I have read a lot about CORS, preflight etc, I know the problem is related to it, but couldn't figure out, what's going on here.
I'm using VueJs and SpringBoot with Spring Security and jsonwebtoken.
When I make a POST request /login on Postman:
{
"username":"admin",
"password":"password"
}
I got the right response with the expected token:
http 200 with headers:
{
Authorization: Bearer eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiJhZG1pbiIsImV4cCI6MTYwODI5OTIxMn0.9oXFpm9DivR3DNPcBaoc_KgsqNdBJbkFq_oA4pBJbXF2iUwx7_XfBwv-Xcn-da9LS9M5zxd8oRslr_wdVyoQkA,
X-Content-Type-Options:nosniff
X-XSS-Protection:1; mode=block
Cache-Control:no-cache, no-store, max-age=0, must-revalidate
Pragma:no-cache
Expires:0
X-Frame-Options:DENY
Content-Length:0
}
However, when the front-End calls the service I got the following answer with the wrong header, there is no token:
http 200 with headers
{
cache-control: "no-cache, no-store, max-age=0, must-revalidate",
content-length: "0", expires: "0", pragma: "no-cache"
}
When I open the browser with security disabled it works fine as well, I got the expected token on the header...
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --user-data-dir="C://Chrome dev session" --disable-web-security
So it seems to be related to Cors indeed, but I don't get any Cors error message!
I used fiddler to track the requests and responses and I notice that the option method is happening, So my first question is, should the options response go up to the front-end? as far as I know the options stay within the browser boundary and then the browser makes the post request (if the server allowed).
Options Request:
OPTIONS http://ec2-52-4-252-232.compute-1.amazonaws.com:9090/login HTTP/1.1
Host: ec2-52-4-252-232.compute-1.amazonaws.com:9090
Connection: keep-alive
Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: authorization
Origin: http://s3-sa-east-1.amazonaws.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.66 Safari/537.36
Sec-Fetch-Mode: cors
Referer: http://s3-sa-east-1.amazonaws.com/
Accept-Encoding: gzip, deflate
Accept-Language: pt-BR,pt;q=0.9,en-US;q=0.8,en;q=0.7,es;q=0.6
Options Response:
HTTP/1.1 200
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
Access-Control-Allow-Origin: http://s3-sa-east-1.amazonaws.com
Access-Control-Allow-Methods: POST
Access-Control-Allow-Headers: authorization
Access-Control-Allow-Credentials: true
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Length: 0
Date: Tue, 08 Dec 2020 14:58:56 GMT
Post Request:
POST http://ec2-52-4-252-232.compute-1.amazonaws.com:9090/login HTTP/1.1
Host: ec2-52-4-252-232.compute-1.amazonaws.com:9090
Connection: keep-alive
Content-Length: 42
Accept: application/json, text/plain, */*
Authorization: undefined
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.66 Safari/537.36
Content-Type: application/x-www-form-urlencoded
Origin: http://s3-sa-east-1.amazonaws.com
Referer: http://s3-sa-east-1.amazonaws.com/
Accept-Encoding: gzip, deflate
Accept-Language: pt-BR,pt;q=0.9,en-US;q=0.8,en;q=0.7,es;q=0.6
{
"username":"admin",
"password":"password"
}
Post Response:
HTTP/1.1 200
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
Access-Control-Allow-Origin: http://s3-sa-east-1.amazonaws.com
Access-Control-Allow-Credentials: true
Authorization: Bearer eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiJhZG1pbiIsImV4cCI6MTYwODI5OTUzNn0.0UgsNHd9Aw9Ei5aq-k0y74BlxJ92-j7w-FrryZaDAwzLC1a2OpSH3rXhRWGIul3wqpWLbqJ7icNlM3d590UFWw
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Length: 0
Date: Tue, 08 Dec 2020 14:58:56 GMT
Part of My front-end Code:
login({ commit }, user) {
const cors = require('cors')({
origin: true
});
const qs = require('querystring')
return new Promise((resolve, reject) => {
commit('auth_request')
axios({
url: process.env.VUE_APP_BACKEND_ENDPOINT + '/login', data: user, method: 'POST', headers: { 'Content-Type': 'application/x-www-form-urlencoded'}
})
.then(resp => {
console.log(resp.headers)
const token = resp.headers["authorization"]
localStorage.setItem('token', token)
axios.defaults.headers.common['Authorization'] = token
commit('auth_success', token, user.username)
resolve(resp)
})
.catch(err => {
commit('auth_error')
localStorage.removeItem('token')
reject(err)
})
})
Part of my Back-End Code:
#Configuration
#EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
#Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
httpSecurity
.cors().configurationSource(corsConfigurationSource()).and()
.csrf().disable().authorizeRequests()
.antMatchers("/home").permitAll()
.antMatchers(HttpMethod.POST, "/login").permitAll()
.anyRequest().authenticated()
.and()
// filtra requisições de login
.addFilterBefore(new JWTLoginFilter("/login", authenticationManager()),
UsernamePasswordAuthenticationFilter.class)
// filtra outras requisições para verificar a presença do JWT no header
