CORS does not work - ajax

I need to write an ajax request, which will request an XML from REST service. I deployed locally a simple REST service, which returns an XML document.
I know about same origin policy, so I added Access-control-allow-origin: * to the response (or the same value like in Origin header in request). Then I tested my ajax request from a local html file and got same origin policy error.
I then tried to put this page into java web application, deployed it into tomcat and got the very same error. I've tested it in Chrome and Firefox.
It only works if I start Chrome with disabled web security. But it does not solve my problem.
That's the request, sending by ajax, which receives
**OPTIONS http://localhost:9198/helloworld Origin http://localhost:8081 is not allowed by Access-Control-Allow-Origin.**
For both cases. Whether it is an * in the Access-control-allow-origin or defined host.
Request URL:http://localhost:9198/helloworld
Request Method:OPTIONS
Status Code:200 OK
Request Headers:
Accept:*/*
Accept-Encoding:gzip,deflate,sdch
Accept-Language:ru-RU,ru;q=0.8,en-US;q=0.6,en;q=0.4
Access-Control-Request-Headers:accept, customheader, origin
Access-Control-Request-Method:GET
Connection:keep-alive
Host:localhost:9198
Origin:http://localhost:8081
Referer:http://localhost:8081/testRest/test.html
User-Agent:Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.94 Safari/537.36
Response Headers:
Allow:OPTIONS,GET,HEAD
Content-length:564
Content-type:application/vnd.sun.wadl+xml
Date:Tue, 04 Jun 2013 08:48:28 GMT
Last-modified:B, 04 8N= 2013 20:23:45 MAGST
Here is the request\response if i just put the address of my REST service into browser.
Request URL:http://localhost:9198/helloworld
Request Method:GET
Status Code:200 OK
Request Headers:
Accept:text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding:gzip,deflate,sdch
Accept-Language:ru-RU,ru;q=0.8,en-US;q=0.6,en;q=0.4
Cache-Control:max-age=0
Connection:keep-alive
Cookie:srmuser=kbar
Host:localhost:9198
User-Agent:Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.94 Safari/537.36
Response Headers:
Access-control-allow-origin:http://localhost:8081
Content-type:application/xml
Date:Tue, 04 Jun 2013 09:10:03 GMT
Transfer-encoding:chunked
Could anyone please help me?

Related

Cloudflare Edge cache TTL

I've been testing Cloudflare, and I have Edge TTL set for 1 month for everything in the images folder. I'd like to see if this is set correctly, but in the Response Headers I don't see an EDGE TTL expiry. Is there any way for me to see when the cache will expire for an object in Cloudflare?
Here's the sample headers:
Response Headers
Request URL:https://cdn.mysite.com/content/testimage.jpg
Request Method:GET
Status Code:200
Remote Address:104.27.138.237:443
Referrer Policy:no-referrer-when-downgrade
Response Headers
accept-ranges:bytes
cache-control:public, max-age=14400
cf-cache-status:HIT
cf-ray:37fa88117ff010f3-ORD
content-length:10512
content-type:image/jpeg
date:Mon, 17 Jul 2017 04:41:54 GMT
etag:"b9a9dca80fa816483b4df7e970639c98"
expires:Mon, 17 Jul 2017 08:41:54 GMT
last-modified:Mon, 17 Jul 2017 04:13:53 GMT
server:cloudflare-nginx
status:200
vary:Accept-Encoding
via:1.1 d784ab98a21beb476de2ec8d5824cf82.cloudfront.net (CloudFront)
x-amz-cf-id:MhQHg0-wZ_l7yEPeFkOvt7JXn4xuicRBpIVw2jlcy6Lt9KvukCrFcw==
x-amz-meta-s3cmd-attrs:atime:1499536352/ctime:1499536352/gid:1000/gname:sluser/mode:33204/mtime:1499536352/uid:1000/uname:sluser
x-cache:Miss from cloudfront
Request Headers
:authority:cdn.mysite.com
:method:GET
:path:/content/testimage.jpg
:scheme:https
accept:text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
accept-encoding:gzip, deflate, br
accept-language:en-US,en;q=0.8
cache-control:no-cache
cookie:__cfduid=df4ff5a2242e05fbc12499e832333f59c1500222401
pragma:no-cache
upgrade-insecure-requests:1
user-agent:Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.115 Safari/537.36
Because EDGE TTL expiry are not reflected in the response header. They use this for their internal parameter to store files.
Visit this link for more detail
https://support.cloudflare.com/hc/en-us/articles/200168376-What-does-edge-cache-expire-TTL-mean-

