I have a really simple webform;
<form name="logmeinsupport" action="https://secure.logmeinrescue.com/Customer/Code.aspx" method="post">
<span>Enter your 6-digit PIN code: </span><input type="text" name="Code" /><br />
<input type="submit" value="Connect to technician" />
</form>
On the logmeinrescue side, there will post the error code back into URL:
Like: http://tomtom-uk--tst2.tomtom.com/app/utils/support_login?LogMeInRescueResponse=PINCODE_INVALID
However, our server setup interprets it as a page in web server, therefore, i got 404 error:
404 Page Not Found
The page 'utils/support_login?LogMeInRescueResponse=PINCODE_INVALID.php' was not found.
It is not so easy for our infrastructure team to change it. I am wondering whether I can use Ajax call backs post function to get response. And i think the difficult is about cross server ajax call.
Any examples? Thanks
Cheers,
Qing
The server looks for the file 'utils/support_login?LogMeInRescueResponse=PINCODE_INVALID.php'.
I think you should change your request to:
utils/support_login.php?LogMeInRescueResponse=PINCODE_INVALID
In this way the server will look for support_login.php and if there is indeed a file with this name on your server you will not have this error again.
Related
I am upgrading sagepay(opayo) direct from 2.23 to 4.0. After upgrade 3d secure page is not opening in live mode.
I have used sagepay direct mode. After giving the card details got the "Status=3DAUTH". Then i redirect to another page where 3d secure page will open in an iframe.
In Test mode checking:
After full implementation i have tested in test mode. In test mode "challan" page came up successfully and its successfully authenticated. And payment successful.
Test In live Mode:
When i test in live mode with soldo virtual card its successfully open the 3d secure page. After approve the payment from soldo app, payment is successfull. And its done.
Now when i try amex card it shown 3d secure page loading screen and then given below error.
Oops ! An error occurred!!!
Internal processing Error..!!!
Now i have tried to do payment in master card. In this case when i redirect to 3d secure page. No thing is showing in iframe. And its stuck.
I have sending below params when trying to 1st call
$strPost = $strPost . "&Apply3DSecure=0";
$strPost = $strPost . "&AccountType=E";
$strPost = $strPost . "&BrowserAcceptHeader=text/html,application/xhtml+xml,application/xml&BrowserColorDepth=24&BrowserJavaEnabled=1&BrowserJavascriptEnabled=1&BrowserLanguage=en-GB&BrowserScreenHeight=1080&BrowserScreenWidth=1920&BrowserTZ=%2B300&BrowserUserAgent=Mozilla&ChallengeWindowSize=01";
$strPost = $strPost . "&ThreeDSNotificationURL=".$strYourSiteFQDN."3DCalBack.php?pagename=transactionRegistration.php&VendorTxCode=".$strVendorTxCode;
$strPost = $strPost ."&COFUsage=FIRST&InitiatedType=CIT&MITType=UNSCHEDULED";
ACSURL submit form
<form name="form" action="{$ACSURL}?creq=".$strCReq" method="POST">
<input type="hidden" name="PaReq" value="{$strPAReq}"/>
<input type="hidden" name="creq" value="{$strCReq}"/>
<input type="hidden" name="TermUrl" value="{$TermUrl}?VendorTxCode={$strVendorTxCode}"/>
<input type="hidden" name="MD" value="{$strMD}"/>
<input type="hidden" name="VPSTxId" value="{$strVPSTxId}"/>
<input type="hidden" name="mode" value="secure3d"/>
</form>
Please help me get fixed 3d secure page.
First, make sure this is not a Frictionless Authentication. From the docs:
For a frictionless authentication, the 3D Secure scheme has enough
information about the cardholder to provide an instant authentication
result. When the authentication process has completed the transaction
is submitted for authorisation.
I.e there is need to ask for the code and redirect to the 3-D Secure page (or show it in iframe). If necessary, you may use the Apply3DSecure=1 param in your initial request to SagePay, so that 3-D Secure check is always forced.
Second, for the 3-D Secure v2 redirection the list of the form fields should be:
<form action="{$ACSURL}" method="post">
<input type="text" name="ACSTransID" value="{$strACSTransID}" />
<input type="text" name="creq" value="{$strCReq}" />
<input type="text" name="TermUrl" value="{$TermUrl}?VendorTxCode={$strVendorTxCode}" />
</form>
All data should be POST-ed, and you should include the ACSTransID value from the response to your initial request. Note: fields PaReq and MD are related to 3-D Secure v1. If for some reason you would like to keep the backwards compatibility your current integration should be fine. In such case you may check the response for the initial request:
if it contains CReq and ACSTransID fields, then SagePay expects the communication via v2 protocol
if there are PaReq and MD fields, it's v1 protocol
However, 3-D Secure v1 is going to be withdrawn soon on October, 15 2022. So apparently keeping the backwards compatibility is not necessary.
I deployed my laravel application in a shared hosting system and the application works fine, but every time I open the website for the first time in a new browser the first POST request that I make returns error 419, page expired. After that the system works fine, every POST is made correctly but I don't know why always this error happens the first time the system is opened in a new browser. The csrf_token is correct at the code.
