How to submit a page in Oracle Apex using curl - oracle

I have a login page in an Oracle Apex application that works fine with a normal web browser like chrome. However when i try to perform the same operation using CURL (command-line browser), a HTTP 404 error is returned:
Request:
curl -i -d "P9999_USERNAME=MOIZ&P9999_PASSWORD=xxxx" -X POST http://localhost:8080/apex/f?p=101:9999:0:
Response:
HTTP/1.1 404 Not found
Server: Oracle XML DB/Oracle Database
Content-Type: text/html
Transfer-Encoding: chunked
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<HTML><HEAD>
<TITLE>404 Not found</TITLE>
</HEAD><BODY><H1>Not found</H1>
The requested URL /apex/f was not found on this server</BODY></HTML>
Using a normal browser, there are two sever request: one GET and one POST. However when using curl i am just making a single POST request.
Is that difference the cause of problem?
Is it possible to POST apex page without calling GET?
If yes then whether this solution will also work for file uploads?

Based on the post Python web scraping with BS using correct url? I was able to get answer to my above questions. [although this post uses python's requests and BeautifulSoup libraries for demonstration purpose, I think with some shell/windows scripting it may also be achievable with curl too]
Is that difference the cause of problem?
For POST request in APEX, we need to first perform a GET request as APEX expects the following hidden items to be sent as a payload of POST request
p_flow_id # application id
p_flow_step_id # page id
p_instance # session id
p_page_submission_id # page submission id
p_request # request
p_md5_checksum # md5 checksum
p_page_checksum # page checksum
p_arg_names # list of arguments
In addition, you may also need to add your page specific input items. For example,
p_t01 # username
p_t02 # password
Is it possible to POST apex page without calling GET?
For reasons mentioned in above answer, GET request will be required before POST request can be performed.

Related

Jmeter file upload using PUT not working

I am trying to upload a file using the PUT method, which is not including the file in the request. I have followed the other example POST methods, but considering PUT does not allow multipart to be checked, that might be the issue.
I am also using:
* httpClient4
* jmeter 3.3
screenshot : https://www.evernote.com/shard/s126/sh/b4ebf947-c7e4-4e0a-9ebf-8e42a5f5d082/6813671cb2ab7419
Request data:
PUT http://myurl----here/app_path/test__16525587b4361f339ca33a9cdf0e9201d90e76dc__1676871c-71b8-488a-9750-29554a4be722
PUT data:
[no cookies]
Request Headers:
Connection: close
Content-Type: application/octet-stream
Content-Length: 0
Host: int-cloudstore-perf.svc.netspot.com.au
User-Agent: Apache-HttpClient/4.5.3 (Java/9.0.1)
Your test does't seem to be sending anything as your Put data should not be blank.
I would recommend to remove data from the Parameter Name section of the "Files Upload" tab of the HTTP Request sampler as PUT method is different and it doesn't assume submitting an HTML form and most probably your request will start working as expected (at least it will send data to the server)
Just in case check out Testing REST API File Uploads in JMeter article

error with submitting page using curl..in shell script

using below command in shell script:
DATE="2017/04/18"
curl --data "transactionNumber=12520264&traceNumber=466245&serviceDate=${DATE}" http://isp:7005/ClaimUtility/claimReversal
Getting below response:AS ERROR
<p><b>message</b> <u>Request method 'POST' not supported</u></p>
<p><b>description</b> <u>The specified HTTP method is not allowed for the requested resource (Request method 'POST' not supported).</u></p>
what should be the correction required??
This means that the endpoint you're trying to post to http://isp:7005/ClaimUtility/claimReversal does not support POST requests.
You can try using GET and the content will be encoded as application/x-www-form-urlencoded on the url as query params.
Agree with John Weldon
endpoint you're trying to post to http://isp:7005/ClaimUtility/claimReversal does not support POST requests.
So i have corrected the URL which is supporting POST form
ie.http://isp:7005/ClaimUtility/claimReversalReversal

Jmeter: 302 Moved Temporarily

I was trying to issue a https request through jmeter and observed am getting below response.
<html><head><title>302 Moved Temporarily</title></head>
<body bgcolor="#FFFFFF">
<p>This document you requested has moved temporarily.</p>
And it seems the actual url redirecting to different url which is getting the Response Code 200 which is OK. [The first urls response code is 302]
Also I have given an assertion for the page being loaded, but still that assertion fails [when I saw the response data in HTML format, observed that the respective page is not loaded]
Any help in resolving this issue would be a great help.
Looking at: http://jmeter.apache.org/usermanual/component_reference.html#Response_Assertion
If you chose "Main sample and sub samples" it will include the responses from the redirects. So for example if you're searching for "string" it will also include the response from the redirected page.

