Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about programming within the scope defined in the help center.
Closed 8 years ago.
Improve this question
I was wondering if it is allowed to fake the user agent to pretend that me script is safari or any other browser? Can I get into trouble if I faked the user agent in my script? I don't mean a custom one such as "My Script", I mean a user agent which belongs to a browser like "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_1) AppleWebKit/537.73.11 (KHTML, like Gecko) Version/7.0.1 Safari/537.73.11"?
I'd say it depends on the context. It might be considered illegal if you are trying to gain unauthorized access to information by manipulating the user-agent HTTP header. This same principle could also apply to manipulating Cookie HTTP header. In this context, the prosecutor may label it as "hacking".
When Andrew Alan Escher Auernheimer (known as Weev), was recently prosecuted and convicted of "hacking" AT&T's website, the prosecutors kept repeating over and over that his "spoofing" of an iPad (via a forged User-Agent header) was an indication of malicious/devious intent. I'm not sure if those same prosecutors would say such spoofing is outright illegal just on its own, but it was part of what got him convicted, so that should definitely be taken into consideration.
If you're going to fake user agent let's say to debug how a site will be displayed on an iPad, this is not illegal. Browser vendors such as Chrome, Internet Explorer has now a feature to modify the user agent right inside the browser!
Related
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 5 months ago.
Improve this question
My question may lack specifics but I just cant understand how the whole process should work.. How I should implement it? What are the ways? Any guidance is welcome.
I have followed official documentation, their guides but even if I get something to work I dont really know if I am doing the right thing as is the end result what I need?
I think I need server side in order to store the sessions and credentials to the database.
It is a side task in my school, I am also limited to using only Golangs standard packages.
Not sure, What exactly you are looking but few things i am mentioning which might help you.
Google Sign-In for server-side apps :
Implementing the one-time-code flow :
The Google Sign-In button provides both an access token and an authorization code. The code is a one-time code that your server can exchange with Google's servers for an access token.
Create a client ID and client secret
Include the Google platform library on your page
Initialize the GoogleAuth object
Add the sign-in button to your page
Sign in the user
Send the authorization code to the server
Exchange the authorization code for an access token
For better understanding refer here : https://developers.google.com/identity/sign-in/web/server-side-flow
and https://cloud.google.com/go/getting-started/authenticate-users-with-iap and https://skarlso.github.io/2016/06/12/google-signin-with-go/
In Golang we have this library : https://pkg.go.dev/golang.org/x/oauth2/google
This is the example you can try by your own : https://dev.to/douglasmakey/oauth2-example-with-go-3n8a
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 2 years ago.
Improve this question
I have multiple servers and I'm building an app to control them, check their status, etc. I want to create an endpoint that allows me to turn the server on/off, however, I'm not sure how to properly design the REST API.
Currently, let's say I have a Server resource and the endpoint to control it is /api/servers/{id}/start and /api/server/{id}/stop. They are used by simply sending an empty POST request which turns the server on and off.
This works fine, but I'm not sure whether it is a clean design of the API. I haven't been able to find any recommendations on this topic.
What approach would you recommend in this situation?
Thank you!
This works fine, but I'm not sure whether it is a clean design of the API. I haven't been able to find any recommendations on this topic.
It is fine, but it could probably be better.
Short version: instead of POSTing an empty message to a specialized resource, prefer to POST a detailed message to the resource you expect to change.
Long version: any time you are trying to figure what to do in REST, the right starting point is to think about how you would do it with plain old web pages.
On the web, you would open a page that has a list of different servers; each of those servers would probably have some sort of status indicator, and links for each of the changes you might want to make. Following that link would bring you to a form, which might be pre-populated with data. You would change any necessary defaults, and then submit the form, and the browser would create the HTTP request that tells the web server to restart server #7, or whatever. TADA.
Notice that neither the browser, nor human being, need to know in advance which URI to use, because that information is included in the representation of the web page. The browser needs to know how links work, and how forms work. The human being needs to know which link to follow, and how to interpret the input controls in the form, but it is the server that decides what the identifiers are, and what key/value pairs should be used in the request body, and so on.
