My setup looks like this:
|––––––––––––| |–––––––––––––| |–––––––––––––––––|
| | <- origin 1 -> | API Gateway | <-> | Lambda function |
| | |–––––––––––––| |–––––––––––––––––|
| CloudFront |
| | |–––––––––––––|
| | <- origin 2 -> | S3 bucket |
|––––––––––––| |–––––––––––––|
I need CloudFront in front of the API Gateway to get automatic http->https redirection.
I'm using a custom login.example.com subdomain w/ CloudFront.
API Gateway's generated URL is the origin 1 for CloudFront distribution.
This all works as expected.
I can even return one Set-Cookie header from the lambda function and it will get passed on until it reaches the browser.
{
"statusCode": 302,
"body": "",
"headers": {
"location": "/test",
"surrogate-control": "no-store",
"cache-control": "no-store, no-cache, must-revalidate, proxy-revalidate",
"pragma": "no-cache",
"expires": "0",
"content-length": "0",
"date": "Fri, 19 Feb 2021 17:25:56 GMT",
"connection": "keep-alive",
"set-cookie": "cookie1=68abcdbefbef7d84c26e68; Max-Age=2592000; Domain=example.com; Path=/; HttpOnly; Secure; SameSite=Strict"
},
"isBase64Encoded": false
}
Adding another one isn't working - as expected when you look at the docs:
https://docs.aws.amazon.com/apigateway/latest/developerguide/set-up-lambda-proxy-integrations.html#apigateway-multivalue-headers-and-parameters
https://aws.amazon.com/blogs/compute/support-for-multi-value-parameters-in-amazon-api-gateway/
{
"statusCode": 302,
"headers": {
"location": "/test",
"set-cookie": [
"cookie1=68abcdbefbef7d84c26e68; Max-Age=2592000; Domain=example.com; Path=/; HttpOnly; Secure; SameSite=Strict",
"cookie2-login=; Max-Age=0; Path=/; Expires=Thu, 01 Jan 1970 00:00:00 GMT; HttpOnly; Secure"
],
"surrogate-control": "no-store",
"cache-control": "no-store, no-cache, must-revalidate, proxy-revalidate",
"pragma": "no-cache",
"expires": "0",
"content-length": "0"
}
}
Both of these will be ignored/removed.
But even when I'm using the multiValueHeaders object to return more than one of the same kind like this:
{
"statusCode": 302,
"body": "",
"headers": {
"location": "/test",
"surrogate-control": "no-store",
"cache-control": "no-store, no-cache, must-revalidate, proxy-revalidate",
"pragma": "no-cache",
"expires": "0",
"content-length": "0",
"date": "Fri, 19 Feb 2021 17:25:56 GMT",
"connection": "keep-alive"
},
"isBase64Encoded": false,
"multiValueHeaders": {
"Set-Cookie": [
"cookie1=68abcdbefbef7d84c26e68; Max-Age=2592000; Domain=example.com; Path=/; HttpOnly; Secure; SameSite=Strict",
"cookie2-login=; Max-Age=0; Path=/; Expires=Thu, 01 Jan 1970 00:00:00 GMT; HttpOnly; Secure"
]
}
}
the API Gateway removes/ignores them from the response it passes on to CloudFront.
What am I doing wrong?
Do I have to map something in the API Gateway when using the multiValueHeaders?
Normal headers['set-cookie'] is passed on automatically but multiValueHeaders not?
Are the additional attributes a problem?
Is it a problem that I'm trying to set the cookie for the root-domain and not the login.example.com domain?
Not sure how Philipp missed this, as it was on the same page he cited:
To customize the response, your Lambda function should return a response with the following format.
{
"cookies" : ["cookie1", "cookie2"],
"isBase64Encoded": true|false,
"statusCode": httpStatusCode,
"headers": { "headername": "headervalue", ... },
"body": "Hello from Lambda!"
}
So just return cookies: ['name=value', 'name=value']
Source: https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-develop-integrations-lambda.html#http-api-develop-integrations-lambda.v2
Finally found the answer myself:
The new payload format (2.0) does not support multiValueHeaders.
