Google app engine Endpoint and HTTP Sessions - ajax

I'm deploying an application in Google App Engine and I'm also using the Cloud Endpoint feature for REst call.
I use a custom domain to point on my application. As you probably know, Endpoint doesn't support custom domain. So my situation is this:
I open the page http://www.example.org
I do an ajax request to an Endpoint like https://my-example.appspot.com/_ah/api/service
Now the problem is: Everytime I do an ajax request to an Endpoint, a new Session is created!! How can I keep the session between requests? I inspected the responses from Endpoint, and I didn't find any reference to session cookie...
UPDATE 1
For the Ajax call I'm using JQuery.
$.post('_ah/api/user/v1/login', function() {
console.log('logged');
});
I now add this is for adding the withCredentials field.
$(document).ajaxSend(function(elm, xhr, s) {
xhr.withCredentials = true;
});
UPDATE 2
This is my request and the server response headers
Request
Accept:*/*
Content-Type:application/x-www-form-urlencoded; charset=UTF-8
Origin:http://www.example.org
Referer:http://www.example.org/game.html
User-Agent:Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.90 Safari/537.36
X-CSRFToken:xkNZPouvfl2mRT0IKFZNB2xJpffaaK3UuYhhg5eoeRAiMqxaoQ14q93cv2xeRnYP
Response
access-control-allow-credentials:true
access-control-allow-origin:http://www.example.org
access-control-expose-headers:Content-Encoding,Content-Length,Content-Type,Date,Server
alternate-protocol:443:quic,p=1
cache-control:private, max-age=0
content-encoding:gzip
content-length:165
content-type:application/json; charset=UTF-8
date:Sun, 19 Apr 2015 12:40:49 GMT
expires:Sun, 19 Apr 2015 12:40:49 GMT
server:GSE
status:200
version:HTTP/1.1
x-content-type-options:nosniff
x-frame-options:SAMEORIGIN
x-xss-protection:1; mode=block

Related

Cloudflare Edge cache TTL

I've been testing Cloudflare, and I have Edge TTL set for 1 month for everything in the images folder. I'd like to see if this is set correctly, but in the Response Headers I don't see an EDGE TTL expiry. Is there any way for me to see when the cache will expire for an object in Cloudflare?
Here's the sample headers:
Response Headers
Request URL:https://cdn.mysite.com/content/testimage.jpg
Request Method:GET
Status Code:200
Remote Address:104.27.138.237:443
Referrer Policy:no-referrer-when-downgrade
Response Headers
accept-ranges:bytes
cache-control:public, max-age=14400
cf-cache-status:HIT
cf-ray:37fa88117ff010f3-ORD
content-length:10512
content-type:image/jpeg
date:Mon, 17 Jul 2017 04:41:54 GMT
etag:"b9a9dca80fa816483b4df7e970639c98"
expires:Mon, 17 Jul 2017 08:41:54 GMT
last-modified:Mon, 17 Jul 2017 04:13:53 GMT
server:cloudflare-nginx
status:200
vary:Accept-Encoding
via:1.1 d784ab98a21beb476de2ec8d5824cf82.cloudfront.net (CloudFront)
x-amz-cf-id:MhQHg0-wZ_l7yEPeFkOvt7JXn4xuicRBpIVw2jlcy6Lt9KvukCrFcw==
x-amz-meta-s3cmd-attrs:atime:1499536352/ctime:1499536352/gid:1000/gname:sluser/mode:33204/mtime:1499536352/uid:1000/uname:sluser
x-cache:Miss from cloudfront
Request Headers
:authority:cdn.mysite.com
:method:GET
:path:/content/testimage.jpg
:scheme:https
accept:text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
accept-encoding:gzip, deflate, br
accept-language:en-US,en;q=0.8
cache-control:no-cache
cookie:__cfduid=df4ff5a2242e05fbc12499e832333f59c1500222401
pragma:no-cache
upgrade-insecure-requests:1
user-agent:Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.115 Safari/537.36
Because EDGE TTL expiry are not reflected in the response header. They use this for their internal parameter to store files.
Visit this link for more detail
https://support.cloudflare.com/hc/en-us/articles/200168376-What-does-edge-cache-expire-TTL-mean-

