I am trying to generate grafana dashboard by calling the spring REST API using simple-json-datasource.
Implemented all required APIs (/, /search, /query) for enabling simple-json-datasource and maintained the contract as expected by grafana simple-json-datasource.
Also, added the CORS as part of response header and even enabled the CORS for the request API by adding the #CrossOrigin at ****#RestController**.
When i test the APIs, i am getting following header information in the response of the call
{
“access-control-allow-headers”: “Content-Type, Accept”,
“access-control-allow-methods”: “POST, GET”,
“access-control-allow-origin”: “*”,
“connection”: “keep-alive”,
“content-type”: “application/json”,
“date”: “Thu, 14 May 2020 16:51:18 GMT”,
“keep-alive”: “timeout=60”,
“transfer-encoding”: “chunked”,
“vary”: “Origin, Access-Control-Request-Method, Access-Control-Request-Headers”
}
But while creating the datasource by pointing to /, i was getting the below error
Access to XMLHttpRequest at ‘http://localhost:8888/streams/api/’ from origin ‘http://localhost:3000’ has been blocked by CORS policy: The ‘Access-Control-Allow-Origin’ header contains multiple values ‘*, *’, but only one is allowed.
Input request for the API call is : curl -X GET --header ‘Accept: application/json’ ‘http://localhost:8888/streams/api/’
Any clue?
To make the integration working, we referred one of the sample API application provided, https://github.com/bergquist/fake-simple-json-datasource (fake-simple-json-datasource). APIs has to follow below protocols,
API / is of type GET, while /search, /query and /annotations are of method types POST
/ API is used for creating the datasource in Grafana
/search API has no input, but the response of this API will be used as a one of the input to /query
/query API, as different response structures depending upon the type of matric selected in dashboard
APIs has to be enabled CORS with origins and allowedHeaders
The response of the API has to have header details
Headers should have access-control-allow-methods, access-control-allow-headers and set to POST and accept, content-type respectively. These two properties are mandatory for the response header
Related
I have been struggling with setting up AWS API Gateway to pass Query string parameters to my Lambda function.
If I set to API to use Lambda proxy integration, I get a CORS error at the Web client
[index.html:1 Access to XMLHttpRequest at 'https://g2kza1o79f.execute-api.eu-west-2.amazonaws.com/prod/gettest8' from origin 'null' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.]
( - even when I have set the API with CORS enabled.
If I set the API to not use Lambda proxy integration, and CORS enabled, the API call works (no CORS error), but the event object received in my Lambda function is empty( hence no query string parameters).
In both cases I am using the GET method.
I can see in the Method Response Header the Access-Control-Allow-Origin option is present, but cannot access the Integration Response
Question: How can I set-up my API to pass query string parameters through to my Lambda function without getting the CORS error? I will also be wanting to set up APIs for POST requests to other Lambda functions.
I believe it is related to First Enable CORS Then Deploy API.
A good thread could be found here.
API Gateway CORS: no 'Access-Control-Allow-Origin' header
When i send Authorization Header from rest client(postman), also from browser, to back end springboot(2.0.3v) AuthorizationService (without API Gateway), the 'Authorization' Header will be exists and every flow works fine.
But when i send the same Header through API Gateway, The 'Authorization' Header will be missed. This header will be present in all filters of API Gate way. But it will be missed in backend(AuthorizationService)'s filter.
Kindly help what might be cause? any filter is intercepting to avoid Authorization Header? I have also registered CORS Filter with Access-Control-Allow-Origin to "" and Access-Control-Allow-Headers to "".
API gateway has a lambda proxy integrated when you are integrating lambda function with it, if ur wrapping a http url to it, you need to pass the header in Method integration section and also enable CORS by clicking on resource and manually adding the headers with custom name and enabling cors might help.
I'm currently developing grafana plugin using Angular-1 and ES6, retrieving data from REST API and representing them in grafana. The problem is that as far as grafana plugin is working within the browser, it sends ajax calls to our REST API and they are blocked:
No 'Access-Control-Allow-Origin' header is present on the requested resource. The response had HTTP status code 401.
We were required to solve this issue without adding that header on the REST API side. One simple solution was to use corsproxy.
But I'm curios to know whether there is some other way to use REST API within grafana. If I set up some datasource to my plugin, will it work as a kind of backend or my calls to REST API will still be AJAX calls?
I have never used Jmeter before. I have been trying to use Jmeter to send an HTTP request to Google Vision API - but it's returning a FORBIDDEN (403) error. My request as well as required response is in JSON format.
I have attached below the:
a) HTTP Request
b) Response Error
Other than this, in HTTP Header Manager I have set:
Content-Type: application/json
What is wrong with the attached request?
Request image..
Response error image
According to Authenticating to the Cloud Vision API article you might require to provide OAuth token, it can be done via HTTP Header Manager like:
Name: Authorization
Value: Bearer YOUR_ACCESS_TOKEN
See How to Run Performance Tests on OAuth Secured Apps with JMeter article for more details on interacting with OAuth-protected web applications in JMeter tests.
I want to customise OAuth Endpoint URI's.
I want to sent parameters in post body instead of query params.
now my request is like -
example.com/oauth/token?grant_type=password&client_id={CLIENT_ID}&client_secret={CLIENT_SECRET}&username={USERNAME}&password={PASSWORD}
But I want it like this.
example.com/oauth/token
Request body -
{
grant_type=password,
client_id={CLIENT_ID},
client_secret={CLIENT_SECRET},
username={USERNAME},
password={PASSWORD}
}
How should I do it?
The token endpoint of a properly-implemented authorization server does NOT accept GET requests because RFC 6749, "3.2. Token Endpoint" says as follows:
The client MUST use the HTTP "POST" method when making access token requests.
So, your authorization server's token endpoint should reject GET requests.
RFC 6749, "4.3. Resource Owner Password Credentials Grant" says that request parameters of a token request using Resource Owner Password Credentials flow should be embedded in the request body in the format of "application/x-www-form-urlencoded". The following is an excerpt from "4.3.2. Access Token Request".
POST /token HTTP/1.1
Host: server.example.com
Authorization: Basic czZCaGRSa3F0MzpnWDFmQmF0M2JW
Content-Type: application/x-www-form-urlencoded
grant_type=password&username=johndoe&password=A3ddj3w
Therefore, you don't have to customize your authorization server. If the server is implemented correctly, its token endpoint accepts POST requests.
The token endpoint created by spring-oauth2 already deals with POST as well.
It would be hard to customize it to accept a JSON request body, because the TokenEndpoint class expects all the params as #RequestParam params.
However, if your concern is about security (as HTTPs does not secure query parameters) you indeed can send the request parameters through post. It is just a matter of sending the request in the form "form-data" or "x-www-form-urlencoded". These are 2 ways of sending arbitrary key-value parameters in the request body, in a way that appears to the server as they are regular request parameters. So it is a matter of making your client using this.
Also, note that in spring-oauth2 it is possible to disable the GET endpoint, this way forcing your clients to use POST with one of the ways above.