Postman can't reach localhost - proxy

I am in a corporate env so I have to use a proxy to reach servers. This works well in postman and in browsers. What I can't reach is localhost in postman but I can reach localhost in the browser.
I am running Postman for Linux Version 6.0.9. I have tried reaching localhost:9082/rest/myapi.... and 127.0.0.1:9082/rest/myapi with both global proxy and system proxy turned on and with either turned on and with non turned on. In all cases I am not able to reach localhost.
What I get as an response is an error page from the proxy server! Someway the call gets out on the network instead of being kept on my machine.
The postman console:
My request headers are:
Cache-Control →no-cache
Connection →Keep-Alive
Content-Length →986
Content-Type →text/html; charset=utf-8
Pragma →no-cache
Proxy-Connection →Keep-Alive
My response headers are:
cache-control:"no-cache"
pragma:"no-cache"
content-type:"text/html; charset=utf-8"
proxy-connection:"Keep-Alive"
connection:"Keep-Alive"
content-length:"986"
My response body is an html page.
How can I make a call to localhost work with postman?

I was having similar issue with HTTP calls to local ASP.NET Core Web API apps. Changing the proxy settings didn't fix it for me.
Finally fixed it by turning off File > Settings > General > SSL Certificate Verification

I have the same issue. What works for me is:
Open File -> Settings -> Proxy
Then, enable proxy and put 127.0.0.1 : 80, if your web server runs on 80.
In the git thread, they say it is a known issue, so hopefully it will get resolved soon.

I solved this by Turning off System proxy of Postman.
Open File -> Settings -> Proxy
Then Turn off Use System Proxy

#Menuka Ishan Answer is correct. But in mac only if we change the turn off proxy won't work. You need to turn off the SSL Certificate verification also you need to disable.

I found a temporary solution:
In terminal, go to the directory where postman is installed and add:
machine#dev:~/Documents/Postman$ export NO_PROXY=localhost,127.0.0.1
machine#dev:~/Documents/Postman$ ./Postman
This will make calls to localhost work.
I found a similar problem on Windows machines here

The problem mentioned as an issue here. You should just write a simple batch file like this:
set HTTP_PROXY=
set http_proxy=
set HTTPS_PROXY=
set https_proxy=
START %LOCALAPPDATA%\Postman\Update.exe --processStart "Postman.exe"
open a simple text file, save this as a ".bat" file, and just run it!

I also faced the same issue, but the trick was I implemented both the methods that were stated earlier in the stack.
First I turned off the postman proxy as shown in below image.
Click Settings -> Proxy
And then turned off the SSL certificate verification check button.
Click Settings -> General
And then tried to hit my local server and finally it worked.

While attempting to Get https://localhost:5001/WeatherForecast via PostMan while developing a basic .NET Core (3.1) Web API (on Ubuntu Linux)
I got the error:
Could not get any response There was an error connecting to
https://localhost:5001/WeatherForecast.
I didn't notice the actual solution in the things to try at first, but if you check the highlighted text in the image you will see it.
You can see that the option is turned on in PostMan by default:
I turned the SSL Certificate Verification off and tried again and it worked.

If you are under corporate proxy and you are deploying your webapplication in localhost then no need to set proxy configuration like
http://username:password#corporateProxyServer:ServerPort in postman (Global Proxy Configuration).
As the app is deployed in local machine just use the localhost configuration in setting -> Global Proxy Configuration as :
proxy server : 127.0.0.1
port : 8300 (this is the port where the web application is running )

My problem was that i was setting an invalid Header token and it gave me the error
Error: Header name must be a valid HTTP token ["Accept "]
Warning: This request did not get sent completely and might not have all the required system headers
Just check your Headers.

Adding another potential answer to this for people to check after they've tried the other ideas here.
I was able to solve my own problem by checking the Postman console (View -> Show Postman Console) and then examining the error from the request (in my case it was because I had a newline character on an auth token).