<form method="POST">
#csrf
<input class="fields" name="user" placeholder="Email"/><br/>
<input class="fields" name="password" type="password" placeholder="Senha"/><br/>
<input class="entrarbtn" value="Entrar" type="submit"/><br/>
</form>
just added this settings on php.ini and works now
; cPanel-generated php ini directives, do not edit
; Manual editing of this file may result in unexpected behavior.
; To make changes to this file, use the cPanel MultiPHP INI Editor (Home >> Software >> MultiPHP INI Editor)
; For more information, read our documentation (https://go.cpanel.net/EA4ModifyINI)
output_buffering = 16384
I'm trying to get form based authentication to work and came across only 1 reference on the web that indicated the url was j_security_check and the parameters are j_username and j_password. There is no mention of this in any of the quarkus docs.
Am I missing something or is the documentation lacking this critical piece of information?
Thanks
Jeff
Yep, you're totally right about the lack of documentation on that, despite this, I've consolidated some information.
To make the authentication
Create a HTML form which perform the POST to /j_security_check
login.html
<form action="j_security_check" method="post">
<div class="container">
<label for="j_username"><b>Username</b></label>
<input type="text" placeholder="Enter Username" name="j_username" required>
<label for="j_password"><b>Password</b></label>
<input type="password" placeholder="Enter Password" name="j_password" required>
<button type="submit">Login</button>
</div>
</form>
A CURL example
$ curl -i -X POST http://localhost:8080/j_security_check -d 'j_username=admin&j_password=admin'
HTTP/1.1 302 Found
location: http://localhost:8080/index.html
content-length: 0
set-cookie: quarkus-credential=DPeFtSios6kIpWpJw6BpCfId3+MT151H3yPOc5VzfYdrdO6oRcE+dy18IL0KMeFx; Path=/
References about the login mechanism
I didn't found any additional doc explaining the login steps but I did some greps on quarkus source code and found this file which seems to handle the /j_security_check endpoint, looks likes there is no way to customize this path, or the parameters names, yet. This file is present on the dependency quarkus-vertx-http-1.10.5.Final.jar
public class FormAuthenticationMechanism implements HttpAuthenticationMechanism {
private static final Logger log = Logger.getLogger(FormAuthenticationMechanism.class);
public static final String DEFAULT_POST_LOCATION = "/j_security_check";
An interesting fact, a file with the same name, but with a more advanced code can also be found atundertow project, the path can be customized there.
I'm building a Ruby web app with Sinatra, and am using a form to pass parameters to a POST page, which should have rendered dynamic content based on those parameters.
However, when it came time to test the POST method and submitting the form, the following was displayed in the browser:
Internal Server Error
bad content body
When this happens, the error log shows:
Error: EOFError: bad content body
followed by a stacktrace of files I'm not working with and then:
"POST /list/AUser'sName" HTTP/1.1 500 294
Code for the form:
Note - This page is just used for redirecting to a different page, determining the correct form action= attribute.
<form action="/list/<%=name%>" method='post' enctype="multipart/form-data">
<input type='Submit'/>
</form>
POST method in the server.rb file:
post '/list/:name' do
"Hello World"
end
After removing the enctype= attribute, the form is now working as intended.
From what I've learned, the enctype attribute is only used when uploading a file that needs to be submitted with the form. I had it included here because of past issues on different forms where logic errors occurred when it was not included.
Thanks to all for the comments and suggestions.
I'm developing a plugin for Trac and trying to submit some info to the database
The scheme is:
Check a user you want to add to a department
Click a button to issue an ajax POST request
Process Request.
Everything was pretty fine while I was working with old 0.11 release. (not sure if that's the reason.
The company I've been working at updated Trac to the current stable 1.0.1 release and something is really wrong now.
Sending POST request without any data like this:
$.post("trac_dep_policy");
Went fine, but if I try to add some data:
$.post("trac_dep_policy", { name: "John", time: "2pm" } );
I get 400 Bad Request error.
After some debugging I figured out it's the protection against CSRF attacks that is working against me. (web/main.py)
The question is simple - how should I deal with it?
CSRF protection is auto-added to each form by a combination of in-place Genshi template modification and read-back on POST request, and I know this has been added very early, fixed version in Trac 0.10.2 release to be clear.
You'll need to use XMLRPC protocol (see XMLRPC plugin) or read the hidden form token yourself.
The answer was simple enough:
Just as #hasienda mentioned in his answer - each form in Trac is provided with a hidden input inside a div element with a certain name tag and a token value:
<form>
<div>
<input type="hidden" name="__FORM_TOKEN" value="9c69c37f52f669fb99b095e4">
</div>
</form>
Now, everything you'll need to do a successful POST request via ajax is to pass this __FORM_TOKEN value together with your data:
var token_value = $("input[name=__FORM_TOKEN]").val();
$.post(url, {__FORM_TOKEN: token_value, data: your_data})