SignalR - Reconnect event Response with 400 (Bad Request)

i'm a bit new with signalr
i have developed a simple chat room (just connect to hub and begin chat) .. i tried it in my localhost and it was working perfectly without any interrupt ..that's good so far .
i uploaded then that site to online host .. i noticed that signalr connection ger failure after short time .. i opened chrome console i found that he tried to reconnect again with the hub (despite it's never happend in my localhost to try to reconnect)
the request was as the Following
Request URL:http://x-strangers.com/signalr/reconnect?transport=serverSentEvents&messageId=d-7C5BF30A-B%2C0%7CC%2C4%7CD%2C1&clientProtocol=1.5&connectionToken=2gLhobhAyeQi9GcNL%2FQTHDcBsz0Rgyc%2FUy4K%2FS5K6Kc0pQB%2FCsLATd2gYBZZ7dclT1EpGafRQkU7MC%2FHEUZTV7cldjc81%2BNYjmckQiS%2FbLcRZqU8GYYx6rPulazcdw89&connectionData=%5B%7B%22name%22%3A%22strangershub%22%7D%5D&tid=4
Request Method:GET
Status Code:400 Bad Request
Remote Address:198.38.83.16:80
Referrer Policy:no-referrer-when-downgrade
Response Headers
view source
Cache-Control:no-cache
Connection:Keep-Alive
Content-Type:text/html
Date:Wed, 21 Jun 2017 20:47:11 GMT
Expires:-1
Pragma:no-cache
Server:Microsoft-IIS/8.0
Transfer-Encoding:chunked
X-AspNet-Version:4.0.30319
X-Content-Type-Options:nosniff
X-Powered-By:ASP.NET
Request Headers
view source
Accept:text/event-stream
Accept-Encoding:gzip, deflate, sdch
Accept-Language:en-GB,en;q=0.8,ar;q=0.6,en-US;q=0.4
Cache-Control:no-cache
Connection:keep-alive
Cookie:ASP.NET_SessionId=zfgyzje0tvjfot4r1jpk2zg2
Host:x-strangers.com
Referer:http://x-strangers.com/Home/Strangers
User-Agent:Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36
Query String Parameters
view source
view URL encoded
transport:serverSentEvents
messageId:d-7C5BF30A-B,0|C,4|D,1
clientProtocol:1.5
connectionToken:2gLhobhAyeQi9GcNL/QTHDcBsz0Rgyc/Uy4K/S5K6Kc0pQB/CsLATd2gYBZZ7dclT1EpGafRQkU7MC/HEUZTV7cldjc81+NYjmckQiS/bLcRZqU8GYYx6rPulazcdw89
connectionData:[{"name":"strangershub"}]
tid:4`
and the Response was Like the Following
The ConnectionId is in the incorrect format.
Eventually the Connection get Fail
Any Idea how to Fix This ??