In my case, I had to precede the localhost with https://

These steps solved this issue after 1 whole day struggle:
1) HTTP_PROXY= proxy.company.com:port
HTTPS_PROXY=proxy.company.com:port
to user variables, not to System variables. Make sure the the case is all cap.
2) Updating newtwork driver, and turning on Windows Defender......Make sure you don't see no reds in here.

I was not able to make any calls from postman to docker container running Couchbase Server. Very frustrating. Turns out I had proxy setting configured to some aws instance which has been long deleted.
Goto setting and remove the proxy setting and it worked like a charm on localhost/127.0.0.1/mac laptop eno IP addr or 0.0.0.0

In my case, I was using django-tenants and had to add the domain for the tenant in etc/hosts to get it working on localhosts. My entry for 127.0.0.1 now looks like
127.0.0.1 localhost test.localhost

My problem was forgetting to select Environment. From the drop down where you see No Environment in the image, select the name of your environment.

Menuka Ishan's solution above saved my hours of pain! I left the Global Proxy Configuration switched ON and changed the Proxy Server to 127.0.0.1. Switched OFF the Use System Proxy. I already had the entry 127.0.0.1 localhost in my hosts file under the path C:\Windows\System32\drivers\etc.

If you have active proxy in your system then make sure Global Proxy Configuration and Use System Proxy are turned off. To do this go to Postman preferences > Proxy. You can also try sending a request in postman without typing localhost (e.g. :8080/send)

i think i also found a perfect fix.
First you turn on global proxy configurations, add your local machine Ip which is 127.0.0.1,then also add localhost in the bypass.
Also turn off SSL verification.
It worked for me

This worked for me, i dissable the parrameter host in the header.
HOST Disabled

If anyone is looking for a solution to WooCommerce local install, here are the steps to make this work:
Go to Wordpress Admin > WooCommerce > Settings > Advanced
Create new API key, give it a name
Copy the Consumer Key & Consumer Secret to
your text editor
Open Postman
Create new connection Set the URL for
testing (GET) : http://mylocalsite/wp-json/wc/v3/orders (change
"mylocalsite" to yours)
Click on Authorization tab
Now here is the main change: Although in WC Rest docs, it says to use the "Basic Auth" - IT WILL NOT WORK. Since usually your localhost is HTTP
and not HTTPS. So "Basic Auth" is not relevant in our case.
You will need to change the Authorization to OAuth 1.0
Set Consumer Key & Consumer Secret respectively as it shows in Woocommerce
Click "Send" - it should work now
If still you have problems, try one by one the following:
File > Settings > Turn off SSL Verification
File > Settings > Turn off "Automatically follow redirects"

Related

XAMPP: your connection is not private NET::ERR_CERT_AUTHORITY_INVALID

I'm working in a virtual server on my 64bits windows 7 machine, and a few weeks this error start to appear on google chrome:
XAMPP: your connection is not private NET::ERR_CERT_AUTHORITY_INVALID
I've migrated to Opera to continue developing on my virtualhost, but today this error started to appear on Opera too.
i've searched on web and only answer i've had is:
Browsers are not accepting auto assigned certify anymore...
Anyone know how to bypass this validation on xampp virtualserver?
Just an update. In Chrome and Vivaldi insert chrome://flags/#allow-insecure-localhost into the address bar and then enable "Allow invalid certificates for resources loaded from localhost." Even changing the domain from example.dev to example.test didn't work until I changed the above setting in the browser.
I could fix a similiar issue by using a different host name. I used "website.dev" an got these error in Chrome 63 on Windows7. After changing the C:\Windows\System32\drivers\etc\hosts to "website.test" and the "httpd-vhosts.conf" accordingly, it works.
I had a same issue over my practicing laravel Vhost.
I changed "div" to "test" and typed "website.test" at the address bar, then it failed with the error, "ERR_CERT_AUTHORITY_INVALID". But if I typed "http://website.test" instead of the one I previously did, it worked. Since then it keeps working without "http://". So I think you need to remind windows TCP/IP hosts that your new host name needs a new mapping set.
You just need to change https:// to http://
Good luck, it worked for me
yes,the virtual host is only worked on browser without doing this: chrome://flags/#allow-insecure-localhost into the address bar and then enable "Allow invalid certificates for resources loaded.
Just change this:
changing the domain from example.dev to example.test.
and your virtual host gonna be work.the result is here in the below
I just changed the domain name from WEBSITE_NAME.dev to WEBSITE_NAME.test and it worked like a charm without me having to write "https://". Didn't had to enable insecure-host flag in chrome. It still shows "Not Secure" in the address bar, but works fine in displaying the website.