Working with AWS Lambda proxy integrations for HTTP APIs
[...] Format 2.0 doesn't have multiValueHeaders or multiValueQueryStringParameters fields. Duplicate headers are combined with commas and included in the headers field. Duplicate query strings are combined with commas and included in the queryStringParameters field. [...]
https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-develop-integrations-lambda.html
So I'm rewriting the set-cookie headers to different spellings:
Set-cookie
sEt-cookie
seT-cookie
That was the way you had to do it before there were multiValueHeaders - but it seems it is still the only when you're using the new payload format :(
Related
I am trying to embed our app into Teams. We have it working from the web version of MS Teams. However when we try it from the MS Teams desktop app, our app's tab is unable to communicate with our API saying net::ERR_BLOCKED_BY_RESPONSE for all XHR requests the app tries to make to the API. The OPTIONS request seems to get some response headers back but is still listed as failed (see header below)
What is blocking the requests in the Desktop app? We have tried various security header changes and disabling our apps service worker among other things but to no avail. The application loads fine (we have the iframe enabling headers set in the CSP - see below). It's just the communication with the API that is blocked.
Application details that we are embedding in the MS Teams APP as a custom app
Progressive web app
Angular v13 with
Angular routing strategy (useHash = false)
API is REST based
NB: The app tab works in the mobile app version of teams on iOS as well as on the web version
Response headers that are returned by the API we are trying to talk to on the OPTIONS request
access-control-allow-headers: Content-Type, Authorization, V, D
access-control-allow-methods: OPTIONS, GET, POST, DELETE, PUT
access-control-allow-origin: https://**redacted**
access-control-max-age: 86400
cache-control: no-cache
content-length: 0
date: Wed, 12 Jan 2022 00:14:44 GMT
permissions-policy: geolocation=()
referrer-policy: no-referrer
server: CloudFront
status: 200
strict-transport-security: max-age=31536000; includeSubDomains
vary: Origin
via: 1.1 **redacted**.cloudfront.net (CloudFront)
x-amz-cf-id: **redacted**
x-amz-cf-pop: SYD62-P1
x-cache: Miss from cloudfront
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
Headers and CSP on the application (SPA)
age: 6
cache-control: no-cache
content-encoding: br
content-security-policy: default-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://*.**redacted**.com https://**redacted**.app https://*.**redacted**.app; connect-src https://*.**redacted**.com https://**redacted**.app https://*.**redacted**.app; object-src 'none'; frame-ancestors teams.microsoft.com *.office.com outlook.office.com outlook.office365.com
content-type: text/html
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
date: Wed, 12 Jan 2022 00:22:58 GMT
etag: **redacted**
expect-ct: max-age=0, report-uri="https://**redacted**.report-uri.com/r/d/ct/reportOnly"
last-modified: Tue, 11 Jan 2022 23:27:02 GMT
permissions-policy: geolocation=()
referrer-policy: no-referrer-when-downgrade
server: CloudFront
status: 304
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding
via: 1.1 **redacted**.cloudfront.net (CloudFront)
x-amz-cf-id: **redacted**
x-amz-cf-pop: SYD62-P1
x-cache: Hit from cloudfront
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
The manifest, currently setup with a configure page that adds a tab after choosing our customer account name which generates the url for the tab.
