I'm trying to read documentation and I must confess it is not an easy reading. I have no problem (after adding Access-Control-Allow-Origin header) to read responseText, but fail to get response header anywhere except Firefox.
So, my question is what is the right way to get response header, using cross-domain ajax?
I've tried to use (Access-Control-Expose-Headers), but, again, failed to read header.
So the way it should work is that you specify the headers you want the client to have access to in the Access-Control-Expose-Headers header. For example, if your server sets a Foo response header, and you want the client to be able to read it, your server should also send the following header:
Access-Control-Expose-Headers: Foo
On the client side, you can read all the response headers by calling xhr.getAllResponseHeaders(). This returns the response headers as a string, which you can then parse into an object using the following code: https://gist.github.com/706839
That is an explanation of how things should work. However, note that there is a bug in older browsers where the response headers can't be read on the client. See here for more details: CORS xmlhttprequest HEAD method
I had same problem, and found answer on Chromium mailing list that this is fixed in webkit, and it will be implemented in crhomium ~19.
I will try to find topic and update my answer.
Related
I am trying to do DELETE http request to an API ( I don't have access to the source code of it) but the API keeps responding with 406.
I tried to put "Accept" header any but the issue still the same, I see the headers are correct.
Any help is appreciated
I have a web crawler on Heroku and I'm trying to call the script from a POST request on Parse Cloud Code httpRequest but I receive a 403 forbidden response basically telling me the Referer Header didn't pass. How can I get past this?
Django's CSRF protection tests the Referer header: see https://docs.djangoproject.com/es/1.9/ref/csrf/#how-it-works. Browsers typically send that header to indicate the page that originated a request, but programmatic user agents don't (cURL, Python requests, and presumably Parse.Cloud.httpRequest) without being told to do so.
To add custom headers to a Parse request, see: Parse.Cloud.httpRequest call with HTTP request header (note the headers object).
That said, you also need to make sure you have a way to get the CSRF token to begin with, and include it either in a XCSRF-Token header or a form field (unclear from your question whether you are doing that).
I have a problem while sending a message via Jersey client on Mandrill API. I use Jersey client as follows:
ClientBuilder.newClient()
.register(JacksonJsonProvider.class)
.target(“https://mandrillapp.com/api/1.0/messages/send.json”)
.request(MediaType.APPLICATION_JSON_TYPE)
.post(Entity.json(methodEntity));
Below you can see logged headers, method and content of the API request.
POST https://mandrillapp.com/api/1.0/messages/send.json
Accept: application/json
Content-Type: application/json
{"message":{"subject":"Hello World!","text":"Really, Im just saying hi from Mandrill!","to":[{"email":"marcel#xxxx.com","name":"Marcel cccc","type":"to"}],"headers":{},"tags":["test"],"from_email":"info#xxxxx.com","auto_text":true,"preserve_recipients":false},"async":false,"key":"EWIBVEIOVBVOIEBWIOVEB"}
In response to this request I keep receiving following message:
[{"email":"marcel#XXXX.com","status":"rejected","_id":"0ea5e40fc2f3413ba85b765acdc5f17a","reject_reason":"invalid-sender"}]
I do not know what the issue may be, from some posts I figured out I must use UTF-8 to encode my message and headers. But setting encoding to UTF-8 did not do much good. Otherwise the payload seems fine to me and moreover I found on forums that invalid sender can mean any other kind of issue (not just invalid sender which is sad).
I had exactly same problem with
"reject_reason":"invalid-sender"
You probably check already similar question Mandrill “reject_reason”: “invalid-sender”
Try it if it helps. I realize that you also missing header parameter in your request
e.g. User-Agent: Mandrill-myclient/1.0
Please try also add this parameter to your Jersey Client setup as following:
ClientBuilder.newClient()
.register(JacksonJsonProvider.class)
.target(“https://mandrillapp.com/api/1.0/messages/send.json”)
.request(MediaType.APPLICATION_JSON_TYPE)
.header("User-Agent", "Mandrill-myclient/1.0")
.post(Entity.json(methodEntity));
Does it help?
This is sort of a cross-domain issue, but the problem is the browser (Chrome) doesn't seem to follow the redirect. Instead, nothing is returned to the jQuery ajax call, and I get an error.
I'm trying to use jQuery.ajax, but the URL that I'm using redirects to another domain. When this happens, I get an error. Is there anything special that needs to be done so the browser will follow the redirect?
I already added access-control-allow-origin: * to the header of the second domain that is being redirected to.
An HTTP redirect page is treated as any other HTTP page in that it also needs the access control headers. If your redirect page does not have them, the browser will never get around to checking if the page being redirected to has the proper permissions.
Along with the Location header on the redirect page, also add the Access-Control-Allow-Origin header and its related constituents (i.e. Access-Control-Allow-Methods etc.)
The only way to get a cross-domain ajax call is to use jsonp.
In jQuery, set your .ajax() dataType to 'jsonp'. See here: http://api.jquery.com/jQuery.ajax/
It still may not work, if the server being redirected to is not capable of a jsonp response. The difference between a json response and a jsonp response is that a json response is a pure json string, while a jsonp response is the code that calls a function passing in a json string.
A not-too-shabby tutorial: http://remysharp.com/2007/10/08/what-is-jsonp/
A good discussion: Can anyone explain what JSONP is, in layman terms?
I am currently testing some JavaScript that makes a GET request (ie. XMLHttpRequest with "get") with a Range header. Because the request is cross-domain, I'm implementing access control headers in the response as described here:
https://developer.mozilla.org/En/HTTP_access_control#Preflighted_requests
What's confusing me however is that my current server setup is working in Chrome but not in Firefox. Specifically, when I run the JavaScript in Chrome I'm getting back a chunk of the requested data, just like I want. In Firefox however I'm getting error code 501 on request method OPTIONS
At first that seems like the OPTIONS request method needs to be handled by the server, but that works in Chrome so it looks like this is a red herring and something else is wrong. Currently the following response headers are implemented, perhaps this is where the problem lies:
Access-Control-Allow-Headers: Range
Access-Control-Allow-Origin: *
Anyone have any insight in what I need to do? Do Chrome and Firefox handle cross-domain restrictions differently?