Getting 403 Forbidden with webchat on microsoft bot framework

I have followed Option #4 in here:
https://github.com/Microsoft/BotFramework-WebChat/blob/speech/samples/speech/index.html
and used my COGNITIVE_SPEECH_API_KEY. But I keep getting a 403 forbidden even though the code seems to be passing in the Authorization header in the request as expected by the docs.
Here is the Request and Response I captured from Chrome Developer tools:
Request
URL: wss://speech.platform.bing.com/speech/recognition/interactive/cognitiveservices/v1?format=simple&language=en-US&Authorization=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzY29wZSI6Imh0dHBzOi8vd2VzdHVzLmFwaS5jb2duaXRpdmUubWljcm9zb2Z0LmNvbS9jdXN0b21zcGVlY2giLCJzdWJzY3JpcHRpb24taWQiOiJhN2ZmNzJmZmZhNDA0YmQ2ODU5MjNjYzBmMmU2ODdhZiIsInByb2R1Y3QtaWQiOiJDUklTLlMwIiwiY29nbml0aXZlLXNlcnZpY2VzLWVuZHBvaW50IjoiaHR0cHM6Ly9hcGkuY29nbml0aXZlLm1pY3Jvc29mdC5jb20vaW50ZXJuYWwvdjEuMC8iLCJhenVyZS1yZXNvdXJjZS1pZCI6Ii9zdWJzY3JpcHRpb25zLzkwOThmZTJjLTk5NjItNDMxNS1iZGQxLWFiNTEzMDA0YjBiNC9yZXNvdXJjZUdyb3Vwcy9EZW52ZXJJZ25pdGlvbi9wcm92aWRlcnMvTWljcm9zb2Z0LkNvZ25pdGl2ZVNlcnZpY2VzL2FjY291bnRzL2lnbml0aW9udGVzdGJvdHNwZWVjaCIsImlzcyI6InVybjptcy5jb2duaXRpdmVzZXJ2aWNlcyIsImF1ZCI6InVybjptcy5jdXN0b21zcGVlY2giLCJleHAiOjE0OTU5ODQ4MzF9.kK1bx_kWllytyDvdqSZlb0_HUwaLX-V6OGJGeJ3fI2k&X-ConnectionId=9B408F2612DE4902A2D37EEACC8FB350
Request Method:GET
Status Code:403 Forbidden
Response Headers
Content-Length:0
Date:Sun, 28 May 2017 15:10:31 GMT
Server:Microsoft-IIS/10.0
X-MSEdge-Ref:Ref A: B1DBE1CCBEEA44A6B0213CB1CF8B8CA6 Ref B: DEN02EDGE0314 Ref C: Sun May 28 08:10:31 2017 PST
Request Headers
Accept-Encoding:gzip, deflate, sdch, br
Accept-Language:en-US,en;q=0.8
Cache-Control:no-cache
Connection:Upgrade
Cookie:_IFAV=A=422B5EB35D6227B47A899A55FFFFFFFF&COUNT=0&SEEALL=2&VRSN=2;
SRCHD=AF=NOFORM; SRCHUSR=DOB=20160521;
MSFPC=ID=a0c448564466a044a98c006abcccbaf0&CS=3&LV=201608&V=1;
_RwBf=s=10&o=0&A=422B5EB35D6227B47A899A55FFFFFFFF; MUID=2350DC04198E61F62654DA0E1D8E6287;
_U=1Y4QobYDPj3fzheUKiZ5uMdlvmGHvPLxng61hD9XLEWEhcPAfnXyj4UgFgyOMlw6jiTZJaP9wfqB4D6B2UYIV7_jbXnm5WTRM0ycCG-1F5YbfcPhiTR4SdgSkfPadkYRd;
WLID=qgIk0rgVNCI8HNV2Z4g8xFSkWTapYBjrDBYC04Zh/6JNzAhx2KtSiq+zTmKuyODQY3+IA3XDFhKybijk6ArfNlzdJ448JV1JBNO/mmbbcGQ=;
ANON=A=422B5EB35D6227B47A899A55FFFFFFFF&E=13d0&W=1;
NAP=V=1.9&E=1376&C=GKfvIsAF38G7JJpiBtQFE1j-85HTsObRYo50Mrr-fkR1HpimpRoSRA&W=1;
ULC=T=CCC1|4:3; SRCHHPGUSR=CW=1329&CH=716&DPR=2&UTC=-360
Host:speech.platform.bing.com
Origin:https://ignitiontestbotweb.azurewebsites.net
Pragma:no-cache
Sec-WebSocket-Extensions:permessage-deflate; client_max_window_bits
Sec-WebSocket-Key:+oV+WOyiaN3VFOIYmX1t3w==
Sec-WebSocket-Version:13
Upgrade:websocket
User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110
Safari/537.36
The bing Speech API seems to be randomly accepting the calls. One in 10 connection attempts get through with a 101 Switch Protocols status code. for the same request.
Success
Request URL:wss://speech.platform.bing.com/speech/recognition/interactive/cognitiveservices/v1?format=detailed&language=en-US&Ocp-Apim-Subscription-Key=0825dc93563445aca227aa125404c299&X-ConnectionId=2679C505D3D742A5809D1F08A1934E08
Request Method:GET
Status Code:101 Switching Protocols
Failure (for same request)
Request URL: wss://speech.platform.bing.com/speech/recognition/interactive/cognitiveservices/v1?format=simple&language=en-US&Ocp-Apim-Subscription-Key=0825dc93563445aca227aa125404c299&X-ConnectionId=2A47A79398D941ACB3F67A9580B908E3
Request Method:GET
Status Code:403 Forbidden
As discussed in the comments, the key you are trying to use corresponds to Custom Speech Service API, and the sample you are trying to run needs a Bing Speech API key. Bing Speech is the service that offers Speech to Text capabilites.

