WP7 and Http-Referer - windows-phone-7

I've written an app that shows comments from Disqus and when I run it as a .NET application on my desktop it works great. It sends a http requst and then deserialize the json objects. But when I move the code to my Windows Phone app I get an error from Disqus.
It appears that because Windows Phone decides to add a random http referer my request fails. I'm not allowed to change the referer on the windows phone I get the message "The 'Referer' header cannot be modified directly." if I try to do that.
Is there a workaround for this that doesn't require me to build a proxy that removes the referer header?

From what I can gather from this post, there's no way to remove the Referer header without using a proxy service. Apparently this code worked for one person:
var uri = new Uri ("http://some.where");
var request = WebRequestCreator.ClientHttp.Create (uri) as HttpWebRequest;
request.Headers ["user-agent"] = "My user agent string";
request.BeginGetResponse (...);
However, it seems that the general consensus in that thread is that there's no way to change it, but it should be fixed in the Mango version.

Instead of request.Referer = referer use request.Headers[HttpRequestHeader.Referer] = referer and it will work

Related

Compose HTTP(S) Requests with Telerik Fiddler Classic using an authorization token

I am trying to know how to send a GET request url using an authorization token in the header similar as below:
Authorization: Token token="here my personal token"
What have I tried:
In the composer, I have selected GET verb and I have indicated my url.
In the box under URL I have specified the headers, one line by line, and the last one I have specified is the above indicated.
When I click on Execute button I get HTTP 502 error message.
In Postman, another alternative to Fiddler Classic, I specify the authorization token in the header and it works ok.
So what am I doing wrong in Telerik Fiddler Classic?
Postman configuration
Postman Params tab:
Postman Authorization tab:
Postman Headers tab:
Postman 7 hidden header entries:
These hidden entries are postman-specific. I have not introduced them manually. Only first two are checked (enabled), the rest are unchecked (disabled). In case of first hidden header "Cookie", if I remove it and send the request, it is added automatically by Postman again.
And the same in Telerik Fiddler Classic, same request with same params and headers does not work. See below screenshot.
Telerik Fiddler Classic configuration
UPDATE 2021/07/28:
Finally I have solved by changing TLS from 1.0 to 1.2.
Below are the steps I have followed in Fiddler Classic:
Tools/Options/HTTPS
Check "Decrypt HTTP traffic"
Install fiddler certificate
Change TLS1.0 to TLS1.2 in protocols
After doing that, I execute the request and it works perfectly.
Also, I do not know why but once I have done above steps if I go again to Tools/Options/HTTPS and uncheck "Decrypt HTTP traffic" option, the request continue working correctly.

Ruby Net:Http get request gives different response than with Browser

I am trying to fetch from API server using Net::HTTP.
puts "#{uri}".green
response = Net::HTTP.new('glassdoor.com').start { |http|
# always proxy via your.proxy.addr:8080
response = http.get(uri, {'Accept' => 'application/json'})
puts "Res val: #{response.body}".blue
}
I got the uri from the console and pasted in the browser, and I received the JSON response.
But using the Ruby Net::HTTP get I receive some security message:
Why the difference? The browser and the Ruby script are behind the same public IP.
You were detected as a crawler (correctly, by the way). Note that those requests (from browser and the script) are not just the same. The browser sends some headers, such as accepted language, user agent etc. You can peek into it using web inspector tool in the browser. On the other side, in your script you only set Accept header (and to JSON, suspicious on its own, as browser would never do that). And you do not send any user agent. It's easy to see that this is an automates request, not natural traffic from the browser.

