Laravel/Nginx - Customize Header request - laravel

I have simple laravel project. I recive data from GET url. Datas is sending from small device and i need set small/short header response for him. It's very important for optimization.
In laravel i don't use view, only Controller function.
Below is my full response:
Cache-Control: no-cache, private
Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html; charset=UTF-8
Date: Wed, 03 Oct 2018 06:58:24 GMT
Server: nginx/1.14.0 (Ubuntu)
Set-Cookie: XSRF-TOKEN=eyJpdiI6IkpZNEllbGt0YmtsVll6ajdCSVkrNHc9PSIsInZhbHVlIjoiOFhOakxDNUVka0tIRFwvTHdidXRwdjRHMWlFeEl5QzJIcUQ4VTJXTmkzXC9VZm5rRzI3ZjI3S2N2SEZ5aE1jVEluIiwibWFjIjoiNDkwMDU2MmI3NzdkMjA2MmVkNmUyMWZkMWNhN2YzNDA3ZDZlOGMwYzIyMDU1N2Q5ZjdlYzcxODg0NDJjZTkzZiJ9; expires=Wed, 03-Oct-2018 08:58:24 GMT; Max-Age=7200; path=/
Set-Cookie: laravel_session=eyJpdiI6ImpYZG5ZNk1yWnNQb1Y1RlRSOWQ3aUE9PSIsInZhbHVlIjoieW8ySFwvQWsySG1pSEFabGZRNkR5U0t5TUhSQzZsN3lFbG1zT29TSFdhdnFVQTczVWxSWXZsZnVPR216a2N3cE8iLCJtYWMiOiIyYmI3M2Q2YWUxMDAzOTYwNjRlOWMwYWVlZGRmMWI5NWY4N2EyNGQwZTVmODRkMThhOTQ0MGIzYzVlNGI0MWNjIn0%3D; expires=Wed, 03-Oct-2018 08:58:24 GMT; Max-Age=7200; path=/; httponly
Transfer-Encoding: chunked
What is the best solution? I use laravel 5.7, first i would like remove "Set-Cookie:" from one view only .

Related

golang http client returning wrong content type

I have a very simple Go program that performs HTTP HEAD on a URL, and prints the content-type of the response:
package main
import (
"fmt"
"net/http"
)
func main() {
resp, _ := http.Head("https://jira.softwareplant.com/servicedesk/customer/portal/1/")
fmt.Println(resp.Header.Get("Content-Type"))
}
When I run it, it returns the following:
$ go run url.go
application/octet-stream;charset=UTF-8
However, when I do the same using curl, it returns a different content type (both in the original response, and after the redirect):
$ curl -I -L https://jira.softwareplant.com/servicedesk/customer/portal/1/
HTTP/1.1 302
Date: Thu, 11 Jun 2020 18:07:26 GMT
Content-Type: text/html;charset=UTF-8
Connection: keep-alive
X-AREQUESTID: 1207x5410258x1
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Content-Security-Policy: frame-ancestors 'self'
X-ASEN: SEN-L15483924
Set-Cookie: atlassian.xsrf.token=BWV3-4JDO-FP3E-CBA1_b0942d30c14d689f92051e7b2d8467e0a0ce2129_lout; Path=/; Secure
Set-Cookie: JSESSIONID=8FE57CA54FEC626F0521327DCBA1D3DB; Path=/; Secure; HttpOnly
X-ASESSIONID: 18hzbge
X-AUSERNAME: anonymous
Location: /plugins/servlet/desk/portal/1/
HTTP/1.1 302
Date: Thu, 11 Jun 2020 18:07:26 GMT
Content-Type: text/html;charset=UTF-8
Connection: keep-alive
X-AREQUESTID: 1207x5410259x1
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Content-Security-Policy: frame-ancestors 'self'
X-ASEN: SEN-L15483924
Set-Cookie: atlassian.xsrf.token=BWV3-4JDO-FP3E-CBA1_fcd3f481d084e039075ebbce34039870d7cd044d_lout; Path=/; Secure
Set-Cookie: JSESSIONID=7B895577760D8E31F02B818FA8C0E1B2; Path=/; Secure; HttpOnly
X-ASESSIONID: 289ito
X-AUSERNAME: anonymous
Location: /servicedesk/customer/portal/1//user/login?destination=portal%2F1/
HTTP/1.1 200
Date: Thu, 11 Jun 2020 18:07:26 GMT
Content-Type: text/html;charset=UTF-8
Connection: keep-alive
X-AREQUESTID: 1207x5410260x1
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Content-Security-Policy: frame-ancestors 'self'
X-ASEN: SEN-L15483924
Set-Cookie: atlassian.xsrf.token=BWV3-4JDO-FP3E-CBA1_dc371dbc76497b29f1fa939a65dc6dd5b3488e7f_lout; Path=/; Secure
Set-Cookie: JSESSIONID=E17E2F0C4B7CA5C9ADDC4BE468A5D459; Path=/; Secure; HttpOnly
X-ASESSIONID: 1byquf1
X-AUSERNAME: anonymous
Cache-Control: no-cache, no-store, no-transform
Am I doing something wrong? Is there a way in Go to get the correct content-type for such URLs?
I am using Golang 1.14.4 on Ubuntu. The above URL is not the only one that has this issue.
If you change the Accept header sent by Go, you will get Content-Type: text/html;charset=UTF-8:
package main
import (
"fmt"
"net/http"
)
func main() {
client := &http.Client{}
req, _ := http.NewRequest("HEAD", "https://jira.softwareplant.com/servicedesk/customer/portal/1/", nil)
req.Header.Set("Accept", "*/*")
resp, _ := client.Do(req)
fmt.Println(resp.Header.Get("Content-Type"))
}