SPA (Single-page app) load always from cache

I have a SPA (Single-Page Application) written using OpenUI5 framework.
It works well (when I'm in debug mode or using cache-killer https://chrome.google.com/webstore/detail/cache-killer/jpfbieopdmepaolggioebjmedmclkbap) but now I have pushed the app on the server apache: here the problems started...
Users not have cache-killer installed and I would like update the app on the server and immediately have the new version of the app on the users pcs at the successive refresh.
In my app I have a series of tab: each tab have a content and I have two different content for each tab (a display fragment content and a change fragment content).
When I load the page, by default, tabs are filled by display fragments; then I press a button and the content of each tab swithc to the change fragments.
The problem is that all fragment that I retrieve after the first page loading are loaded (from cache)...
I try to use manifest application cache and the various meta-tags (see Chaching with single-page application) but the problem not change and it is still there.
This is a request-response header for the diplay fragment (correcly loaded from the server)
General:
Request URL:http://10.7.1.96/www/temp_ftp_grunt/view/tab/article/TabAnagrDisplay.fragment.xml
Request Method:GET
Status Code:304 Not Modified
Response header:
HTTP/1.1 304 Not Modified
Date: Thu, 17 Sep 2015 14:45:43 GMT
Server: Apache/2.4.7 (Win32) OpenSSL/1.0.1e PHP/5.5.6
Connection: Keep-Alive
Keep-Alive: timeout=5, max=46
ETag: "38b6-51ff07d7bfe81"
Request Header:
GET /www/temp_ftp_grunt/view/tab/article/TabAnagrDisplay.fragment.xml HTTP/1.1
Host: 10.7.1.96
Connection: keep-alive
Cache-Control: max-age=0
Accept: application/xml, text/xml, */*; q=0.01
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.93 Safari/537.36
Referer: http://10.7.1.96/www/temp_ftp_grunt/
Accept-Encoding: gzip, deflate, sdch
Accept-Language: it,en-US;q=0.8,en;q=0.6
If-None-Match: "38b6-51ff07d7bfe81"
If-Modified-Since: Thu, 17 Sep 2015 12:24:01 GMT
and this for the change fragment loaded from cache
General:
Request URL:http://10.7.1.96/www/temp_ftp_grunt/view/tab/article/TabAnagrChange.fragment.xml
Request Method:GET
Status Code:200 OK (from cache)
Response header:
Accept-Ranges:bytes
Content-Length:23642
Content-Type:application/xml
Date:Thu, 17 Sep 2015 14:44:47 GMT
ETag:"5c5a-51ff1965857b1"
Last-Modified:Thu, 17 Sep 2015 13:42:33 GMT
Server:Apache/2.4.7 (Win32) OpenSSL/1.0.1e PHP/5.5.6"
Request Header:
Provisional headers are shown
Accept:application/xml, text/xml, */*; q=0.01
Referer:http://10.7.1.96/www/temp_ftp_grunt/
User-Agent:Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.93 Safari/537.36
X-Requested-With:XMLHttpRequest
For OpenUI5 developers: I have loaded the fragment in this moode:
1.display fragments in onInit function of the controller that contain the list of tabs
var oTab = new sap.m.IconTabFilter();
oTab.addContent(myfragment);
tabBar.addItem(oTab);
2.change fragments by a function that remove the display frg by tabBar.removeAllItems(); and add the new frg in the same mode of 1.
I have tried to find a solution to my problem; I have read this https://developers.google.com/web/fundamentals/performance/optimizing-content-efficiency/http-caching and this http://alistapart.com/article/application-cache-is-a-douchebag articles but I can't find the solution for my problem. Cache buster https://openui5.hana.ondemand.com/#docs/guide/91f080966f4d1014b6dd926db0e91070.html suggested here Force clear cache in OpenUI5 require a SAP backend
We had the same problem and managed by defining a new path for fragments
sap.ui.localResources("fragments");
By default, fragments was in the same folder than Libraries (resources) and always caching.

CORS does not work

I need to write an ajax request, which will request an XML from REST service. I deployed locally a simple REST service, which returns an XML document.
I know about same origin policy, so I added Access-control-allow-origin: * to the response (or the same value like in Origin header in request). Then I tested my ajax request from a local html file and got same origin policy error.
I then tried to put this page into java web application, deployed it into tomcat and got the very same error. I've tested it in Chrome and Firefox.
It only works if I start Chrome with disabled web security. But it does not solve my problem.
That's the request, sending by ajax, which receives
**OPTIONS http://localhost:9198/helloworld Origin http://localhost:8081 is not allowed by Access-Control-Allow-Origin.**
For both cases. Whether it is an * in the Access-control-allow-origin or defined host.
Request URL:http://localhost:9198/helloworld
Request Method:OPTIONS
Status Code:200 OK
Request Headers:
Accept:*/*
Accept-Encoding:gzip,deflate,sdch
Accept-Language:ru-RU,ru;q=0.8,en-US;q=0.6,en;q=0.4
Access-Control-Request-Headers:accept, customheader, origin
Access-Control-Request-Method:GET
Connection:keep-alive
Host:localhost:9198
Origin:http://localhost:8081
Referer:http://localhost:8081/testRest/test.html
User-Agent:Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.94 Safari/537.36
Response Headers:
Allow:OPTIONS,GET,HEAD
Content-length:564
Content-type:application/vnd.sun.wadl+xml
Date:Tue, 04 Jun 2013 08:48:28 GMT
Last-modified:B, 04 8N= 2013 20:23:45 MAGST
Here is the request\response if i just put the address of my REST service into browser.
Request URL:http://localhost:9198/helloworld
Request Method:GET
Status Code:200 OK
Request Headers:
Accept:text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding:gzip,deflate,sdch
Accept-Language:ru-RU,ru;q=0.8,en-US;q=0.6,en;q=0.4
Cache-Control:max-age=0
Connection:keep-alive
Cookie:srmuser=kbar
Host:localhost:9198
User-Agent:Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.94 Safari/537.36
Response Headers:
Access-control-allow-origin:http://localhost:8081
Content-type:application/xml
Date:Tue, 04 Jun 2013 09:10:03 GMT
Transfer-encoding:chunked
Could anyone please help me?

Resources