WordPress Website shows 403 error when accessing wp-admin/ajax.php page from front end

I am running a WordPress on an Azure Web app connecting to a MySQL server on a different Windows server. When loading the mentioned page in Chrome, it shows 2 popups 403 & Forbidden. Checking the console throws this error - ecbcc.js:2 POST /wp-admin/admin-ajax.php 403 (Forbidden)
This works fine on FireFox & IE but not on Chrome. Any ideas why?
This is because of your cache. Minified version of JS is causing the issue in chrome browser. Check or purge the cache and check for the permissions applied to cached files as well.
I faced the same issue but it took a long time for me to fix it. Because my solution was not caused by common things like cache, .htaccess, files permissions, etc. I apply all the possible solutions as described here. When nothing worked for me, then I talked with my hosting provider and the issue was on their side. Actually, the server has black-listed my IP.
Below is the reply from the support of my hosting provider:
After checking it, it looks like the issue is caused by trigger
ModSecurity rules.
ModSecurity is an Apache module that works as a web application
firewall. It blocks known exploits and provides protection from a
range of attacks against web applications. However, sometimes,
mod_security may incorrectly determine that a certain request is
malicious, while it is actually legitimate. In such a situation, we
can whitelist the triggered mod_security rule on the server, so that
you can bypass the block.
In order to properly investigate, we need you to share your IP address
with us. You can copy it from here: https://ip.web-hosting.com/
Looking forward to your response.
This error can appear for more than one reason. Except for the accepted answer, if you are using a shared hosting solution as a server then it would be best to contact the support of the service. Also if you use Plesk or Cpanel you can check the server logs to see if there is any false positive rule that from mod_security that catches the error. Then you can find the error that could look something like that:
ModSecurity: Warning. Match of "test file" against "REQUEST_FILENAME" required. [file "/etc/httpd/conf/modsecurity.d/rules/custom/006_i360_4_custom.conf"] [line "264"] [id "77140992"]
You can apply the ID on your firewall exclusion list (if this is provided by your hosting service) and then the server will not block the request anymore.
IMPORTANT: If you are not sure what you are doing, ask your hosting provider for support. Experimenting on live servers/sites is not the best option and I would strongly recommend avoiding it.

Fail to create cookies while using ngrok with header rewrite

I use docker as my local dev environment and use the dinghy-http-proxy which adds a new TLD .docker to map request to a nginx-proxy container.
My websites are typically reached through an URL like http://devel.domain.com.docker.
I want to use ngrok to develop locally while accessing remote webhooks.
I successfully launched ngrok with the command:
ngrok http -host-header=rewrite devel.domain.com.docker 80
I can access the login form of my web application through the address http://randomsubdomain.ngrok.io.
However, I can't log in because it looks like the cookie session can't be set.
Indeed, cookies sessions are tried to be set for the domain devel.domain.com.docker but as we use randomsubdomain.ngrok.io in the browser they are blocked for security reasons.
How can I bypass this problem? Am I missing something in my configuration? Is ngrok the right tool for what I want to achieve?
Asked directly to ngrok.io support and got this answer:
No, you're not missing anything, that's just an unfortunate side effect of rewriting the host header. Host header rewriting only works for some applications because of complications like this (and others that involve javascript and cross-origin, etc). If possible, it's always much better to reconfigure your website to accept the ngrok.io host header.
However, I found a solution by checking if the request contains in the header x-original-host the domain ngrok.io, and then I alter the session mechanism (in PHP session_set_cookie_params) to use the x-original-host domain instead.
As mperrin said you have to alter php cookie session mechanism.
Reading from session_set_cookie_params:
Set cookie parameters defined in the php.ini file.
The effect of this function only lasts for the duration of the script.
Thus, you need to call session_set_cookie_params() for every request
and before session_start() is called.
The most important argument is $domain and to make ngrok work equally decent you can also use before session_start() the command ini_set() (see ini_set): ini_set('session.cookie_domain', 'xxx.ngrok.io');
It also took me hours to resolve for my custom hosting php platform but I knew that my auth subsystem should work under a valid hostname apart from localhost so I focused in how the cookies are set from my code.
Such kind of php environment settings should be set early by any decent php framework and that was one of my primary goals when I started building it (in my case I only have to change the value in a json text file at the server).