Given that, how do you decide what the target of the form action should be? One possible answer is to consider the implications of caching. RFC 7234 says that a successful POST will invalidate any cached representations of the target-uri. So if you POST the request to the webpage that you expect to be changed by the request, then you get the appropriate caching behavior "for free".
The cache invalidation rules are not flexible - they are designed to support the common case. If you have many cached pages that will be changed by a request, then you'll need to choose which one of them is most important for updating.
Matching those ideas to your case: it's probably the case that the most important document changed by your forms is /api/servers/{id}, so that's the document that should be the target of your form submissions
POST /api/servers/1
Content-Type: text/plain
STOP
POST /api/servers/1
Content-Type: text/plain
START
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about programming within the scope defined in the help center.
Closed 4 years ago.
Improve this question
I got an email stating that my project(s) hasn't accessed or used the YouTube Data API Service in the last 60 days and if it's inactive for another 30 days they'll disable access to the API. The project is referenced only by a number, and I have no idea what the "project" is or how to find it based on that number.
I have had the same email. I eventually found the Project by stumbling my way to this part of my Google Account, so you should find the Project in your Google Account using the same link:
https://console.developers.google.com/apis/
In my case the Project relates to the Wordpress Plugin "YouTube Lyte":
https://wordpress.org/plugins/wp-youtube-lyte/
I installed this Plugin on a Wordpress self-hosted blog some years ago.
I have no idea why my Google Developer Console identifies me (ie. my Google Account) as the "Owner" of the "YouTube Lyte" api.
I will see if I can get any clarification via the YouTube Lyte Plugin Support Page:
https://wordpress.org/support/plugin/wp-youtube-lyte
This is not my highest priority at the moment so someone else might get there first - and maybe kindly post an answer here?
Liz
Closed. This question needs debugging details. It is not currently accepting answers.
Edit the question to include desired behavior, a specific problem or error, and the shortest code necessary to reproduce the problem. This will help others answer the question.
Closed 4 years ago.
Improve this question
My application is not working today
it's an error message: The remote server returned an error: (401) Unauthorized.
and I try to use link : https://developers.pinterest.com/tools/api-explorer/
to debug.
but Response error:Something went wrong, are your fields correct?
Is Pinterest blocking this feature?
I have the same problem. It seems like Pinterest is banning all tokens generated outside an App (using the access token generator tool).
Please refer to Token Debugger Tool and see if your token is banned.
I think they are pushing us to create an App in fufilment of new privacy policies.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 6 years ago.
Improve this question
I have been doing a work in outsystems platform.
My works is a recruitment application where you add candidates to your app with a curriculum. You then choose the best ones to schedule an interview with, and eventually you can hire them to your company. Well, I don't known if you guys really need to know what my app is about, or what it does but I can explain better or eventually show it if it helps with my problem.
Well what I want is:
- When I register a candidate, I add a name, an email address, and a phone number. With this email, Outsystems offers a widget that can find all networks referred to that person (by email), that widget (I am not sure if this is the correct name for this tool, maybe API is more correct) can be found in Logic and inside the folder called Dependencies, that widget is called FullContact. To use that API you must create a new action. I did it and I filled the mandatory parameters called Email with Candidate Email. I am not sure what to put in APIKey parameter, I tried a lot of things and when I publish and test it I always have the same error called 403 Forbidden. What I am doing wrong?
I am not sure if this question is supposed to be done here, if it is not just tell me and I can delete the question and search somewhere else.
what I have is this: app print
I am not sure what to put in APIkey, I saw an example and the person that did it added an assign and an ajax refresh. Do I need it to? And this is the error I get when I test the app enter link description here
I never worked with FullContact before but from some researches I learned the following:
Overview: The FullContact Developer APIs are used to manage and enhance contact information.
Authentication: All requests to all endpoints require you to specify your unique API key. The API Key is assigned to you by FullContact and is used to identify and authorize each request. Your API key should be kept private, and should never be displayed publicly.
To signup and get your free trial: https://portal.fullcontact.com/signup
Note: FullContact isn't free, you can only apply for a trial or pay.
Pricing: https://www.fullcontact.com/developer/pricing/
Where did you get that action from? Was it from the LinkedIn Connector perhaps? If so, you might be lacking authentication. Check the documentation from available in the sample eSpace.