Configure ngrok's CORS headers

I am running a local webserver, which runs an XHR request to an ngrok server, also run from my PC.
I'm getting XMLHttpRequest cannot load http://foo.ngrok.io/. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:3000' is therefore not allowed access.
It appears the ngrok FAQ mentions CORS headers, but only in relation to basic auth - it doesn't mention how to set the headers so I could test my app in development.
How do I change ngrok's CORS options to allow loading requests from localhost?
UPDATE: different use case. BOUNTY FOR THIS SOLUTION:
I am getting the following error:
login.php:1 Access to XMLHttpRequest at 'http://localhost/lagin/public/login.php'
from origin 'http://062b-96-230-240-153.ngrok.io' has been blocked by CORS
policy: The request client is not a secure context and the resource is in more-
private address space `local`.
I've looked at Configure ngrok's CORS headers but still not sure how to proceed. When I tried ngrok http -host-header=rewrite 80 it says header not defined.
I've looked at 10 or 12 youtube videos and they all do a great job explaining what CORS is but an awful job explaining how to fix it.
I'm running virtualbox on a windows 10 machine and create a linux virtual machine. On the linux side I am running xampp as a local server.
I am happy to provide more details but I just don't know what additional information is needed.
I am able to see the login page of my site on ngrok but as soon as I make a axios call I get the above error.
Also, I tried //flags/#block-insecure-private-network-requests in chrome and set to disable. When I do that I no longer get the error but the site doesn't work.
ADDITIONAL INFORMATION:
I spoke to ngrok and they say: ...it sounds like your app is trying to call localhost somewhere in a ajax request. You will need to adjust that call to ensure it is being routed through ngrok.
here's what I'm doing:
responseData = sendData2('http://localhost/lagin/public/login.php',emailPass);
and here’s sendData2 (just for completeness)
function sendData2(url,emailPass){
let bodyFormData = new FormData()
for (const [key, value] of Object.entries(emailPass)) {
//console.log(key,value)
bodyFormData.append(key,value)
}
return axios({
method: 'POST',
url: url,
data: bodyFormData,
headers: {'Content-Type': 'multipart/form-data'}
})
.then(function(response){
return response.data
})
.catch(function(response){
return response
})
}
UPDATE: Each time we tunnel into ngrok we get an address like https://2634-96-230-240-153.ngrok.io If we change the send2() call to
sendData2('http://96-230-240-153.ngrok.io/lagin/public/login.php',emailPass);
it works but this requires I change the code each time I have a new tunnel. Would adjusting the CORS policy get around this problem?
I just stumbled across this issue today and was able to resolve it by starting ngrok and including the -host-header flag.
ngrok http -host-header=rewrite 3000
From the docs:
Use the -host-header switch to rewrite incoming HTTP requests.
If rewrite is specified, the Host header will be rewritten to match
the hostname portion of the forwarding address.
First of all ngrok is just a tunnel and not a server so configuring CORS header in ngrok is not at all possible. So any kind of CORS configuration needs to be done at the server level.
For example if you are using a nginx server, you need to configure header in the nginx conf file like:
location / {
/*some default configuration here*/
add_header 'Access-Control-Allow-Origin' '*';
}
By adding this header, you say that cross origin access to your address is allowed from any address as the value of the header is '*'. You can also specify a particular address for which the access to your address is allowed by replacing the value.
For me, in addition to setting up the server, you also need to add to the header on each request sent from the client side
"ngrok-skip-browser-warning": true
With Webpack / react, I used the 'requestly' Chrome extension and set up a rule from the Bypass CORS template. Note that after selecting Templates > Bypass CORS, you need to click Create Rule in the top right of the dialog.
Then fill in the section at the top, "If domain contains <your domain" and make any other configuration changes, then you can save your rule.
If you are using ngrok with nodejs/express.js .
Use this code:
app.use(function(req, res, next) {
res.header("Access-Control-Allow-Origin", "YOUR-DOMAIN.TLD"); // update to match
the domain you will make the request from
res.header("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-
Type, Accept");
next();
});
Replace "YOUR-DOMAIN.TLD" with "*" to give access to all urls OR your specific website url.
Refer to https://enable-cors.org/server_expressjs.html for more details
Getting ngrok to work took a little time to figure out but it's actually quite easy.
In chrome there is an option to turn off CORS. In the chrome address bar go to
chrome://flags and look for Block insecure private network requests.
This needs to be disabled.
Second, in my ajax request I had used an absolute path and this needed to be changed
to a relative path.
REMEMBER:This is for running localhost and exposing it to the web

Open a URL from windows service

http://www.myserver.com/mypage.php?param1=abc&param2=123
I need to open this URL from a windows service either by IExplorer or without opening on windows startup.
OR
Can I submit an HTML form to my web server from a windows service on windows startup?
Depending on your requirements, the best way to do this might be by using HttpWebRequest. You can just write some code like this to accomplish the form post:
string url = "http://www.myserver.com/mypage.php?param1=abc&param2=123";
var request = (HttpWebRequest)HttpWebRequest.Create(url);
request.Method = "POST";
var response = (HttpWebResponse)request.GetResponse();
// etc... read the response from the server here, if you need it
On Windows Vista and later, services use a noninteractive window station and cannot interact with the user. Read here for more information.

How to control a cisco IP-Phone from the CLI?

I've a Cisco IP-Phone 7945 and I want to control it from my CLI. For example I want to start a command like
call start 12345 #12345 is the number I want to call
or
call cancel
Anybody knows a tool or something similiar?
I'm writing a rails app and I want to start a call from within the app after a certain action.
The 7945 has a web interface that permits execution of commands, including a "Dial" command, by authenticated users.
Your rails app would connect to the phone at http://phone-ip-address/CGI/Execute and POST some XML that looks like this:
<CiscoIPPhoneExecute>
<ExecuteItem URL="Dial:12345" />
</CiscoIPPhoneExecute>
The authentication is done with HTTP Basic Auth and the back-end authenticator is determined by what phone system your 7945 is connected to. If Cisco Call Manager, it uses the assigned Call Manager user information.
Look for the IP Phone Services guides on cisco.com for details. Quick links:
HTTP Requests and Header Settings
CiscoIPPhone XML Objects
Internal URI Features
Short answer: it's not a CLI but it is straightforward to program a dialer by interacting with the phone over HTTP.
I know this is an old thread, but thought I'd post this working code example in Ruby. Tested on the CP-8941 phone. Username & password schemes will vary. Our system is set up to interface to Active Directory, so the username and password are those of our Windows login.
require "net/http"
require "uri"
phone = "ip-of-your-phone"
user = "your-username-goes-here"
secret = "your-password-goes-here"
prefix = "91"
todial = "number-to-dial-goes-here"
uri = URI.parse("http://#{phone}/CGI/Execute")
http = Net::HTTP.new(uri.host, uri.port)
request = Net::HTTP::Post.new(uri.request_uri)
http = Net::HTTP.new(uri.host, uri.port)
request = Net::HTTP::Post.new(uri.request_uri)
request.basic_auth(user, secret)
request.set_form_data({"XML" => %(<CiscoIPPhoneExecute><ExecuteItem URL="Dial:#{prefix}#{todial}" /></CiscoIPPhoneExecute>) })
response = http.request(request)

Resources