While logging into frontend for first time, Frontend is giving alert "Invalid Credentials, Try Again" even though credentials are correct. And logging in for the second time it is logging in normally without any error
Issues: Ensure CORS response header values are valid
Related
I have a strapi cms which I use for fetching. Today I ran npm run develop to start the server, and it needed be to login. No big deal, I logged in with my credentials, and it says wrong credentials. I tried the 3 passwords I use, but none of them work. I clicked "forgot password" and waited for the password reset, but it never came. I went back to sign in again, and I notice this message whenever I click the sign in button:
POSThttp://localhost:1337/admin/login [HTTP/1.1 400 Bad Request 95ms]
This message is also displayed in my IDE's console:
debug POST /admin/login (89 ms) 400
I've been trying to login for the past hour but it's still not letting me. I've already restarted the server, the IDE, my computer, as well as clearing cache and cookies, but none of them worked. Any clue to solve this?
Update:
This message is appearing in the console. I wonder if it's relevant? It's weird though because I never modified with the scripts in my IDE.
DevTools failed to load SourceMap: Could not parse content for http://localhost:1337/admin/shallowequal.cjs.production.min.js.map: Unexpected token < in JSON at position 0
I'm using $http.get() to commit an API request which works just fine as long as I enable CORS in my browser while testing. Of course, that's just a bandaid.
I found this article:
Angular $http.get: How to catch all the errors?
And have my code set up with a then().catch() and while the catch code is executed as expected, the error is still thrown:
XMLHttpRequest cannot load 'url here' due to access control checks.
Even when I manually disable CORS for development's sake, I still get 401 errors, despite my catch().
The goal is prevent the old "red text" errors in the console and just handle them with an alert to the user.
When you send an http request in a browser, it first sends OPTIONS request which is called preflight. The browser blocks the request if the response for the preflight request doesn't contain Access-Control-Allow-Origin headers.
This preflight request is transparent to Javascript. So, for every ajax call, the browser sends two requests if the destination is cross-domain.
Even though you catch the error, browser is going to report the network error in the console if the preflight request fails.
I call a dahua API for preset response in angular js but it gives me a 401 Unauthorised error.
My code is below :
var streamurl='http://admin:123456#192.168.1.202/cgi-bin/ptz.cgi?action=start&channel=0&code=PositionABS&arg1=180&arg2=190&arg3=10';
$http.get(streamurl, { withCredentials: true })
.then(function(response2) {
console.log(response2.data);
});
I could be wrong but I think you are getting login screen with that request. I've read through documentation and I have found your way of authentication only working on rtsp:// protocol, and for http I believe you should modify headers, and encode your username/pasword to base64, here's documentation:
ftp://ftp.wintel.fi/drivers/dahua/SDK-HTTP_ohjelmointi/DAHUA_IPC_HTTP_API_V1.00x.pdf
Also you should probably use this since you are using AngularJS/NodeJS, it will make your life easier - or check how this guy did his authentication and "borrow" from him:
https://github.com/nayrnet/node-dahua-api
How to Fix the 401 Unauthorized Error
Check for errors in the URL. It's possible that the 401 Unauthorized error appeared because the URL was typed incorrectly or the link that was clicked on points to the wrong URL - one that is for authorized users only.
If you're sure the URL is valid, visit the website's main page and look for a link that says Login or Secure Access. Enter your credentials here and then try the page again. If you don't have credentials, follow the instructions provided on the website for setting up an account.
If you're sure the page you're trying to reach shouldn't need authorization, the 401 Unauthorized error message may be a mistake. At that point, it's probably best to contact the webmaster or other website contact and inform them of the problem.
The 401 Unauthorized error can also appear immediately after login, which is an indication that the website received your username and password but found something about them to be invalid (e.g. your password is incorrect). Follow whatever process is in place at the website to regain access to their system.
From https://www.lifewire.com/401-unauthorized-error-what-it-is-and-how-to-fix-it-2622934
I have an API for logging in my AngularJS app. It just posts to a login URL and then gets a session object back if it went well. If it goes wrong however, what would be the right HTTP code to answer?
401: Unauthorized. Well not really. The user is authorized to try and login, it's just that the credentials were wrong.
400: Bad Request. Well not really. I understood the request, it's just that the credentials didn't match up.
If you think 401 would be best, that runs into another problem: I have an interceptor to catch 401s and show the login modal as a result. The idea is that a 401 will only happen when a session has expired (or something about the user changed), and the user should re-authenticate.
What would be the best solution?
The API should return 400: Bad Request only when the data is truly in bad form.
I'd return 422: Unprocessable Entity
Here are two articles:
http://www.restpatterns.org/HTTP_Status_Codes/422_-_Unprocessable_Entity
http://www.bennadel.com/blog/2434-http-status-codes-for-invalid-data-400-vs-422.htm
My AngularJS app uses $http.get() with https urls. If the server is using a self-signed certificate Chrome will reject the request and log an error ERR_INSECURE_RESPONSE to the console.
I would like to capture this specific error and prompt the user to configure their server with a valid certificate.
I've tried $http.error and $httpProvider.interceptors to get information about this error, but no relevant information is available in the error parameters.
I understand that Chrome is rejecting the request rather than the server, but using Angular, is there anyway to capture that Chrome has rejected the request with error ERR_INSECURE_RESPONSE?
I had the same issue in my ionic Project, but there is No way to overcome this issue clientside, this is security issue, go to server settings for SSL configuration, change DHPARAMS to 2048 bit key, that solved my issue,
Note : my server is amazon s3
I've been struggling with this for a while, trying to figure how to get a type of error in the $http error callback and show a helpful message to users. However, there seem to be no way to determine this specific error, the only way to determine it is to check whether the response.status is equal to -1 (this happens if the request was interrupted for some reason) - but it also might be -1 in other cases, like missing internet connection. So eventually I edited the error message, shown on status -1, to explain user what might be wrong.
Also, in my case users have to enter the server address, so in addition I added checking whether it's not an IP address (IP addresses cannot have valid SSL certificate, only self-signed, which would cause aforementioned error):
if (server_url.match(/^(?:[0-9]{1,3}\.){3}[0-9]{1,3}/)) {
// Show error message like "only domain names are allowed"
}
Hope that helps.