.synapse.core.axis2.CustomURIBasedDispatcher"/>
Now if you go ahead to edit the proxy service, you can add a service parameter as,
serviceURI = Customer_Proxy
This will provide your desired URL.
you should change axis2.xml file in repository/conf/axis2/axis2.xml or create your service in proxy url
<parameter name="URL OF Service">CustomProxy</parameter>
So we got our application accepted in the wechat debug console, and are looking to respond with rich media type messages.
the request expected from the server is as follows:
<xml>
<ToUserName>UserName</ToUserName>
<FromuserName>TestUser</FromuserName>
<CreateTime>7200</CreateTime>
<MsgId>12302</MsgId>
<Content>Test Message</Content>
</xml>
To which we reply with the following:
<xml>
<ToUserName>TestUser</ToUserName>
<FromUserName>UserName</FromUserName>
<CreateTime>7200</CreateTime>
<MsgType>news</MsgType>
<ArticleCount>1</ArticleCount>
<Articles>
<item>
<Title>Test</Title>
<Description>Test</Description>
<PicUrl>http://PICURL</PicUrl>
<Url>http://ARTICLE_URL</Url>
</item>
</Articles>
</xml>
However the application doesn't seem to be getting the requests as it was setup so the questions is:
Will requests go to the URL setup?
If so is the xml provided correct for the response and also for the messages that gets posted to the url provided?
Are there specific headers presents in the request?
Yes the Requests will go to the URL that you have setup and send a straight XML post to your script.
Check your XML there seems to be quite a few differences from the actual system input and output also check the example of working input and output XML and try this. Obviously replacing the ToUserName and FromUserName:
INPUT RESPONSE
<xml>
<ToUserName><![CDATA[gh_4456]]></ToUserName>
<FromUserName><![CDATA[123abc]]></FromUserName>
<CreateTime>1397201326</CreateTime>
<MsgType><![CDATA[text]]></MsgType>
<Content><![CDATA[test]]></Content>
<MsgId>6000934001298302633</MsgId>
</xml>
OUTPUT RESPONSE
<xml>
<ToUserName><![CDATA[123abc]]></ToUserName>
<FromUserName><![CDATA[gh_4456]]></FromUserName>
<CreateTime>1397201781</CreateTime>
<MsgType><![CDATA[news]]></MsgType>
<ArticleCount>1</ArticleCount>
<Articles>
<item>
<Title><![CDATA[Your test title]]></Title>
<Description><![CDATA[test description]]></Description>
<PicUrl><![CDATA[http://test.com/img.jpg]]></PicUrl>
<Url><![CDATA[http://test.com/]]></Url>
</item>
</Articles>
</xml>
No headers you need to worry about.
FOR OFFICIAL OA: I think your problem might be that you have not enabled developer mode yet. Even though you have setup the URL and TOKEN. Please confirm developer mode is ENABLED. Go to admin.wechat.com -> login -> function -> advanced -> developer mode should be ENABLED.
FOR SANDBOX ACCOUNT: developer mode is always enabled.
Also check your CreateTime this should be a unix timestamp.
If none of that resolves it go and look at your access logs. Find the URL wechat is posting to. Once you have the URL got to http://www.hurl.it/ change the destination type to POST and paste the URL there. Add a Header called "Content-Type" with the value "text/xml" click on add body and post your input response in there. This will give you the response that WeChat sees. I tested yours and found the ToUserName was blank, also ensure you don't have unneeded spaces or newlines there.