.addFilterBefore(new JWTAuthenticationFilter(),
UsernamePasswordAuthenticationFilter.class);
}
CorsConfigurationSource corsConfigurationSource() {
CorsConfiguration configuration = new CorsConfiguration();
List<String> allowOrigins = Arrays.asList("*");
configuration.setAllowedOrigins(allowOrigins);
configuration.setAllowedMethods(singletonList("*"));
configuration.setAllowedHeaders(singletonList("*"));
//in case authentication is enabled this flag MUST be set, otherwise CORS requests will fail
//configuration.setAllowCredentials(true);
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
source.registerCorsConfiguration("/**", configuration);
return source;
}
#Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
// cria uma conta default
auth.inMemoryAuthentication()
.withUser("admin")
.password("{noop}password")
.roles("ADMIN");
}
}```
Anyone knows what's going on here ? Why the Post response isn't coming to the front-end ?
I spend many hours but couldn't solve it, so I appreciate any help.
I can reproduce your Postman request with curl:
curl -vv -H "Content-Type: application/x-www-form-urlencoded" http://ec2-52-4-252-232.compute-1.amazonaws.com:9090/login -d '{"username":"admin", "password":"password"}'
Returns a 200 with the Authorization header filled in.
Can you run the frontend code with the Network tab in Developer Tools open and see how the POST request looks?
And possibly right-click and "copy as cURL" and then compare it to the curl request above.
Actually my problem wasn't related to options method as I thought, the problem was that I was missing the Access-Control-Expose-Headers which should also be presented in the headers of server response.
I just set it on my springboot app and it worked fine !
List<String> exposedHeaders = Arrays.asList("Authorization");
configuration.setExposedHeaders(exposedHeaders);
I got the answer from this one: axios response headers missing data when running in vuejs app
I'm trying to implement Etag features to my Spring Boot application, so browsers can update image cache when the server image is changed.
I changed Spring Boot setting via a YAML file:
spring:
jackson:
serialization:
WRITE_DATES_AS_TIMESTAMPS: false
resources:
static-locations: classpath:static/
chain:
strategy:
content:
enabled: true
cache:
cachecontrol:
max-age: 0
must-revalidate: true
no-cache: true
mvc:
static-path-pattern: /resources/**
and added a ShallowEtagHeaderFilter bean:
#Configuration
public class MvcConfig implements WebMvcConfigurer {
#Bean
public ShallowEtagHeaderFilter shallowEtagHeaderFilter() {
return new ShallowEtagHeaderFilter();
}
}
The first request & response header:
GET /resources/image/product/list/foo.png HTTP/1.1
Host: localhost:8080
Connection: keep-alive
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.131 Safari/537.36
DNT: 1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9,ko-KR;q=0.8,ko;q=0.7,vi;q=0.6
Cookie: _ga=GA1.1.134751806.1551948465; loginFlag=undefined; branchId=admin
HTTP/1.1 200
Last-Modified: Wed, 08 May 2019 05:17:32 GMT
Cache-Control: no-cache, must-revalidate
Accept-Ranges: bytes
ETag: "0b99ccc3070d4e65cd155b768a56f97e4"
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Frame-Options: DENY
Content-Type: image/png
Content-Length: 101070
Date: Fri, 10 May 2019 08:03:37 GMT
Second request & response header without changing the static file:
GET /resources/image/product/list/foo.png HTTP/1.1
Host: localhost:8080
Connection: keep-alive
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.131 Safari/537.36
DNT: 1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9,ko-KR;q=0.8,ko;q=0.7,vi;q=0.6
Cookie: _ga=GA1.1.134751806.1551948465; loginFlag=undefined; branchId=admin
If-None-Match: "0b99ccc3070d4e65cd155b768a56f97e4"
If-Modified-Since: Wed, 08 May 2019 05:17:32 GMT
HTTP/1.1 304
Last-Modified: Wed, 08 May 2019 05:17:32 GMT
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Frame-Options: DENY
Date: Fri, 10 May 2019 08:05:32 GMT
For the third, I stopped the localhost server, overwrote foo.png with the other file, rebuilt the project and run server. I expected the request should return the changed image file, but the status was 304 with the same image as before:
GET /resources/image/product/list/foo.png HTTP/1.1
Host: localhost:8080
Connection: keep-alive
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.131 Safari/537.36
DNT: 1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9,ko-KR;q=0.8,ko;q=0.7,vi;q=0.6
Cookie: _ga=GA1.1.134751806.1551948465; loginFlag=undefined; branchId=admin
If-None-Match: "0b99ccc3070d4e65cd155b768a56f97e4"
If-Modified-Since: Wed, 08 May 2019 05:17:32 GMT
HTTP/1.1 304
Last-Modified: Sun, 05 May 2019 19:08:52 GMT
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Frame-Options: DENY
Date: Fri, 10 May 2019 08:09:32 GMT
I'm clueless how to refresh browser's cache when the file is changed. What am I missing?