AWS Cloudfront cache MISS with AWSALB cookie

I have a wordpress website with a setup on EC2, ALB, Cloudfront and varnish. On chrome dev toolbar, I got a problem that cloudfront cache always MISS for document/html type but HIT for the static files like js, css, png, etc. I found on the response header (for document type only) there is a cookie (I believe) from ALB like this :
set-cookie: AWSALB=U5AWJwh/v3MaAYRDCdFicDCuiWi9Fy14fiegh0DG2UwTIq5zToBRCrpUO7nqqj2mI5XRcbu9pINYxv0XhmjVC5T2swGCP8RzeAJLrOwy3NLPRB/nJSJD/ng5Iy/0; Expires=Thu, 12 Dec 2019 03:50:07 GMT; Path=/
I tried to solve this on the cloudfront cache behaviour setting, then I set :
Whitelist Cookies: AWSALB=*
After waiting a few minutes to let the cloudfront cache refreshed, I tried to load the website but I still got a response 'MISS' for x-cache. How to solve this problem.
Here is the response and request header for the MISS cache:
General:
Request URL: https://yyy.com/
Request Method: GET
Status Code: 200
Remote Address: zzz:443
Referrer Policy: no-referrer-when-downgrade
Response Header:
accept-ranges: bytes
age: 0
cache-control: max-age=3299, public
content-encoding: gzip
content-length: 39955
content-type: text/html; charset=UTF-8
date: Thu, 05 Dec 2019 01:21:07 GMT
etag: "92d49bdbffc17d570120a667c34465a6"
expires: Thu, 05 Dec 2019 02:16:06 GMT
last-modified: Thu, 05 Dec 2019 01:16:06 GMT
link: <https://yyy.com/wp-json/>; rel="https://api.w.org/"
link: <https://yyy.com/>; rel=shortlink
pragma: public
server: nginx/1.16.1
set-cookie: AWSALB=7zzIXUQ/O9X6+vce8GWOs1x1ES9/nr7r5/Hc06xmWL5GDMVLeaUJututZeBJf7TVIHdbXmOZgAhvYtkQva9y/bFPi2EPdn3j5MqqbSOiPs+qS+9adILQ95csWH+/; Expires=Thu, 12 Dec 2019 01:21:07 GMT; Path=/
status: 200
vary: Accept-Encoding
via: 1.1 varnish, 1.1 f92e2b771ebc524db2f478f72162e565.cloudfront.net (CloudFront)
x-amz-cf-id: EmCMRJ9cQ6zs0N4tvHAEOZxC1l6vYMIqBTA6hTVlqsxuKj275VRNLQ==
x-amz-cf-pop: SIN5-C1
x-cache: Miss from cloudfront
x-varnish: 339894892
Request Header:
:authority: yyy.com
:method: GET
:path: /
:scheme: https
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9,id;q=0.8
cache-control: no-cache
pragma: no-cache
sec-fetch-mode: navigate
sec-fetch-site: none
sec-fetch-user: ?1
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36
and here is the response and request header for the HIT cache:
General:
Request URL: https://yyy.com/wp-content/cache/minify/db66e.css
Request Method: GET
Status Code: 200
Remote Address: zzz:443
Referrer Policy: no-referrer-when-downgrade
Response Header:
accept-ranges: bytes
age: 630787
cache-control: max-age=31536000, public
content-encoding: gzip
content-length: 100500
content-type: text/css; charset=utf-8
date: Wed, 27 Nov 2019 18:08:00 GMT
etag: "pub1574872585;gz"
expires: Thu, 26 Nov 2020 18:07:58 GMT
last-modified: Wed, 27 Nov 2019 16:36:25 GMT
pragma: public
server: nginx/1.16.1
status: 200
vary: Accept-Encoding
via: 1.1 varnish, 1.1 f92e2b771ebc524db2f478f72162e565.cloudfront.net (CloudFront)
x-amz-cf-id: -8otMvG_QhBrVBVH8HD0AuzsTwny_o7QkDuQnZnHHqcmqriLuAw_Lw==
x-amz-cf-pop: SIN5-C1
x-cache: Hit from cloudfront
x-varnish: 1158322228
Request Header:
:authority: yyy.com
:method: GET
:path: /wp-content/cache/minify/db66e.css
:scheme: https
accept: text/css,*/*;q=0.1
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9,id;q=0.8
cache-control: no-cache
cookie: AWSALB=7zzIXUQ/O9X6+vce8GWOs1x1ES9/nr7r5/Hc06xmWL5GDMVLeaUJututZeBJf7TVIHdbXmOZgAhvYtkQva9y/bFPi2EPdn3j5MqqbSOiPs+qS+9adILQ95csWH+/
pragma: no-cache
referer: https://yyy.com/
sec-fetch-mode: no-cors
sec-fetch-site: same-origin
user-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36
Thanks.