XMLHTTP / HTTPRequest returning 404 response on custom error page requests

I have a program that uses an XMLHTTPRequest to gather contents from another web page.
Problem is, that web page has cloaking custom errors set-up (ie. /thisurl doesn't literally exist as a file on their web server, it is being generated by the custom 404 error file.), so its not returning the page it shows in the browser, instead its showing its default 404 error response from that custom error page, in my HTTPRequest response.
By using this website http://web-sniffer.net/ I have narrowed down what the problem may be, but I don't know how to fix it.
Web-sniffer has 3 different versions to submit the request:
HTTP version: HTTP/1.1
HTTP/1.0 (with Host header)
HTTP/1.0 (without Host header)`
When I use HTTP/1.1 or HTTP/1.0 (with Host header) I get the correct response (html) from the page. But when I use HTTP/1.0 (without Host header) it does not return the content, instead it returns a 404 error script (showing the custom error page).
So I have concluded that the problem may be due to the Host header not being present in the request.
But I am using MSXML2.XMLHTTP.3.0 and haven't been able to read the page using HTTP/1.1 or HTTP/1.0 (with Host header). The code looks like this:
Set objXML = Server.CreateObject("MSXML2.XMLHTTP.3.0")
objXML.Open "GET", URL, False
objXML.setRequestHeader "Host", MyDomain '< Doesnt work with or w/out this line
objXML.Send
Even after adding a Host header to the request, I still get the template of the 404 error returned by that custom error script in my response, the same as HTTP/1.0 (without Host Header) option on that web-sniffer site. This should be returning 200 OK like it does on the first two options on web-sniffer, and like in a web browser.
So I guess my question is, what is that website (web-sniffer.net) able to get the proper response with their first two HTTP version options, so I can emulate this in my app. I want to get the right page, but its only returning the 404 error from their 404 error template.
In response to an answerer, I have provided screen shots from 2 seperate cUrl requests below, one from each one of my servers.
I executed the same cURL command, same url (that points to a site on the main host), which is cURL -v -I www.site.com/cloakedfile . But looks like its not working on the main server, where it needs to be. It can't be a self-residing issue, because from secondary to secondary it works fine, these are both identical applications/sites, just different ip's/host names. It appears to be an internal issue, that may not be about the application side of things.
I dont have any idea bout MSXML2.XMLHTTP.3.0. But from you problem statement i understand that the issues is certainly due to some HTTP header field that is wrongly set or missed out in your request.
By default HTTP 1.1 clients set Host header. For example if you are connecting to google.com then the request will look like this
GET / HTTP/1.1
Host: google.com
The "Host" header should have the domain name of the server in which the requested resource is residing. Severs that has virtual hosting will get confused if "Host:" header is not present. This is what happens with groups.yahoo.com if you havent specified Host header
$ nc groups.yahoo.com 80
GET / HTTP/1.1
HTTP/1.1 400 Host Header Required
Date: Fri, 06 Dec 2013 05:40:26 GMT
Connection: close
Via: http/1.1 r08.ycpi.inc.yahoo.net (ApacheTrafficServer/4.0.2 [c s f ])
Server: ATS/4.0.2
Cache-Control: no-store
Content-Type: text/html; charset=utf-8
Content-Language: en
Content-Length: 447
And this should be the same issue you are facing with. And also make sure that you are sending the domain name of the server from which you are trying to fetch the resource. And the Host header should have a colon ":" to delimit the value like "Host: www.example.com".

Serving content depending on http accept header - caching problems?

I'm developing an application which is supposed to serve different content for "normal" browser requests and AJAX requests for the same URL requested.
(in fact, encapsulate the response HTML in JSON object if the request is AJAX).
For this purpose, I'm detecting an AJAX request on the server side, and processing the response appropriately, see the pseudocode below:
function process_response(request, response)
{
if request.is_ajax
{
response.headers['Content-Type'] = 'application/json';
response.headers['Cache-Control'] = 'no-cache';
response.content = JSON( some_data... )
}
}
The problem is that when the first AJAX request to the currently viewed URL is made strange things happens on Google Chrome - if, right after the response comes and is processed via JavaScript, user clicks some link (static, which redirects to other page) and then clicks back button in the browser, he sees the returned JSON code instead of the rendered website (logging the server I can say that no request is made). It seems for me that Chrome stores the latest request response for the specific URL, and doesn't take into account that it has different content-type etc.
Is that a bug in the Chrome or am I misusing HTTP protocol ?
--- update 12 11 2012, 12:38 UTC
following PatrikAkerstrand answer, I've found following Chrome bug: http://code.google.com/p/chromium/issues/detail?id=94369
any ideas how to avoid this behaviour?
You should also include a Vary-header:
response.headers['Vary'] = 'Content-Type'
Vary is a standard way to control caching context in content negotiation. Unfortunately it has also buggy implementations in some browsers, see Browser cache vary broken.
I would suggest using unique URLs.
Depending of you framework capabilities you can redirect (302) the browser to URL + .html to force response format and make cache key unique within browser session. Then for AJAX requests you can still keep suffix-less URL. Alternatively you may suffix AJAX URL with .json instead .
Another options are: prefixing AJAX requests with /api or adding some cache boosting query params ?rand=1234.
Setting cache-control to no-store made it in my case, while no-cache didn't. This may have unwanted side effects though.
no-store: The response may not be stored in any cache. Although other directives may be set, this alone is the only directive you need in preventing cached responses on modern browsers.
Source: Mozilla Developer Network - HTTP Cache-Control

Resources