{
"$schema": "https://developer.microsoft.com/en-us/json-schemas/teams/v1.11/MicrosoftTeams.schema.json",
"manifestVersion": "1.11",
"version": "4.1.8",
"id": "***",
"packageName": "app.***",
"developer": {
"name": "*** Pty Limited",
"websiteUrl": "https://www.***.com",
"privacyUrl": "https://www.***.com/privacy",
"termsOfUseUrl": "https://***.com/resources/20201019+***+Terms+and+Conditions.pdf"
},
"icons": {
"color": "color.png",
"outline": "outline.png"
},
"name": {
"short": "***",
"full": "*** For Microsoft Teams"
},
"description": {
"short": "***",
"full": "***"
},
"accentColor": "#F9F9FA",
"configurableTabs": [
{
"configurationUrl": "https://dev.***.app/ms-teams/teams-configure.html",
"canUpdateConfiguration": true,
"scopes": [
"team"
],
"context": [
"channelTab"
],
"supportedSharePointHosts": [
"sharePointFullPage"
]
}
],
"permissions": [
"identity",
"messageTeamMembers"
],
"validDomains": [
"dev.***.app",
"*.dev.***.app",
"*.teams.***.app",
"api.test.***.com",
"api.***.com",
"*.test.***.app",
"*.***.app"
]
}
I try to send an API request with cy.request but there seems to be something wrong with the data format. My code looks as follows:
cy.request({
url: Cypress.env("RtmApiUrl") + "/test-plan/",
method: "POST",
headers: {
"Authorization": "Bearer " + Cypress.env('RtmApiToken'),
"content-type": "application/json",
body: {
"projectKey": "QAIR",
"summary": "API Test Regression",
"description": "Full regression",
"parentTestKey": "F-QAIR-TP-8",
"priority": {
"id": 3,
"name": "Medium"
},
"status": {
"id": 10005,
"name": "Backlog"
},
"includedTestCases": []
},
},
});
And the console output from Cypress Test Runner:
CypressError: `cy.request()` failed on:
https://rtm-api.hexygen.com/api/test-plan/
The response we received from your web server was:
> 400: Bad Request
This was considered a failure because the status code was not `2xx` or `3xx`.
If you do not want status codes to cause failures pass the option: `failOnStatusCode: false`
-----------------------------------------------------------
The request we sent was:
Method: POST
URL: https://rtm-api.hexygen.com/api/test-plan/
Headers: {
"Connection": "keep-alive",
"Authorization": "Bearer <some Token>",
"content-type": "application/json",
"body": {
"projectKey": "QAIR",
"summary": "API Test Regression",
"description": "Full regression",
"parentTestKey": "F-QAIR-TP-8",
"priority": {
"id": 3,
"name": "Medium"
},
"status": {
"id": 10005,
"name": "Backlog"
},
"includedTestCases": []
},
"user-agent": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36",
"accept": "*/*",
"accept-encoding": "gzip, deflate",
"content-length": 0
}
-----------------------------------------------------------
The response we got was:
Status: 400 - Bad Request
Headers: {
"server": "Cowboy",
"connection": "keep-alive",
"x-content-type-options": "nosniff",
"x-xss-protection": "1; mode=block",
"cache-control": "no-cache, no-store, max-age=0, must-revalidate",
"pragma": "no-cache",
"expires": "0",
"strict-transport-security": "max-age=31536000 ; includeSubDomains",
"x-frame-options": "DENY",
"content-type": "application/json",
"content-length": "69",
"date": "Tue, 13 Jul 2021 07:32:36 GMT",
"via": "1.1 vegur"
}
Body: {
"errorMessages": [
"No content to map to Object due to end of input"
]
}
I already tried the same combination of header and body with Postman and curl and it worked. Is there something I missed?
Any help is appreciated. Thanks in advance.
Folks, I missed a bracket at the end of the headers block. So this was a real classic layer 8 issue...
cy.request({
url: Cypress.env("RtmApiUrl") + "/test-plan/",
method: "POST",
headers: {
"Authorization": "Bearer " + Cypress.env('RtmApiToken'),
"content-type": "application/json"
},
body: {
"projectKey": "QAIR",
"summary": "API Test Regression",
"description": "Full regression",
"parentTestKey": "F-QAIR-TP-8",
"priority": {
"id": 3,
"name": "Medium"
},
"status": {
"id": 10005,
"name": "Backlog"
},
"includedTestCases": []
},
},
});
I'm using the Group Nodes in App Connect ACE 11 to call a service multiple times and trying to aggregate the the responses. Everything works fine and the below is the result of InputRoot.ComIbmGroupCompleteNode.Group.
