Develop Reference

tfs extension Origin 'null' is therefore not allowed access

I encounter a problem when I try to call the Teamcity REST service through a TFS extension.
I configured TeamCity as well:
rest.cors.origins = "http://my.tfsserver"
rest.cors.optionsRequest.allowUnauthorized = true
In the TFS extension, I call the following url:
http: //my.teamcity.server:80/app/rest/latest/projects using "XMLHttpRequest"
const pair :string=this.settings.username+":"+this.settings.password;
const encodedCreds:string = btoa(pair);
const basicAuthValue:string = "Basic "+ encodedCreds;
const apiurl:string="/app/rest/latest/projects";
const completeUrl:string = this.settings.urlTeamCity+apiurl;
const xhr = new XMLHttpRequest();
xhr.open("GET",completeUrl,true);
xhr.setRequestHeader('Authorization', basicAuthValue);
xhr.setRequestHeader("Access-Control-Allow-Origin" ,"http://my.tfsserver");
xhr.onload=function(){
console.log(xhr.responseText);
}
xhr.onerror=function(){
console.log(xhr.response);
}
xhr.send();
I'm getting the following error in the console:
Failed to load http://my.teamcity.server:80/app/rest/latest/projects:
Response for preflight is invalid (redirect)
In the TeamCity rest log, i have the following two lines:
[2018-10-01 14:12:49,891] DEBUG [p-nio-80-exec-9] -
er.rest.APIController/rest-api - Got CORS request from origin 'null',
but this origin is not allowed. Add the origin to 'rest.cors.origins'
internal property (comma-separated) to trust the applications hosted
on the domain. Current allowed origins are: Enabled CORS Origins:
[http://my.tfsserver]
[2018-10-01 14:12:49,892] DEBUG [p-nio-80-exec-9] -
er.rest.APIController/rest-api - REST API request processing finished
in 1ms, status code: 302, request: OPTIONS
'/app/rest/latest/projects', from client 10.69.152.71:59256, no auth
Based on the last line, i modify my code to:
...
xhr.open("GET",completeUrl,true,this.settings.username,this.settings.password)
xhr.withCredentials=true;
...
but, i'm still getting the same error in both chrome console and team city rest log.
in the chrome console, on the network tab, i can see that "origin" header is null but i don't understand why?
Thanks by adavance for any help :)

Failed authentication with Ruby HTTPClient

I have this very simple Ruby code which makes Ruby POST request.
For some reason it creates 2 requests - one authentication error and one successful request:
def execute
request = HTTPClient.new()
request.ssl_config.verify_mode = OpenSSL::SSL::VERIFY_NONE
request.set_auth('https://test.net/api', 'user', 'pass')
request_body = File.read("requests/xml/req.xml")
response = request.post('https://test.net/api', request_body, {'Content-Type' => 'application/xml', 'cache-control' => 'no-cache'}).body
puts 'called'
end
I suppose that some configuration if missing for HTTPClient?
Can you advise how I can fix this?

This is an expected behavior. The client won't send the credentials unless they are required. When the client gets a 401 status code then it sends the request again but now with the credentials.
You can force some clients to send the credentials on the first request.
Ruby's HTTPClient has a force_basic_auth that does that.

How to return from a Rails rack call?

I am using Faye websocket implementation. When a websocket is detected I want to make sure the user sent a given header before I open the connection, or else I want to return an error.
I tried returning error 401 using [] but I keep oberving that the code continues execution and the websocket is created anyway. I managed to prevent it by adding return after it, but I am not sure this is the right way. On the client side I am implementing it in python using ws4py and when I return I get an exception raised indicating it received a 302 code, not the 401 I was expecting to send.
My ruby code (without the websocket events code) follows:
App = lambda do |env|
if Faye::WebSocket.websocket?(env)
unless env['HTTP_MY_HEADER']
[401, {'Content-Type' => 'application/json'}, '{"message": "I was expecting a header here"}']
#return (??)
end
ws = Faye::WebSocket.new(env)
# Rest of websocket call handling
else
# Normal HTTP request
[200, {'Content-Type' => 'text/plain'}, ['Hello']]
end
end

Cannot make ajaxs call when deploy in heroku

I have an web app which I bundled using webpack, I placed my entire react/redux app in the public file which will be served by nodejs(express-generator). My app works when I run in localhost/ local env. However when I deploy to heroku. I cannot make calls.
The below is the error message:
bundle.js:19 GET https://glacial-cove-64389.herokuapp.com/users/ 401 (Unauthorized)
Object {err: Error: Request failed with status code 401 at e.exports (https://glacial-cove-64389.herokuapp.co…}
err
:
Error: Request failed with status code 401 at e.exports (https://glacial-cove-64389.herokuapp.com/bundle.js:19:10382) at e.exports (https://glacial-cove-64389.herokuapp.com/bundle.js:26:6821) at XMLHttpRequest._.(anonymous function) (https://glacial-cove-64389.herokuapp.com/bundle.js:19:9464)
__proto__
:
Object
initially I thought it could be my my ROOT_URL so I changed it the below is an example of my actions file.
const ROOT_URL = "//glacial-cove-64389.herokuapp.com"
const axiosOption = {headers: { authorization : localStorage.getItem('token')}}
/*Sign in user*/
export function signinUser({ email, password }){
return function(dispatch){
axios.post(`${ROOT_URL}/users/signin`, { email, password })
.then(function(res){
dispatch({ type: AUTH_USER })
localStorage.setItem('token', res.data.token);
browserHistory.push('/users');
})
.catch(function(err){
dispatch(authError('Invalid email or password'))
console.log({err});
})
}
}
So what happens is that the react recognize the login and push user to the correct route. but it return the above error msg status code 401 once it hits the main pages.
The main problem I have is when I try to perform CRUD which doesn't work
Here is my repo: https://github.com/boyboi86/API_basic_random

I found out the hard way..
If you intend to put everything within your public file when scaffold with express-generator. Putting CORS within your Nodejs is insufficient because now your axios (react) that makes the call is also subjected to CORS, And you will have to config within your axios with the following:
axios.defaults.headers.post['Access-Control-Allow-Methods'] = 'PATCH, DELETE, POST, GET, OPTIONS';
This is to ensure all calls made will be allowed. I realised this when I look at the response headers.

Net::HTTPNotFound (404) For API Call. Paste in the URL into browser and 200

While using the Wistia API, I've encountered this strange phenomena: 200 in browser, 404 from HTTParty.
Currently, I have a video module with an embed class as so:
module Video
class Embed
include ActiveModel::Model
include HTTParty
base_uri 'https://fast.wistia.net/oembed'
format :json
default_params api_password: ENV['WISTIA_PASSWORD']
class << self
def find(hashed_id)
get("", query: { url: url_query("#{hashed_id}") })
end
private
def url_query(hashed_id)
"http%3A%2F%2Fhome%2Ewistia%2Ecom%2Fmedias%2F#{hashed_id}"
end
end
end
end
When performing a Video::Embed.find(#video.hashed_id) the code that is output appears as so in the log:
HTTP GET (59.97ms) https://fast.wistia.net:443/oembed?api_password=not_getting_my_password&url=http%3A%2F%2Fhome%2Ewistia%2Ecom%2Fmedias%2Fth3-3Xamp13
Response status Net::HTTPNotFound (404)
Response body
But, if I paste in my url, I can see the JSON load inside of the browser (200).
The password is correct (tested), the hashed_id is correct (tested), and the URL was tested by pasting in the url into the browser.
I have a feeling its a cross-origin issue, but even then I'm not sure how to solve that one.
Update: Performing a curl returns the JSON just like the browser.