I've created a self hosted Web API (Web API 2.2 + Owin). The service is quite simple and only returns the list of GPIO pin values.
On my Pi itself, it works perfectly. I can call the service without problems. Only when I try to call it from my PC a HTTP 400 is returned:
Request:
GET http://192.168.178.105/RobotApi/GetGpioPinValues HTTP/1.1
Host: 192.168.178.105
Connection: keep-alive
Accept: application/json, text/plain, */*
Origin: http://localhost
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36
Referer: http://localhost/piRobot.WebSite/index.html
Accept-Encoding: gzip, deflate, sdch
Accept-Language: en-US,en;q=0.8,de-DE;q=0.6,de;q=0.4
Response:
HTTP/1.1 400 Bad Request
Content-Type: text/html; charset=utf-8
Server: Mono-HTTPAPI/1.0
Date: Fri, 02 Jan 2015 16:19:24 GMT
Content-Length: 35
Connection: close
<h1>Bad Request (Invalid host)</h1>
I hope someone out there can help me. Any suggestions?
Thanks a lot,
Dante
Ok. Got it:-)
It was no problem with raspberry or mono or Web Api itself. The self hosted service was initialized with the base URL http://localhost. The strange thing is, the service is only available via localhost, but not via the according IP address!!!
So what I've done now is, I substituted localhost with the IP address of my Pi and it works perfectly. Now the service is only accessible via the IP?!
I still have no clue why it makes a difference, but obviously it does.
Related
I have this form where there is an implemented Google Captcha. I don't understand why I can submit multiple POST request using the same g-recaptcha-response and without it. Is it intended to work that way?
POST /dev-test/form.php HTTP/1.1
Host:.com
Content-Length: 606
Cache-Control: max-age=0
Sec-Ch-Ua: " Not;A Brand";v="99", "Google Chrome";v="91", "Chromium";v="91"
Sec-Ch-Ua-Mobile: ?0
Upgrade-Insecure-Requests: 1
Origin: https://sample.com
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.114 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Referer: https://sample.com/dev-test/form.php
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Connection: close
client_id=077&first_name=captcha-bypass-2nd-attempt&last_name=bypass-captcha-2nd-attempt&consent=true&g-recaptcha-response=
You can send as many request as you want to Google... The same way you can send unlimited mail parcel to an address, there's no mechanism to stop you from sending HTTP request to an address.
Once google receives your request, their servers will process your request and give it a score. It's your responsibility as a developer to go and get that score from google to check if a legitimate user is trying to access the site.
You will need to do that verification on the server side code of your application.
You can learn more on how google wants you to check the score at: https://developers.google.com/recaptcha/docs/verify
I have a strange behavior on a WordPress site. It is working just fine but several users (on safari) reported seeing error 400. While testing with safari I manage to reproduce the problem with changing the user-agent of the browser. Then I started getting error 400 on each ajax call. I've checked the access.log and all request to admin-ajax.php where served with status 200. But when I check the inspector in Safari, the same ajax request got status 400. And this is happening with each and every single ajax request on every page of the site. I've tried to log out/log in, cleared all cookies, cache and etc. but the error was still there.
The site uses ClouldFlare, so I went there and checked all the security and firewall rules, I didn't found my IP blocked anywhere.
So now the question is how a response with code 200 becomes 400?
Here is also the request and response of ajax call:
Summary
URL: https://www.example.com.com/wp-admin/admin-ajax.php
Status: 400
Source: Local Override
Address: yyy.yyy.yyy.yyy:zzz
Initiator: some-script.min.js:1:2080
Request
:method: POST
:scheme: https
:authority: www.example.com.com
:path: /wp-admin/admin-ajax.php
Accept: application/json, text/plain, */*
Content-Type: application/x-www-form-urlencoded
Origin: https://www.example.com.com
Cookie: some-cookies
Content-Length: 88
Accept-Language: en-us
Host: www.example.com.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.0.3 Safari/605.1.15
Referer: https://www.example.com.com/units/main/
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Response
:status: 400
Date: Wed, 27 Jan 2021 12:27:47 GMT
Referrer-Policy: strict-origin-when-cross-origin
X-Content-Type-Options: nosniff
Cache-Control: no-cache, must-revalidate, max-age=0, no-store
X-Frame-Options: SAMEORIGIN
Content-Type: text/html
Access-Control-Allow-Credentials: true
Pragma: no-cache
Set-Cookie: some-cookies
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Access-Control-Allow-Origin: https://www.example.com.com
cf-edge-cache: cache,platform=wordpress
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel: {"max_age":604800,"report_to":"cf-nel"}
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=some-token"}],"max_age":604800}
cf-cache-status: DYNAMIC
cf-request-id: 07e569767900001c377fb67000000001
cf-ray: 618278372fc81c37-SOF
x-robots-tag: noindex
Server: cloudflare
Request Data
MIME Type: application/x-www-form-urlencoded
action: my_ajax_callback
term_id: 1209
page_id
And this is the from the access.log:
xx.xxx.xx.xxx - - [24/Mar/2021:10:16:46 +0000] "POST /wp-admin/admin-ajax.php HTTP/1.0" 200 12203 "https://example.com/some-page/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.0.3 Safari/605.1.15"
UPDATE
I have to say that this is happening only on Safari and no other browser. Also I'm running Safari in VM with Mojave, not sure if this is related, but I though it is worthy to mention this.