How to Proxy auth on PhantomJS (proxy script)

I go throught the intranet/internet using proxy auth.
I'm not familiar with automation throught a proxy or proxys, in IExplorer we set up the proxy on LAN settings in "Use automatic configuration script" with something like:
http://some-url/url/file.proxy
Uncheck "Automatically detect settings" and we don't set any in the "Proxy Server" section.
So we can go "out" (internet/intranet).I have a username/password so everytime I just open a new IE instance, I got a prompt for them. How should I set this values on PhantomJS to get access to the network/internet ? I jus can't make it work, everytime I try to get a screenshot from anypage I got a webpage screenshot related to the proxy auth.
I've tried set the full/script.proxy url in the proxy prop and username/password but didn't work. Hope someone can provide an example for my understanding. Also I'll appreaciate some resources/good-to-read articles.
Got it.
I take a look to the script I just mentioned in my question, and just got the proxy (ip:port) needed in phantomJS.
Basically the script do some decisions about what proxy to use based on the requested url and return the proxy ip.
So the PhantomJS docs it's preety straightforward, I wasn't understanding how my proxy was set (by script),if it's your case, you can copy/paste the script url into your browser so you can analyze it and retrieve the information you need to setup phantomJs
he code in the proxy script is kind of easy to read (if you have any programming experiencie).

Firefox Websocket security issue

We have a websocket server on port 8080 setup on a Linode box. Chrome and Opera work just fine. Firefox however complains that the operation is insecure.
"The operation is insecure: Code 18"
If I try to create a new WebSocket object in the web console before the page is loaded everything is fine. However, after the page loads something is screwy then I cannot create the object anymore. See the attached screenshot.
I have no idea what operation is insecure or even how to go about diagnosing this.
As you point out in another answer, https:// to ws:// is disallowed by default on firefox.
Going to firefox's about:config and toggling network.websocket.allowInsecureFromHTTPS will get rid of the SecurityError.
I fixed this. The app itself is under SSL but the websocket being accessed is not. Chrome and Opera don't care but Firefox does. According to:
https://bugzilla.mozilla.org/show_bug.cgi?id=303952
This is known and is not considered a bug. Mozilla's response: wontfix
Solution, put websocket server under SSL and use wss://
This is a hunch based off limited info, and I probably should put this into a comment, but I don't have enough reputation points to do that yet.
Looking at your log, it seems as if 24 seconds are passing from the receipt of [object Websocket] (time 17:46:36.683) until you get The connection to ws://.....(time 17:47:00:952) error message.The long delay leads me to believe that the server could be timing out and closing the websocket connection. Look at this answer for a potential solution.
Had the same problem and attempted to fix by changing network.websocket.allowInsecureFromHTTPS in about:config which did not work.
Ended up finding this post => Unhandled Rejection (SecurityError): The operation is insecure. On a fresh create-react-app project
Changing this in index.js ended up working for me
serviceWorker.register();
//serviceWorker.unregister();
Open "about:config" url in firefox. Search for allowInsecureFromHTTPS and set it to true
Beside secure ssl context and cross-origin policies, assigning some port can trigger the error as well.
What are valid http ports for Firefox? I don't know precisely, but have to be between 1500 and 64000, or the console will display:
SecurityError: The operation is insecure.
And http links will say:
This address is restricted
This address uses a network port which is normally used for purposes other than Web browsing.
Firefox has canceled the request for your protection.

Resources