It seems there was no problem with the settings. Instead of building and running the project via IDE(IntelliJ IDEA), I tried Gradle bootJar and ran the jar file and it worked as intended.
From a web page of domain A, I am firing up an ajax request to domain B in order to get JSON for which basic auth is configured on domain B. I have access to the code on both the domains. I configured the all the required CORS header on domain B (Even made Access-Control-Allow-Origin header value specific and not "*", after reading some stackoverflow) What I am expecting is browser basic auth pop up, But POST request just fails with 401.I can see that server has responded with expected response header for PRE-FLIGHT OPTION request, below the request & response headers of the OPTION & actual POST method call that happens
***OPTION REQUEST***
Host: DOMAIN_B:8085
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:64.0) Gecko/20100101 Firefox/64.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Access-Control-Request-Method: POST
Access-Control-Request-Headers: x-requested-with
Referer: http://DOMAIN_A:2280/app/
Origin: http://DOMAIN_A:2280
Connection: keep-alive
***OPTION RESPONSE***
HTTP/1.1 200 OK
X-Powered-By: Express
Access-Control-Allow-Origin: http://DOMAIN_A:2280
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,HEAD,PUT,PATCH,POST,DELETE
Access-Control-Allow-Headers: Content-Type,Authorization,x-requested-with
Access-Control-Max-Age: 1
Allow: GET,POST
Content-Type: text/html; charset=utf-8
Content-Length: 8
Date: Fri, 04 Jan 2019 12:48:48 GMT
Connection: keep-alive
*** ACTUAL POST REQUEST***
Host: DOMAIN_B:8085
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:64.0) Gecko/20100101 Firefox/64.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://DOMAIN_A:2280/app/
X-Requested-With: XMLHttpRequest
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 105
Origin: http://DOMAIN_A:2280
Connection: keep-alive
*** ACTUAL POST REQUEST***
HTTP/1.1 401 Unauthorized
X-Powered-By: Express
Vary: X-HTTP-Method-Override, Origin
Access-Control-Allow-Origin: http://DOMAIN_A:2280
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: POST,GET,PUT,DELETE
Access-Control-Allow-Headers: Content-Type,Authorization,x-requested-with
Access-Control-Max-Age: 1
WWW-Authenticate: Basic realm=artist
Content-Type: text/plain; charset=utf-8
Content-Length: 12
Date: Fri, 04 Jan 2019 12:48:48 GMT
Connection: keep-alive
So its expected that browser looking at the response of the POST call(401 HTTP code & WWW-Authenticate header) should get prompted to show the native authentication pop up, But it's not doing so. I am not sure what I am doing wrong here. Showing custom form to capture the credential and passing them in "Authorization" header using btoa function is not an option
Appreciate any help, I am ripping my hair apart here!!!
use basic-auth npm plugin
const auth = require('basic-auth');
app.use(function (request, response, next) {
var user = auth(request);
console.log("user => ",user);
if (!user || !user.name || !user.pass) {
response.set('WWW-Authenticate', 'Basic realm="example"');
return response.status(401).send();
}
return next();
});
I used a network sniffer and examined all the requests going out from Firefox when going to http://html5demos.com/geo. According to my Firefox, the geolocation service according to geo.wifi.uri entry is https://www.google.com/loc/json. However I don't see this url in any of the requests.
What am I missing?