SignalR - Reconnect event Response with 400 (Bad Request)

i'm a bit new with signalr
i have developed a simple chat room (just connect to hub and begin chat) .. i tried it in my localhost and it was working perfectly without any interrupt ..that's good so far .
i uploaded then that site to online host .. i noticed that signalr connection ger failure after short time .. i opened chrome console i found that he tried to reconnect again with the hub (despite it's never happend in my localhost to try to reconnect)
the request was as the Following
Request URL:http://x-strangers.com/signalr/reconnect?transport=serverSentEvents&messageId=d-7C5BF30A-B%2C0%7CC%2C4%7CD%2C1&clientProtocol=1.5&connectionToken=2gLhobhAyeQi9GcNL%2FQTHDcBsz0Rgyc%2FUy4K%2FS5K6Kc0pQB%2FCsLATd2gYBZZ7dclT1EpGafRQkU7MC%2FHEUZTV7cldjc81%2BNYjmckQiS%2FbLcRZqU8GYYx6rPulazcdw89&connectionData=%5B%7B%22name%22%3A%22strangershub%22%7D%5D&tid=4
Request Method:GET
Status Code:400 Bad Request
Remote Address:198.38.83.16:80
Referrer Policy:no-referrer-when-downgrade
Response Headers
view source
Cache-Control:no-cache
Connection:Keep-Alive
Content-Type:text/html
Date:Wed, 21 Jun 2017 20:47:11 GMT
Expires:-1
Pragma:no-cache
Server:Microsoft-IIS/8.0
Transfer-Encoding:chunked
X-AspNet-Version:4.0.30319
X-Content-Type-Options:nosniff
X-Powered-By:ASP.NET
Request Headers
view source
Accept:text/event-stream
Accept-Encoding:gzip, deflate, sdch
Accept-Language:en-GB,en;q=0.8,ar;q=0.6,en-US;q=0.4
Cache-Control:no-cache
Connection:keep-alive
Cookie:ASP.NET_SessionId=zfgyzje0tvjfot4r1jpk2zg2
Host:x-strangers.com
Referer:http://x-strangers.com/Home/Strangers
User-Agent:Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36
Query String Parameters
view source
view URL encoded
transport:serverSentEvents
messageId:d-7C5BF30A-B,0|C,4|D,1
clientProtocol:1.5
connectionToken:2gLhobhAyeQi9GcNL/QTHDcBsz0Rgyc/Uy4K/S5K6Kc0pQB/CsLATd2gYBZZ7dclT1EpGafRQkU7MC/HEUZTV7cldjc81+NYjmckQiS/bLcRZqU8GYYx6rPulazcdw89
connectionData:[{"name":"strangershub"}]
tid:4`
and the Response was Like the Following
The ConnectionId is in the incorrect format.
Eventually the Connection get Fail
Any Idea how to Fix This ??

SPA (Single-page app) load always from cache

I have a SPA (Single-Page Application) written using OpenUI5 framework.
It works well (when I'm in debug mode or using cache-killer https://chrome.google.com/webstore/detail/cache-killer/jpfbieopdmepaolggioebjmedmclkbap) but now I have pushed the app on the server apache: here the problems started...
Users not have cache-killer installed and I would like update the app on the server and immediately have the new version of the app on the users pcs at the successive refresh.
In my app I have a series of tab: each tab have a content and I have two different content for each tab (a display fragment content and a change fragment content).
When I load the page, by default, tabs are filled by display fragments; then I press a button and the content of each tab swithc to the change fragments.
The problem is that all fragment that I retrieve after the first page loading are loaded (from cache)...
I try to use manifest application cache and the various meta-tags (see Chaching with single-page application) but the problem not change and it is still there.
This is a request-response header for the diplay fragment (correcly loaded from the server)
General:
Request URL:http://10.7.1.96/www/temp_ftp_grunt/view/tab/article/TabAnagrDisplay.fragment.xml
Request Method:GET
Status Code:304 Not Modified
Response header:
HTTP/1.1 304 Not Modified
Date: Thu, 17 Sep 2015 14:45:43 GMT
Server: Apache/2.4.7 (Win32) OpenSSL/1.0.1e PHP/5.5.6
Connection: Keep-Alive
Keep-Alive: timeout=5, max=46
ETag: "38b6-51ff07d7bfe81"
Request Header:
GET /www/temp_ftp_grunt/view/tab/article/TabAnagrDisplay.fragment.xml HTTP/1.1
Host: 10.7.1.96
Connection: keep-alive
Cache-Control: max-age=0
Accept: application/xml, text/xml, */*; q=0.01
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.93 Safari/537.36
Referer: http://10.7.1.96/www/temp_ftp_grunt/
Accept-Encoding: gzip, deflate, sdch
Accept-Language: it,en-US;q=0.8,en;q=0.6
If-None-Match: "38b6-51ff07d7bfe81"
If-Modified-Since: Thu, 17 Sep 2015 12:24:01 GMT
and this for the change fragment loaded from cache
General:
Request URL:http://10.7.1.96/www/temp_ftp_grunt/view/tab/article/TabAnagrChange.fragment.xml
Request Method:GET
Status Code:200 OK (from cache)
Response header:
Accept-Ranges:bytes
Content-Length:23642
Content-Type:application/xml
Date:Thu, 17 Sep 2015 14:44:47 GMT
ETag:"5c5a-51ff1965857b1"
Last-Modified:Thu, 17 Sep 2015 13:42:33 GMT
Server:Apache/2.4.7 (Win32) OpenSSL/1.0.1e PHP/5.5.6"
Request Header:
Provisional headers are shown
Accept:application/xml, text/xml, */*; q=0.01
Referer:http://10.7.1.96/www/temp_ftp_grunt/
User-Agent:Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.93 Safari/537.36
X-Requested-With:XMLHttpRequest
For OpenUI5 developers: I have loaded the fragment in this moode:
1.display fragments in onInit function of the controller that contain the list of tabs
var oTab = new sap.m.IconTabFilter();
oTab.addContent(myfragment);
tabBar.addItem(oTab);
2.change fragments by a function that remove the display frg by tabBar.removeAllItems(); and add the new frg in the same mode of 1.
I have tried to find a solution to my problem; I have read this https://developers.google.com/web/fundamentals/performance/optimizing-content-efficiency/http-caching and this http://alistapart.com/article/application-cache-is-a-douchebag articles but I can't find the solution for my problem. Cache buster https://openui5.hana.ondemand.com/#docs/guide/91f080966f4d1014b6dd926db0e91070.html suggested here Force clear cache in OpenUI5 require a SAP backend
We had the same problem and managed by defining a new path for fragments
sap.ui.localResources("fragments");
By default, fragments was in the same folder than Libraries (resources) and always caching.