{
"msg": {
"GroupProperties": {
"GroupId": "010000000000000000000000000000001000000000000000",
"GroupName": "TSTGRP",
"GroupCreationTime": 1593669682652,
"GroupCommitTime": 1593669682707,
"GroupCompleteTime": 1593669682806,
"GroupOutputTime": 1593669682806,
"GroupStatus": "Completed"
},
"Context": {
"HTTP": {
"RequestIdentifier": "45564854000000000e000000db851d0ecc11000000000000"
},
"RouterList": {}
},
"Replies": {
"FLDR": {
"ReplyId": "534f41503000000067e55223146300000400000000000000",
"RequestSendTime": 1593669682674,
"ReplyReceiptTime": 1593669682706,
"Reply": {
"Root": {
"HTTPResponseHeader": {
"X-Original-HTTP-Status-Line": "HTTP/1.1 200 OK",
"X-Original-HTTP-Status-Code": 200,
"Date": "Thu, 02 Jul 2020 06:01:17 GMT",
"Content-Type": "application/json; charset=utf-8",
"Content-Length": "83",
"Connection": "keep-alive",
"Set-Cookie": "__cfduid=dfbd2cc294d944ed4cfdf6b72a343f8dc1593669677; expires=Sat, 01-Aug-20 06:01:17 GMT; path=/; domain=.typicode.com; HttpOnly; SameSite=Lax",
"X-Powered-By": "Express",
"X-Ratelimit-Limit": "10000",
"X-Ratelimit-Remaining": "9999",
"X-Ratelimit-Reset": "1592660247",
"Vary": "Origin, Accept-Encoding",
"Access-Control-Allow-Credentials": "true",
"Cache-Control": "max-age=43200",
"Pragma": "no-cache",
"Expires": "-1",
"X-Content-Type-Options": "nosniff",
"Etag": "W/\"53-hfEnumeNh6YirfjyjaujcOPPT+s\"",
"Via": "1.1 vegur",
"CF-Cache-Status": "HIT",
"Age": "15242",
"Accept-Ranges": "bytes",
"cf-request-id": "03afb689ec00007f11da290200000001",
"Server": "cloudflare",
"CF-RAY": "5ac626bcaa097f11-CMB"
},
"JSON": {
"Data": {
"userId": 1,
"id": 1,
"title": "delectus aut autem",
"completed": false
}
}
}
}
},
"FLDR": {
"ReplyId": "534f415031000000273b5323146300000400000000000000",
"RequestSendTime": 1593669682707,
"ReplyReceiptTime": 1593669682737,
"Reply": {
"Root": {
"HTTPResponseHeader": {
"X-Original-HTTP-Status-Line": "HTTP/1.1 200 OK",
"X-Original-HTTP-Status-Code": 200,
"Date": "Thu, 02 Jul 2020 06:01:17 GMT",
"Content-Type": "application/json; charset=utf-8",
"Content-Length": "99",
"Connection": "keep-alive",
"Set-Cookie": "__cfduid=debd2bf084ee690942fb5d3439e41fa331593669677; expires=Sat, 01-Aug-20 06:01:17 GMT; path=/; domain=.typicode.com; HttpOnly; SameSite=Lax",
"X-Powered-By": "Express",
"X-Ratelimit-Limit": "500",
"X-Ratelimit-Remaining": "497",
"X-Ratelimit-Reset": "1593684076",
"Vary": "Origin, Accept-Encoding",
"Access-Control-Allow-Credentials": "true",
"Cache-Control": "max-age=43200",
"Pragma": "no-cache",
"Expires": "-1",
"X-Content-Type-Options": "nosniff",
"Etag": "W/\"63-+s0zIP5ZEQN9hypVJUneLybJ+L0\"",
"Via": "1.1 vegur",
"CF-Cache-Status": "HIT",
"Age": "8713",
"Accept-Ranges": "bytes",
"cf-request-id": "03afb68a0900007f29ad07c200000001",
"Server": "cloudflare",
"CF-RAY": "5ac626bcdc137f29-CMB"
},
"JSON": {
"Data": {
"userId": 1,
"id": 2,
"title": "quis ut nam facilis et officia qui",
"completed": false
}
}
}
}
},
"FLDR": {
"ReplyId": "534f4150320000000bbb5323146300000400000000000000",
"RequestSendTime": 1593669682707,
"ReplyReceiptTime": 1593669682737,
"Reply": {
"Root": {
"HTTPResponseHeader": {
"X-Original-HTTP-Status-Line": "HTTP/1.1 200 OK",
"X-Original-HTTP-Status-Code": 200,
"Date": "Thu, 02 Jul 2020 06:01:17 GMT",
"Content-Type": "application/json; charset=utf-8",
"Content-Length": "84",