I see it in LiveHTTPHeaders:
https://www.google.com/loc/json
POST /loc/json HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:2.0b12pre) Gecko/20110220 Firefox/4.0b12pre
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 42
Content-Type: text/plain; charset=UTF-8
Pragma: no-cache
Cache-Control: no-cache
{"version":"1.1.0","request_address":true}
HTTP/1.1 200 OK
Content-Type: application/json; charset=UTF-8
Content-Encoding: gzip
Date: Mon, 21 Feb 2011 13:34:05 GMT
Expires: Mon, 21 Feb 2011 13:34:05 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Content-Length: 238
Server: GSE
If your wifi interface is enabled, Firefox sends to Google all the wifi signal strength around you in order to locate you (signals strength,mac addresses and locations of all private and public hotspots were captured by Google with their Street View's cars I guess).
Here is the full POST request captured with TcpCatcher (and its SSL mode)
POST /loc/json HTTP/1.1
Host: www.google.com
Content-Length: 4233
Pragma: no-cache
Cache-Control: no-cache
Content-Type: application/json
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.119 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: fr-FR,fr;q=0.8,en-US;q=0.6,en;q=0.4
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
{"access_token":"2:fHl0jGoQDeLFKfUn:sn0HJO00jOQV2334","host":"html5demos.com","radio_type":"unknown","request_address":false,"version":"1.1.0","wifi_towers":[{"age":0,"mac_address":"00-13-10-27-ec-ba","signal_strength":-82,"ssid":"linksys"},{"age":0,"mac_address":"00-14-bf-e2-b6-a3","signal_strength":-101,"ssid":"grepre2"},{"age":0,"mac_address":"00-17-33-9e-4d-a8","signal_strength":-94,"ssid":"NEUF_4DA4"},{"age":0,"mac_address":"00-17-33-cc-b5-10","signal_strength":-69,"ssid":"NEUF_B50C"},{"age":0,"mac_address":"00-17-33-cc-b5-11","signal_strength":-66,"ssid":"Neuf WiFi"},{"age":0,"mac_address":"00-17-33-cc-b5-12","signal_strength":-69,"ssid":"SFR WiFi Public"},{"age":0,"mac_address":"00-1a-2b-0e-66-74","signal_strength":-86,"ssid":"NUMERICABLE-AB1B"},{"age":0,"mac_address":"00-1f-33-47-c0-50","signal_strength":-80,"ssid":"SUPERMAN"},{"age":0,"mac_address":"00-1f-33-e0-1e-1f","signal_strength":-80,"ssid":"NUMERICABLE-5866"},{"age":0,"mac_address":"00-1f-9f-f4-1f-17","signal_strength":-90,"ssid":"\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000"},{"age":0,"mac_address":"02-81-31-a2-c4-98","signal_strength":-71,"ssid":"wifi"},{"age":0,"mac_address":"02-81-31-a2-c4-99","signal_strength":-69},{"age":0,"mac_address":"02-81-31-a2-c4-9a","signal_strength":-68,"ssid":"FreeWifi"},{"age":0,"mac_address":"02-81-31-a2-c4-9b","signal_strength":-69,"ssid":"freephonie"},{"age":0,"mac_address":"06-20-9f-00-3d-24","signal_strength":-82,"ssid":"damiconexion"},{"age":0,"mac_address":"06-20-9f-00-3d-25","signal_strength":-82},{"age":0,"mac_address":"06-20-9f-00-3d-26","signal_strength":-81,"ssid":"FreeWifi"},{"age":0,"mac_address":"06-20-9f-00-3d-27","signal_strength":-82,"ssid":"freephonie"},{"age":0,"mac_address":"26-b7-bb-70-e1-d8","signal_strength":-93,"ssid":"DC_baby"},{"age":0,"mac_address":"26-b7-bb-70-e1-d9","signal_strength":-91},{"age":0,"mac_address":"26-b7-bb-70-e1-da","signal_strength":-89,"ssid":"FreeWifi"},{"age":0,"mac_address":"26-b7-bb-70-e1-db","signal_strength":-94,"ssid":"freephonie"},{"age":0,"mac_address":"26-f8-5c-ec-bc-a4","signal_strength":-80},{"age":0,"mac_address":"26-f8-5c-ec-bc-a5