Google app engine Endpoint and HTTP Sessions

I'm deploying an application in Google App Engine and I'm also using the Cloud Endpoint feature for REst call.
I use a custom domain to point on my application. As you probably know, Endpoint doesn't support custom domain. So my situation is this:
I open the page http://www.example.org
I do an ajax request to an Endpoint like https://my-example.appspot.com/_ah/api/service
Now the problem is: Everytime I do an ajax request to an Endpoint, a new Session is created!! How can I keep the session between requests? I inspected the responses from Endpoint, and I didn't find any reference to session cookie...
UPDATE 1
For the Ajax call I'm using JQuery.
$.post('_ah/api/user/v1/login', function() {
console.log('logged');
});
I now add this is for adding the withCredentials field.
$(document).ajaxSend(function(elm, xhr, s) {
xhr.withCredentials = true;
});
UPDATE 2
This is my request and the server response headers
Request
Accept:*/*
Content-Type:application/x-www-form-urlencoded; charset=UTF-8
Origin:http://www.example.org
Referer:http://www.example.org/game.html
User-Agent:Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.90 Safari/537.36
X-CSRFToken:xkNZPouvfl2mRT0IKFZNB2xJpffaaK3UuYhhg5eoeRAiMqxaoQ14q93cv2xeRnYP
Response
access-control-allow-credentials:true
access-control-allow-origin:http://www.example.org
access-control-expose-headers:Content-Encoding,Content-Length,Content-Type,Date,Server
alternate-protocol:443:quic,p=1
cache-control:private, max-age=0
content-encoding:gzip
content-length:165
content-type:application/json; charset=UTF-8
date:Sun, 19 Apr 2015 12:40:49 GMT
expires:Sun, 19 Apr 2015 12:40:49 GMT
server:GSE
status:200
version:HTTP/1.1
x-content-type-options:nosniff
x-frame-options:SAMEORIGIN
x-xss-protection:1; mode=block

Self hosted Wep Api on my Respbarry Pi leads to HTTP 400 Bad Request

I've created a self hosted Web API (Web API 2.2 + Owin). The service is quite simple and only returns the list of GPIO pin values.
On my Pi itself, it works perfectly. I can call the service without problems. Only when I try to call it from my PC a HTTP 400 is returned:
Request:
GET http://192.168.178.105/RobotApi/GetGpioPinValues HTTP/1.1
Host: 192.168.178.105
Connection: keep-alive
Accept: application/json, text/plain, */*
Origin: http://localhost
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36
Referer: http://localhost/piRobot.WebSite/index.html
Accept-Encoding: gzip, deflate, sdch
Accept-Language: en-US,en;q=0.8,de-DE;q=0.6,de;q=0.4
Response:
HTTP/1.1 400 Bad Request
Content-Type: text/html; charset=utf-8
Server: Mono-HTTPAPI/1.0
Date: Fri, 02 Jan 2015 16:19:24 GMT
Content-Length: 35
Connection: close
<h1>Bad Request (Invalid host)</h1>
I hope someone out there can help me. Any suggestions?
Thanks a lot,
Dante
Ok. Got it:-)
It was no problem with raspberry or mono or Web Api itself. The self hosted service was initialized with the base URL http://localhost. The strange thing is, the service is only available via localhost, but not via the according IP address!!!
So what I've done now is, I substituted localhost with the IP address of my Pi and it works perfectly. Now the service is only accessible via the IP?!
I still have no clue why it makes a difference, but obviously it does.

Resources