"Connection": "keep-alive",
"Set-Cookie": "__cfduid=dfbd2cc294d944ed4cfdf6b72a343f8dc1593669677; expires=Sat, 01-Aug-20 06:01:17 GMT; path=/; domain=.typicode.com; HttpOnly; SameSite=Lax",
"X-Powered-By": "Express",
"X-Ratelimit-Limit": "500",
"X-Ratelimit-Remaining": "499",
"X-Ratelimit-Reset": "1593684076",
"Vary": "Origin, Accept-Encoding",
"Access-Control-Allow-Credentials": "true",
"Cache-Control": "max-age=43200",
"Pragma": "no-cache",
"Expires": "-1",
"X-Content-Type-Options": "nosniff",
"Etag": "W/\"54-J3JtLgWuXjgj1OZdyAcKAqOaKHo\"",
"Via": "1.1 vegur",
"CF-Cache-Status": "HIT",
"Age": "8713",
"Accept-Ranges": "bytes",
"cf-request-id": "03afb68a0c00007f11da291200000001",
"Server": "cloudflare",
"CF-RAY": "5ac626bcea187f11-CMB"
},
"JSON": {
"Data": {
"userId": 1,
"id": 3,
"title": "fugiat veniam minus",
"completed": false
}
}
}
}
}
}
}
}
My question is how can I access the 3 JSON.Data elements and create a combined response. I know this is not a valid JSON and FLDR is a repeating key. Also this is not an array. How can I access these elements and create a combined response like this?
{
"result1": {
"userId": 1,
"id": 1,
"title": "delectus aut autem",
"completed": false
},
"result2": {
"userId": 1,
"id": 2,
"title": "quis ut nam facilis et officia qui",
"completed": false
},
"result3": {
"userId": 1,
"id": 3,
"title": "fugiat veniam minus",
"completed": false
}
}
Any help would be very much appreciated.
If you have a message tree containing that structure then you can access any part of it - regardless of whether it would be a valid JSON document.
Have you tried writing a normal FOR loop in ESQL to iterate over the occurrences of FLDR?
Note: this code is completely un-tested and probably contains syntax errors and defects...
DECLARE index INTEGER 1;
FOR refFLDR AS InputRoot.ComIbmGroupCompleteNode.Group.msg.Replies.FLDR[] DO
DECLARE fieldName 'Result' || index;
CREATE LASTCHILD OF OutputRoot.JSON.Data TYPE Name NAME fieldName FROM refFLDR;
SET index = index + 1;
END FOR;
Why is my composer REST server not returning the transaction id of the request, or where can I find the id?
curl -X POST --header 'Content-Type: application/json' --header 'Accept: application/json' -d '{ \
"$class": "org.example.biznet.SampleAsset", \
"assetId": "1", \
"value": "103300" \
}' 'http://localhost:3000/api/SampleAsset'
Response:
{
"date": "Sun, 04 Feb 2018 15:59:10 GMT",
"x-content-type-options": "nosniff",
"etag": "W/\"52-0IlZYwJKBE6+rHqbXGCNVeELkQ0\"",
"x-download-options": "noopen",
"x-frame-options": "DENY",
"content-type": "application/json; charset=utf-8",
"access-control-allow-origin": "http://localhost:3000",
"access-control-allow-credentials": "true",
"connection": "keep-alive",
"vary": "Origin, Accept-Encoding",
"content-length": "82",
"x-xss-protection": "1; mode=block"
}
As I can see in the pull request it should be solved: https://github.com/hyperledger/composer/pull/843
My versions:
├── composer-cli#0.16.3
├── composer-playground#0.16.3
├── composer-rest-server#0.16.3
It looks like you have submitted a POST request to an Asset (SampleAsset) which being an Asset does not generate a Transaction ID. If you POST to a Transaction you will get a Transaction ID - and you will see it in the Response Body, not the Response Header. See example below.