","signal_strength":-80},{"age":0,"mac_address":"26-f8-5c-ec-bc-a6","signal_strength":-81,"ssid":"FreeWifi"},{"age":0,"mac_address":"26-f8-5c-ec-bc-a7","signal_strength":-80,"ssid":"freephonie"},{"age":0,"mac_address":"30-46-9a-43-fc-e5","signal_strength":-84,"ssid":"DartyBox_98DE"},{"age":0,"mac_address":"32-46-9a-43-fc-e6","signal_strength":-84,"ssid":"DartyBox_98DE_WEP"},{"age":0,"mac_address":"4e-0a-94-3d-d6-38","signal_strength":-82,"ssid":"neko"},{"age":0,"mac_address":"4e-0a-94-3d-d6-39","signal_strength":-82},{"age":0,"mac_address":"4e-0a-94-3d-d6-3a","signal_strength":-80,"ssid":"FreeWifi"},{"age":0,"mac_address":"4e-0a-94-3d-d6-3b","signal_strength":-82},{"age":0,"mac_address":"5c-33-8e-eb-6c-c0","signal_strength":-87,"ssid":"Livebox-0510"},{"age":0,"mac_address":"72-f5-aa-cd-b7-e4","signal_strength":-86,"ssid":"Kermazeguen"},{"age":0,"mac_address":"72-f5-aa-cd-b7-e5","signal_strength":-87},{"age":0,"mac_address":"72-f5-aa-cd-b7-e6","signal_strength":-87,"ssid":"FreeWifi"},{"age":0,"mac_address":"72-f5-aa-cd-b7-e7","signal_strength":-88,"ssid":"freephonie"},{"age":0,"mac_address":"76-a6-a6-5a-90-c8","signal_strength":-78,"ssid":"pipiou_wifi"},{"age":0,"mac_address":"76-a6-a6-5a-90-c9","signal_strength":-79},{"age":0,"mac_address":"76-a6-a6-5a-90-ca","signal_strength":-77,"ssid":"FreeWifi"},{"age":0,"mac_address":"76-a6-a6-5a-90-cb","signal_strength":-78},{"age":0,"mac_address":"86-9c-8f-a0-ac-e4","signal_strength":-78,"ssid":"touhere"},{"age":0,"mac_address":"86-9c-8f-a0-ac-e5","signal_strength":-82},{"age":0,"mac_address":"86-9c-8f-a0-ac-e6","signal_strength":-83,"ssid":"FreeWifi"},{"age":0,"mac_address":"86-9c-8f-a0-ac-e7","signal_strength":-82,"ssid":"freephonie"},{"age":0,"mac_address":"c0-3f-0e-b6-9a-37","signal_strength":-64,"ssid":"NUMERICABLE-825A"},{"age":0,"mac_address":"da-0f-67-af-23-10","signal_strength":-71,"ssid":"freeboxtomseb"},{"age":0,"mac_address":"da-0f-67-af-23-11","signal_strength":-70},{"age":0,"mac_address":"da-0f-67-af-23-12","signal_strength":-71,"ssid":"FreeWifi"},{"age":0,"mac_address":"da-0f-67-af-23-13","signal_strength":-71}]}
google json has stop service.
you can call [minigps]: http://www.minigps.net/map.html "click to query" could use google json api, only change the ip to: http://www.minigps.net/minigps/map/google/location
fllow is the http bytes:
URL:http://www.minigps.net/minigps/map/google/location
Request Method:POST
Status Code:200 OK
Request Headersview source
Accept:application/json, text/javascript, */*; q=0.01
Accept-Charset:GBK,utf-8;q=0.7,*;q=0.3
Accept-Encoding:gzip,deflate,sdch
Accept-Language:zh-CN,zh;q=0.8
Connection:keep-alive
Content-Length:191
Content-Type:application/json; charset=UTF-8
Cookie:bdshare_firstime=1356366713546; JSESSIONID=68243935CD3355089CF07A3A22AAB372
Host:www.minigps.net
Origin:http://www.minigps.net
Referer:http://www.minigps.net/map.html
User-Agent:Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.4 (KHTML, like Gecko) Chrome/22.0.1229.94 Safari/537.4
X-Requested-With:XMLHttpRequest
Request Payload
{"version":"1.1.0","host":"maps.google.com","cell_towers": [{"cell_id":"3721","location_area_code":"9779","mobile_country_code":"460","mobile_network_c ode":"0","age":0,"signal_strength":-65}]}
Response Headersview source
Content-Type:application/json
Date:Sat, 12 Jan 2013 06:03:15 GMT
Server:Apache-Coyote/1.1
Transfer-Encoding:chunked
Note: I'm affiliated with minigps.net.