Are there any AJAX client tools for interrogating ajax endpoints?
I am using firebug for development and have installed some addons for manipulating the request headers.
However, I am finding this to be quite unproductive as I need to set the X-Requested-With in the header whenever I want to test my AJAX endpoint and then remove it for testing my pages normally.
I am looking for a GUI tool which allows me to point it to an AJAX endpoint and craft a request, be it a JSON request or just a standard GET/POST request.
Something equivalent to Pinta (for testing AMF requests) in the AJAX world would be nice.
Do any tools like this exist?
I just found HttpRequest (a FireFox addon) that can do this. Simply just set the request header x-requested-with to XMLHttpRequest and away you go!
Related
Is there anyway in JAX-RS, Jersey to ensure a request is Ajax only?
The goal here is to ensure that a number of endpoints are only accessed as AJAX calls and not as a Web URL in a browser?
Reason is the request may contain query parameters that are PHI and we don't want them going into Browser history.
A HTTP request triggered by an AJAX call is not different from any other HTTP request from the POV of the server. Even more, if your web application makes an AJAX request, you can use the tools your browser provides to inspect, copy and manipulate the request. Modern browsers provide the option to copy the exact request as a curl command that can be executed in the shell of your OS. To the server there is not difference between the original made by the browser and the copied request.
There is no way to do what you want to do.
I plan to use https to build a website. After the user logs in, s/he is directed to a dashboard. The dashboard will be developed using javascript and html5. What are the thing I need to keep in mind when I make ajax calls using SOAP to a web service while using https?
The most important things:
always use the same domain name, otherwise browser will throw cross domain errors,
always use https protocol for every ajax request, so browser won't get same origin errors.
On the server side check for X-Requested-With: XMLHttpRequest HTTP header, to be sure that the request came as AJAX, not standalone GET/POST request. This is only difference.
With AJAX request browser will send the same cookies value as in the any other request, so you can surely check user session with it.
will any webserver [IIS possibly] know whether a request is an AJAX request or a Normal one.
If you are using native XmlHttpRequests then there is no difference between this request and once generated by visiting a page or submitting a form. If you use jQuery to create the AJAX request then is adds a request header X-Requested-With: XMLHttpRequest. This header could be used to distinguish AJAX and non-AJAX requests.
Some (most?) frameworks can send a custom header, but, really, an ajax request is just the same as a "normal" request from the point of view of the server.
If you use curl, wget, telnet, or a program you write yourself, then the web server handles the request the same way - at the end of the day, it's all HTTP.
The easiest way for the receiving page to 'know' would be to send a query string parameter. This isn't 100% safe though.
Firebug can show you what is being sent to the server from both types of requests, try it out.
Possibly, it is not the webserver that can distinguish, but the server side code might be able to distinguish. If you are talking about ASP.NET and AJAX, then ScriptManager.IsInAsyncPostBack can be used to find whether a postback is from AJAX or not.
I want to ask you how the browser sends ajax request i mean what is the format of ajax request. So what is actual format of AJAX request sent by browser.
Thanks in advance
If you install Firefox and Firebug you can see for yourself:
http://codeclimber.net.nz/archive/2007/08/01/How-to-debug-XmlHttpRequest-with-Firebug.aspx
It's a standard HTTP request - just like any other request the browser makes.
You can read more about the XMLHttpRequest call and indeed the structure of a HTTP request on WikiPedia.
AJAX is shorthand for Asynchronous JavaScript and XML and does not define a standard on how the data is transferred.
Because the browsers are designed primarily as HTTP clients you should study GET and POST and maybe PUT and DELETE for RESTful web services.
Is it possible to know that a HTTP request is from Ajax?If yes, how?
Many frameworks add a header X-Requested-With set to XMLHttpRequest when sending an AJAX request. If you are using jQuery or Microsoft frameworks, this should work. If using another framework, you'll have to check the documentation. Since normal requests don't have the header, a check for the presence of the header should be sufficient.
If you are using your own "home-built" AJAX or the framework doesn't do this, but does allow you to set a header, you could simply follow this convention and add your own header when making the request.
Most frameworks set X-Requested-With header to state it. But standard AJAX requests doesn't.
I would assume that any request received by a server would appear to be the same (ie http post/get) and that you would need to look at the referer, but that may just give you the browser details?