I have java scripts web application calling my ASP.NET web API 2 Service under same web site in my AppServer. The application is working fine.
I setup Proxy Server and URL Rewrite to my Application Server. Everything is working fine with Http but can't call web api from JavaScript with Https
I put CROS and add the Proxy Server but still doesn't work.
But I can directly call web api with https
Kindly Advice!
Regards,
Si Thu
Finally, I found out that it is because of Mixed Content Issue between proxy server and application server. App Server also need to be HTTPS
Issue is solved by adding certificate in App Server.
Related
We are using Auth0 integration to provide authentication for our spring boot application.
An application is deployed with docker in google cloud run.
But when I try to exchange tokens I receive an error from auth0 "Expected https://.. but go http://."
The reason why it is happening is that httpServletReuqest.getRequestURI() returns http instead of https.
The question is why getRequestURI returns http when our website deployed as https in cloud Run?
I also logged nginx headers and X-Forwarded-Proto = https.
Posting as Community Wiki since it is Based on the comments of #EmilGi and #GuillaumeBlaquiere.
As you can see in this documentation:
Cloud Run redirects all HTTP requests to HTTPS but terminates TLS before they reach your web service. If your service generates a web resources that refers to other web resources with unsecured URLs (http://), your page may be subject to mixed content warnings or errors.
And you cannot turn off this restriction since Cloud Run is deployed behind the GFE (Google Front End) in charge of the TLS communication.
I have WebAPP and WEBAPI on same server. I have applied SSL certificate on both the sites under same server (both are separate applications under common IIS default website).
Now my point, Can I access same WEBAPI over http instead of https form 3rd intranet application on same server and which is not a secure application?
My intention to not hamper performance for 3rd site which is not secured and on the same server.
Actually It depends on your configuration.
Generally, when you apply SSL on web server your app can now be accessed over http and https both connections.
But, if you have configured it to redirect http version to https using CSP or server end configuration, then you can access http version as all requests will get automatically redirected to https version.
You should read IIS related materials to learn what is site binding. A web site can of course contain multiple bindings, both HTTP and HTTPS, so that clients (like web browsers) can access using both http:// and https://.
https://blogs.technet.microsoft.com/chrad/2010/01/24/understanding-iis-bindings-websites-virtual-directories-and-lastly-application-pools/
I have server with tomcat where I deployed my application.
Let's call that server: internalServer (it can be accessed only from my network)
System admin opened port so every request from public can access that application. Application is comunicating with some another application on same server via web services.
When I access application via:
internalServer:8080/application
everything works.
But , when I access application via:
mywebsite.com/application
everything works except calling web service via $.ajax
Does anyone have idea what could be problem?
It sounds like a permissions issue with the public web site. The trust factor when using a localhost-style web server is different from that of using a public server. Check the web server and see what the permissions settings are for the directory where your web service is located.
Just a thought...
I am trying to do a testcase dealing with webservice REST in hosted Ape 5.0 Environment (apex.oracle.com).
There is a preinstalled Web Service in the Workspace "oracle.example.hr".
I have managed to call that Service from my Browsers URL.
But when i create a Web Service Reference to use that Service for an APEX Page, I receive the Errors:
ORA-29273: HTTP request failed
ORA-29024: Certificate validation failure
I am using the Oracle hosted Environment apex.oracle.com; thus I cannot apply ACLs etc.
Any suggestions?
Kind Regards,
Andreas Resch
Are you using https?
It seems that you are using a client that checks if the certificates are valid.
You can either solve the problem on the server (that is not configured with the correct certificate or configure the client to ignore this problem).
I can't find any documentation on what type of internal server PhoneGap is running on mobile devices, whether it's Apache, IIS, or some other minified web server. I'd like to know what type of server it is and whether it can be configured to allow external communication to a server, which is rejecting the incoming requests because it doesn't have the CORS support added to it.
We have 3 options
1) Add CORS support to allow AJAX from PhoneGap device to the web servers
2) Configure the PhoneGap web server to act as a proxy
3) Add a plugin, or write a plugin, which allows a native Android function call to allow communication to the web server
If you have any experience with these or advice on which way to go, your help would be much appreciated. Thanks in advance!
There is no internal server. PhoneGap/Cordova creates a base native application with the default view as a webview. A webview is a blank version of a web browser window. There is no web server component to PhoneGap.