I need to call a login API hosted # https://login.microsoftonline.com
I am using Apache AHC v2.1 and it auto adds http header "transfer-encoding: chunked" to all requests .
The API does not support transfer encoding and returns.
**Not Implemented**
HTTP Error 501. The request transfer encoding type is not supported.
How can I prevent AHC from adding this header ?
I have tried to use the recommended "removeHeaders" option described #
https://camel.apache.org/manual/latest/faq/how-to-avoid-sending-some-or-all-message-headers.html
But this does not remove this header .
Any help appreciated .
If you use instead the Apache Camel HTTP component there is a setting chunked that you can disable.
This setting is not available on AHC component.
Related
I am having frontend in React and backend in Spring boot. I am having GET/PUT/POST/DELETE HttpMethods in Rest API, but for every request from the client OPTIONS call is sent by the client(browser). Due to security reasons, I need to restrict these OPTIONS method call from the client. At this moment of time changing on API level is not feasible Is there any configuration kind of thing to prevent this.
React application is deployed on IIS and Spring boot application on Tomcat.
React application using Axios as HTTP Client.
Note: I know the preflight request is sent by browser and for this OPTIONS are getting invoked, I don't want to go in that direction.
These OPTIONS requests are part of the CORS specification which states that every PUT or POSTs with content type application/json must be preflighted with OPTIONS to check Access-Control-Allow-Origin header without causing any side effects.
I can't see any security issues with allowing OPTIONS, but in fact this is a security feature enforced by your browser.
To stop this behavior you should use same origin requests. Other possibilities which I won't recommend would be to just use GETs for your post requests or POST with content type other that application/json. And of course, you can write your own browser or connect from a native environment (as HttpClient on a desktop or mobile app).
currently, for a server to server communication, we have our own authentication method which will expect a random key in the HTTP request header.is there a way I can extend the camle HTTP to add the header for all the HTTP request call. Note we have 4 camel context XML and each camel context have 10 routes which make the HTTP request
You could also use Camel interceptors in order to add your custom header to (all or some) "http:*"-like endpoints.
Have a look at:
http://camel.apache.org/intercept.html
I have written a pretty simple API in PHP and am running it as a service (https://protoapi-dot-rehash-148415.appspot.com/events/).
When I try to load a data grid with the JSON from the API, I am getting the dreaded "No 'Access-Control-Allow-Origin' header is present on the requested resource." error on the page on which I want to consume the JSON. (http://proto-angular-dot-rehash-148415.appspot.com/events.php)
I've tried a couple of different methods to add Access-Control-Allow-Origin: "*" to the app.yaml file and to the header in the PHP file that produces the API. I think it doesn't work in the yaml because you cannot apply http_headers to dynamic files, and it doesn't work in the file because of the compression.
Is there any other way to make this work, short of putting the API and the app in the same service? I'd hate to do that because I am using mod_rewrite for the API and it will probably cause chaos on my app.
Any insights would be greatly appreciated!
-Mike
The header won't do any good unless you add it server-side, on the events API. The server is what dictates CORS permissions. You could send it messages or files all day with the right headers at the top and it will just ignore them. The allow-origin header has to come from the server to allow the cross-origin resource sharing (CORS) to take place.
I would recommend prepending the header in the function that offers up the API or handles the requests. Your events API spits out a lot of JSON. Right before that JSON, have your API spit out the header Access-Control-Allow-Origin: * and you should be all set.
As a sanity check you can also try adding Access-Control-Allow-Headers: Content-Type and see if that helps. Based on your comment about the Content-Type header, this may be part of the problem. It should be added the same way as the other one; have your API send it prior to your events JSON on its own line (put a \n to make a new line inside the string literal).
I'm trying to fetch the list of official images from docker hub using v2 api. If I try to do curl or use postman, I get the response correctly, but when I try to fetch the list using angularjs service, I get the following error
XMLHttpRequest cannot load https://hub.docker.com/v2/repositories/library/?page=8&page_size=15. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://run.plnkr.co' is therefore not allowed access.
Can someone suggest solution for this. How can I enable cors for this?
CORS could be enabled on the server side, and this is not your case. What you could do is :
1) use a proxy, for instance NGNIX, and make Sure that all request Made to localhost/whatever are redirected to hub.docker.com . This way you can "cheat" Cross-origin block
2) if you need a temporary and dirty solution you could more simply install chrome/safari plugins to bypass CORS security check
There is only one way to bypass CORS is send request through a cors proxy like http://crossorigin.me
It's an opensource project and you can build your own proxy server by download the full source code from here: https://github.com/technoboy10/crossorigin.me
Reason behind the issue :
As per my understanding you are doing an AJAX call to a different domain than your page is on. So, the browser is blocking it for security reasons as it usually allows a request in the same origin.A tutorial about how to achieve that is using CORS.
When you are using curl or postman they are not restricted by this policy. Quoted from Cross-Origin XMLHttpRequest:
Regular web pages can use the XMLHttpRequest object to send and receive data from remote servers, but they're limited by the same origin policy. Extensions aren't so limited. An extension can talk to remote servers outside of its origin, as long as it first requests cross-origin permissions.
HTTP Response from my ESB service contains below HTTP header details;
HTTP/1.1 200 OK
Transfer-Encoding: chunked
Server: Jetty(7.6.7.v20120910)
How to remove/hide server version in response header.
I have tried with camel- route configuration as below;
removeHeaders pattern="*"
But its not worked out. Meanwhile i tried to intercept the response by using cxf-out-interceptor, but Message contains only content-type & date in PROTOCAL_HEADERS.
Is there any configuration in Fuse container level to remove this header key from HTTP response?
With the jetty component I think you cannot. The endpoint implementation adds back the three headers Content-Type, Transfer-Encoding, and Server even after the header filter strategy gets applied.
If you have the flexibility, try the netty4-http component instead of jetty. Possibly it does not add headers after the strategy is applied/you remove the headers explicitly with removeHeaders.
You can try to add your custom bindings instead of DefaultBindings provided by CXF if you using CXF as web service provider. In that case, you can remove/add/overrider certain attributes when headers are populated back to CXF Exchange from Camel Exchange.