format of web api respons is not correct

request is present "accept: application/xml; charset=utf-8" but response content is json
Request:
Connection: Keep-Alive
Accept: application/xml; charset=utf-8
Content-Type: application/xml; charset=utf-8
Response:
HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: application/json; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Mon, 07 Jan 2019 17:11:14 GMT
Content-Length: 31
{"cod":1,"msg":"","data":"100"}
software is developerd with .net framework 4.6.1
I noticed that if I return an anonymous class this will be serialized in json and never in xml.
to solve the problem, just return a non-anomalous calsse and it will be serialized correctly.

Set-cookie not working

I have a svc service running on crm.mch.be. On a specific request it returns a response with this headers:
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With,Content-Type
Access-Control-Allow-Origin: *
Access-Control-Request-Method: GET
Content-Length: 66
Content-Type: application/json; charset=utf-8
Date: Tue, 14 Apr 2015 14:20:56 GMT
Server: Microsoft-IIS/7.5
Set-Cookie: .ASPXAUTH=800196267D28CE...; Path=/; Domain=crm.mch.be
X-Powered-By: ASP.NET
The request is made through an (jQuery) ajax call made from wip.myserver.local.
The problem is the cookie isn't set.
When the ajax call complete I redirect (window.location.href = ...) the user to the website crm.mch.be. But it doesn't have the cookie set.
And prior the redirection, if I list all my browsers cookies, this cookies doesn't exist.
Access-Control-Allow-Origin: *
Isn't good for credentials/cookies http exchanges in browsers.
One have to be more restrictive and specify the domain.
Access-Control-Allow-Origin: wip.myserver.local

mediaelements.js MP3 can not wind

I have a problem with the playback of my MP3 files with mediaelements.js.
In my AJAX request I get my MP3 file and set the audio src.
If I get the real MP3 by URL like:
http://host.com/real/path/tp/mp3
and set this as my audio src the player works well.
Now...
When I request my MP3 through a script which gets the MP3 from my storage folder like this:
$headers = array(
'Content-Type' => File::mime(File::extension($mp3)),
'Content-Length' => filesize($mp3),
'Content-Transfer-Encoding'=>'',
'Cache-Control' => 'must-revalidate, post-check=0, pre-check=0',
);
return Response::make(readfile($mp3), 200, $headers);
The player start to play the MP3 file, but I can't wind it.: (
Response header of the real MP3 path:
HTTP/1.1 200 OK
Date: Tue, 26 Mar 2013 18:47:27 GMT
Server: Apache/2.2.16 (Debian)
Last-Modified: Tue, 26 Mar 2013 14:37:28 GMT
ETag: "8d4b852-7b7342-4d8d4dc53fa00"
Accept-Ranges: bytes
Content-Length: 8090434
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: audio/mpeg
Response header of my Laravel script which sends the MP3:
HTTP/1.1 200 OK
Date: Tue, 26 Mar 2013 19:02:33 GMT
Server: Apache/2.2.16 (Debian)
Content-Length: 6330826
content-transfer-encoding: binary
cache-control: must-revalidate, post-check=0, pre-check=0, private
Set-Cookie: laravel_session=16f4d83c0ce0262a90df3a0229f8b8ba261eaad7%2BDZIBuW8nbRbBMT7Nvu0NGQ9Rfqaiu6SAS 1wGjYse; expires=Tue, 26-Mar-2013 20:02:33 GMT; path=/; httponly
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: audio/mpeg
I had to set the following header:
"Accept-Range" => "bytes"
to work. Problem is fixed now. :)

Resources