I have tried to pause the CF service, and this change was visible on all other browsers but Safari continued to server the site over CF (I can see in the response header server that its value was cloudflare while on the other browsers it was nginx). I've flushed the DNS in the terminal and restarted VM a few times but this didn't changed.
I have also disabled all the security and firewall features on CloudFlare after I enabled it again but this also didn't solve the problem. I'm starting to believe that the problem lies some where in Safari and not in CF.
Try turning Cloudflare off, the setting is called "Pause Cloudflare on Site" to isolate it and see if that makes a difference. Maybe you have some goofy modsec rules in place?
I'm using a POST request in jmeter as below,
POST https://aumaz-ap-perf-ess-web-2.aumaz-ase-dev002.p.azurewebsites.net/signalr/connect
POST data:
clientProtocol=1.5&connectionData=%5B%7B%22name%22%3A%22bulkprocesshub%22%7D%5D&connectionToken=DWGWhf7zGj9TyO4cZn2kqH%2Bennba0V7qyAuAE2wIeu3vIoj%2FrLXemcaBz%2Fto3JjEs%2BaVviiFagxtax8E9PbE36cnBAlrByzw5qBwmIu9glop75vPY3XI0me52yTDiWC%2B9Zoalg%3D%3D&processId=b47fe282-8112-4a11-a18c-7629ac31b816&transport=longPolling
Request Headers:
X-Requested-With: XMLHttpRequest
Accept: text/plain, */*; q=0.01
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Firefox/52.0
Referer: https://aumaz-ap-perf-ess-web-2.aumaz-ase-dev002.p.azurewebsites.net/ESS/DataType
Connection: keep-alive
Connection: keep-alive
Host: aumaz-ap-perf-ess-web-2.aumaz-ase-dev002.p.azurewebsites.net
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Length: 315
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
If I use the same POST request in browser i can able to get the exact response. But in jmeter I'm getting the response as Bad request.
As of now, I'm using jmeter 3.01 and I have installed all the certificates needed. Can anyone please give solution for this
The most problem here seems to be that server doesn't respond with any details of what's wrong with the request. Correct?
Then do two things:
1) Install Fiddler, capture what you're sending through browser, and through JMeter, compare.
That may give you a clue what's the difference.
2) Reach server logs and see what's going on, there may be way more intrinsic information on why request was considered invalid.
I have finally got a solution. If I pass those parameters in parameters it doesn't work but i gave all the parameters with & in the path itself.
And used ${__urlencode{parameter}} to encode the parameters which are passing as encoded value and then I didn't face any Bad request issue.
Even now, I don't know how it worked. But finally got a solution by this way.
I have a SPA (Single-Page Application) written using OpenUI5 framework.
It works well (when I'm in debug mode or using cache-killer https://chrome.google.com/webstore/detail/cache-killer/jpfbieopdmepaolggioebjmedmclkbap) but now I have pushed the app on the server apache: here the problems started...
Users not have cache-killer installed and I would like update the app on the server and immediately have the new version of the app on the users pcs at the successive refresh.
In my app I have a series of tab: each tab have a content and I have two different content for each tab (a display fragment content and a change fragment content).
When I load the page, by default, tabs are filled by display fragments; then I press a button and the content of each tab swithc to the change fragments.
The problem is that all fragment that I retrieve after the first page loading are loaded (from cache)...
I try to use manifest application cache and the various meta-tags (see Chaching with single-page application) but the problem not change and it is still there.