I have FB analytics configured for iOS and android app. It does recognize iOS platform when viewing events correctly. But for android it only qualifies it as android about 30% of all.
Here's how those events are shown in FB analytics debugging screen: ('inne wartości' stands for 'other')
I wonder how FB does the recognition? By advertising id? Read docs through but didn't find info about this anywhere.
Here's a FB response that gets recognized as android: (obfuscated few details):
{
"req": {
"method": "POST",
"url": "https://graph.facebook.com/v2.6/000000000/activities",
"data": {
"advertiser_id": "2e9ab235-84c0-4b22-8421-xxxxxxxxxxxxx",
"advertiser_tracking_enabled": 1,
"application_tracking_enabled": 1,
"bundle_id": "com.myapp",
"bundle_short_version": "1.7.0",
"event": "CUSTOM_APP_EVENTS",
"custom_events": [
{
"_appVersion": "1.7.0",
"_eventName": "App Launched",
"_logTime": 1476295031,
"fb_currency": "USD"
}
]
},
"headers": {
"user-agent": "Segment.io/1.0",
"content-type": "application/json"
}
},
"header": {
"access-control-allow-origin": "*",
"pragma": "no-cache",
"cache-control": "private, no-cache, no-store, must-revalidate",
"facebook-api-version": "v2.6",
"expires": "Sat, 01 Jan 2000 00:00:00 GMT",
"content-type": "text/javascript; charset=UTF-8",
"x-fb-trace-id": "BH4kXNYDDL+",
"x-fb-rev": "2617769",
"x-fb-debug": "eNcBCpuFfVirTkclVvZ0WeYh60r+2tBIqg6lKPCrWNtGASVULq6jrVwQxqYulMUyCI3ZaBhZRQ64xdxdXOQg2w==",
"date": "Wed, 12 Oct 2016 17:57:24 GMT",
"connection": "close",
"content-length": "16"
},
"status": 200,
"text": "{\"success\":true}"
}
And this one is not recognized as android:
{
"req": {
"method": "POST",
"url": "https://graph.facebook.com/v2.6/000000000000/activities",
"data": {
"advertiser_id": "88697a4d-f658-41d3-84db-xxxxxxxxxx",
"advertiser_tracking_enabled": 1,
"application_tracking_enabled": 1,
"bundle_id": "com.myapp",
"bundle_short_version": "1.7.0",
"event": "CUSTOM_APP_EVENTS",
"custom_events": [
{
"_appVersion": "1.7.0",
"_eventName": "App Launched",
"_logTime": 1476206487,
"fb_currency": "USD"
}
]
},
"headers": {
"user-agent": "Segment.io/1.0",
"content-type": "application/json"
}
},
"header": {
"access-control-allow-origin": "*",
"pragma": "no-cache",
"cache-control": "private, no-cache, no-store, must-revalidate",
"facebook-api-version": "v2.6",
"expires": "Sat, 01 Jan 2000 00:00:00 GMT",
"content-type": "text/javascript; charset=UTF-8",
"x-fb-trace-id": "AqASb9qsUSx",
"x-fb-rev": "2613995",
"x-fb-debug": "aDLUDoC+7vmlVY28UsEtusYgzdkmxK8qVrn4gCo29ovLw9Us27Gh/Iy1163dfTDF5rKg/JWiv3xsfq3hugijlg==",
"date": "Tue, 11 Oct 2016 17:21:37 GMT",
"connection": "close",
"content-length": "16"
},
"status": 200,
"text": "{\"success\":true}"
}
I can't see any interesting changes that that would point to an android platform.
Update
As advised by Ramkumar, I tried posting events with FB sdk and it indeed worked. I'd really like to keep using segment, so keeping this as solution is not possible in my app.
I wonder what's missing from the params that segment sends to FB. Is this because of session_id which is in there when using FB SDK but is absent in segment request? See gist with dump from adb logcat when using FB SDK
From your post, it looks like you are using segment.io to send events to our servers. If you use the FB SDK to send events you will not see this problem - could you please give that a try?