I use a loading bar plugin to show user if there is an http request. But sometimes, user clicks for a new route (I use angular's routing) and (I guess) http request automatically aborted by angular. Therefore I can't know I should stop the loading bar.
How can I handle this?
P.S.: I handle all http request in a service file.
Related
I'm trying to call(spring ) rest API which is protected using digest authentication using spring security and trying to access it from the redux front end. I'm getting a 401 response back to the front end, which has the response header WWW-Authenticate: also .. but unfortunately I am not getting the http basic authentication pop in my front end to enter the username and password.
Can someone help me in identifying the possible reasons for this? I'm able to get the http authentication pop up when I hit my rest API directly through the chrome.
Unfortunately, XHR requests do not trigger the auth pop-up. This will only happen if the main request (the html page you are loading or a redirect you make from that page) throws a 401.
The auth screen is also triggered if you load the request in an iframe. However, the credentials provided using the basic auth screen will not be passed on to other XHR requests. If you do use an iframe, you should respond with some sort of cookie and the subsequent XHR request should not need the basic auth screen again
Your options are:
Catch this error in your javascript and ask for the password using some interface you create yourself.
Make the same request in an iframe (or another request that will trigger the same security restriction) and respond with a session cookie upon success, then trigger the XHR.
Make an Login UI and ask for the credentials upfront, as you will need them for the XHR request.
From the client side, I am making an Ajax request of type "delete" using jquery.On the server side, I am doing res.redirect(URL).But instead of redirecting, browser is again making a delete request with URL returned from server side for redirecting.
However, it is not happening for a post request.Everything is OK with post request.
Short version
Ajax is trying to follow the request to it's bitter end to get a successful response (2xx). If you want to delete a resource and send the user to a new web page, you will need to handle that after receiving a success response from your Ajax call.
Full explanation
While redirects are sometimes used after processing a request (such as a successful / failed login) it's not really what they're intended for. Generally you would only redirect the user to get them to the resource their looking for. For example, you might move an endpoint such as POST /blog-post to the new location of POST /blog-article. What you're saying to the requester here is that something used to be where it is, but now they need to make a request elsewhere to find what they're after. This is incredibly important when trying to prevent link rot.
The idea of accepting and processing a request, and then moving the user off to another page is more of a coincidence really. It just happens to work due to how a browser handles URL requests.
I expect your POST request is actually using a form, in this case the browser is following the redirect because it received something like a 301 and is attempting to see a request chain through. However when using Ajax a redirect is being handled by the Ajax call itself, not the entire browser. Ajax in this case is acting as if you'd expect if the endpoint had been moved. So for example, if you moved the endpoint on the server side, your application would still function as it would follow the redirect instruction.
What you really need to do is return a successful response to your Ajax call such as a 204 (No content) and then in your frontend move the user on to a new page.
This isn't as convenient I'll admit, but when you understand why the redirects actually exist it makes more sense. They're not a way of telling a user to move onto something else, they're a way of trying to prevent link rot and enable applications to continue working against an API which may have changed slightly.
I plan to use https to build a website. After the user logs in, s/he is directed to a dashboard. The dashboard will be developed using javascript and html5. What are the thing I need to keep in mind when I make ajax calls using SOAP to a web service while using https?
The most important things:
always use the same domain name, otherwise browser will throw cross domain errors,
always use https protocol for every ajax request, so browser won't get same origin errors.
On the server side check for X-Requested-With: XMLHttpRequest HTTP header, to be sure that the request came as AJAX, not standalone GET/POST request. This is only difference.
With AJAX request browser will send the same cookies value as in the any other request, so you can surely check user session with it.
I have to integrate a 3rd party newsletter signup form that makes an AJAX call to HTTP url.
That form I'm placing on pages that use HTTP or HTTPS protocols ( http for home pg., ect.; https for ecommerce related stuff )
I don't think anything is sent back from the destination server ( at least I can't see the response) other than status code.
I'm getting 200 OK whether I submit the form from HTTP or HTTPS page and watch what's going on with it in Firebug. Wonder if it's safe to assume the call gets processed successfully?
Usually, I like to have a proof positive that something worked or didn't, but in this case all test signups show up the next day, ( due to sign up getting processed as some scheduled task I'm guessing ), hence the unease.
You can call https server from http but can't call http from https directly using AJAX.
To call http user from https server you need to call your server side application from java script using AJAX, and then call http url from your server side application then send back this to the client.
You can use window.location.protocol to check whether you're currently on a Secure connection, and if so, you should AJAX a secure url.
Cross domain AJAX requests are reported as "aborted" in firebug. I know this is supposed to be security feature but where exactly these requests get rejected ? At the browser end or at the server end ?
Browser - they don't get sent at all. If you check your HTTP traffic (e.g. using Fiddler), you'll see that there is no corresponding HTTP request initiated for those aborted AJAX requests.
(That is also the only place where such blocking makes sense, as the server doesn't have a reliable way to distinguish between AJAX requests and normal requests; only the browser has enough context to make such decision.)