This is a request-response header for the diplay fragment (correcly loaded from the server)
General:
Request URL:http://10.7.1.96/www/temp_ftp_grunt/view/tab/article/TabAnagrDisplay.fragment.xml
Request Method:GET
Status Code:304 Not Modified
Response header:
HTTP/1.1 304 Not Modified
Date: Thu, 17 Sep 2015 14:45:43 GMT
Server: Apache/2.4.7 (Win32) OpenSSL/1.0.1e PHP/5.5.6
Connection: Keep-Alive
Keep-Alive: timeout=5, max=46
ETag: "38b6-51ff07d7bfe81"
Request Header:
GET /www/temp_ftp_grunt/view/tab/article/TabAnagrDisplay.fragment.xml HTTP/1.1
Host: 10.7.1.96
Connection: keep-alive
Cache-Control: max-age=0
Accept: application/xml, text/xml, */*; q=0.01
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.93 Safari/537.36
Referer: http://10.7.1.96/www/temp_ftp_grunt/
Accept-Encoding: gzip, deflate, sdch
Accept-Language: it,en-US;q=0.8,en;q=0.6
If-None-Match: "38b6-51ff07d7bfe81"
If-Modified-Since: Thu, 17 Sep 2015 12:24:01 GMT
and this for the change fragment loaded from cache
General:
Request URL:http://10.7.1.96/www/temp_ftp_grunt/view/tab/article/TabAnagrChange.fragment.xml
Request Method:GET
Status Code:200 OK (from cache)
Response header:
Accept-Ranges:bytes
Content-Length:23642
Content-Type:application/xml
Date:Thu, 17 Sep 2015 14:44:47 GMT
ETag:"5c5a-51ff1965857b1"
Last-Modified:Thu, 17 Sep 2015 13:42:33 GMT
Server:Apache/2.4.7 (Win32) OpenSSL/1.0.1e PHP/5.5.6"
Request Header:
Provisional headers are shown
Accept:application/xml, text/xml, */*; q=0.01
Referer:http://10.7.1.96/www/temp_ftp_grunt/
User-Agent:Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.93 Safari/537.36
X-Requested-With:XMLHttpRequest
For OpenUI5 developers: I have loaded the fragment in this moode:
1.display fragments in onInit function of the controller that contain the list of tabs
var oTab = new sap.m.IconTabFilter();
oTab.addContent(myfragment);
tabBar.addItem(oTab);
2.change fragments by a function that remove the display frg by tabBar.removeAllItems(); and add the new frg in the same mode of 1.
I have tried to find a solution to my problem; I have read this https://developers.google.com/web/fundamentals/performance/optimizing-content-efficiency/http-caching and this http://alistapart.com/article/application-cache-is-a-douchebag articles but I can't find the solution for my problem. Cache buster https://openui5.hana.ondemand.com/#docs/guide/91f080966f4d1014b6dd926db0e91070.html suggested here Force clear cache in OpenUI5 require a SAP backend
We had the same problem and managed by defining a new path for fragments
sap.ui.localResources("fragments");
By default, fragments was in the same folder than Libraries (resources) and always caching.
I'm using official custom receiver from Github and I'm trying to play MPEG-DASH Widevine protected video stream. Receiver is running on Nexus Player 5.1.1. I'm correctly setting customData and licence server url. The problem is that player (DRM component) is not correctly generating needed data for POST request to the licence server. This data should be generated with data from PSSH box and include information about DRM client and more. Below is the almost empty POST request (omitted some CORS specific headers) with request body containing only two bytes (08 04)
POST XYZ HTTP/1.1
Host: XYZ
Connection: keep-alive
Content-Length: 2
Origin: ABC
User-Agent: Mozilla/5.0 (Linux; Android 5.1.1; Nexus Player Build/LMY47V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.75 Safari/537.36 CrKey/1.13.31432
content-type: text/xml;charset=utf-8
Accept: */*
Referer: http://ABC/ftp-custom/CastMediaPlayerStreamingDRM/mpl.html
Accept-Encoding: gzip, deflate
Accept-Language: en-GB
CAST-DEVICE-CAPABILITIES: {"display_supported":true}
..
The correct request body (on Windows / Chrome) should look like this (ommited "non-human readable" content within request body)
POST XYZ HTTP/1.1
Host: XYZ
Connection: keep-alive
Content-Length: 1763
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.152 Safari/537.36
Origin: http://shaka-player-demo.appspot.com
Accept: */*
Referer: http://shaka-player-demo.appspot.com/
Accept-Encoding: gzip, deflate
Accept-Language: cs,en;q=0.8
ChromeCDM-Windows-x86
architecture_name x86-32
company_name Google
model_name ChromeCDM
platform_name Windows2
Thank you for any how to make this working correctly.