See the request body in ARC - advanced-rest-client

Is there a way to see the request body after I sended to server? I opened the developer toggle inside of ARC, but I access Network tab, I can't see my request. The only request showed is the collective, a request for google analytics.

It doesn't use Chrome's networking.
To see the message go to response details, request headers, source message.

Related

Cookie not being set with browser

i am trying to store the cookie sent from the response from server into my cookie storage. Unfortunately, when i try to make the request to the server it send back a response with a set-cookie header with httponly,secure, but the cookie is not being set. Just to provide more information, when i send the request i have attached it with withCredentials:true. I tried different solutions available online but it is not working. I would be glad if anyone could provide some help.

Re-Captcha Angular CORS Issue

I am using Angular 1.x to POST a verification request to Google's re-captcha as follows:
var post_data = { //prepare payload for request
'secret':'xxxxx',
'response':fields.myRecaptchaResponse
};
$http.post('https://www.google.com/recaptcha/api/siteverify', post_data)
In my console I can see the following error:
XMLHttpRequest cannot load https://www.google.com/recaptcha/api/siteverify. Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://igs.dev' is therefore not allowed access. The response had HTTP status code 405.
I have read multiple answers on Stackoverflow, most seem to suggest adding a plugin to Chrome but that is not a solution for my users who will be using the re-captcha to validate a contact form.
Is this a misconfiguration of my server or is my Angular script missing something? I have already ensured that my domain is configured in my re-captcha account.
ReCaptcha is validated on the server-side, not the client side. The CORS error is due to the fact that the ReCaptcha API is not meant to be used by a browser.
You need to send your recaptcha data to your API/server which then verifies it is correct by sending a request to the ReCaptcha API. There are no CORS restrictions when servers make HTTP requests to each other.
See this Tuts tutorial on how the implementation and flow of data works
The end point https://www.google.com/recaptcha/api/siteverify is part of server side validation and not the client side. You should hit this endpoint from your server, not from your client (Angular 1.X).
So the flow may look like this:
At your client side (Angular 1.X) you will be loading the re-captcha widget in your html which will perform the validation and store a hash value in a hidden input field which will be sent to your server along with the other form details when user submits the form. Now at your server side you will hit that endpoint to verify if the validation was successful.
Also, in no case you should be storing your secret at the client side. It should always be maintained at your server side for server-to-server communication purposes.
Read the docs here.

"No Access Control Allow Origin" in AngularJS

I am trying to develop a website that reads a JSON response from a certain endpoint and post it after certain processing to the page.
I am using $http.get(url) (AngularJS)
However I am facing problems getting the response.
I have tried to use other URLs and it worked then the cause of the problem probably is not the code.
The Error is: "No Access Control Allow Origin header is present on the requested resource".
Other responses suggested something related to CORS and privacy issues ; but when i type the URL directly in my browser it gives a JSON response directly. (So basically there is no privacy issues in the server side right?)
My question is what should I do ? Is there another way to get the content of the page pointed by the url (i am sure that it will only contains the JSON response)
Thanks in Advance
I came across this question:
1. If we substitute the URL in the address bar, it is similar to receiving data from the server of this site
In order to send requests to other servers need to use JSONP HTTPS for secure channel
Sending data can be carried out, but with the replies received will be a problem in the form JSON
Please send to the server if use PHP, then use CURL
JS->Our server->Server api->Our server->JS

A request by user by browser and why more requests made

when i open a site and submit a form, the browser show the response content.
but after i sniff by fiddler, i found more get/post requests sent by browser or js and they are not sent by ajax because no XMLHttpRequest in header. the response content-type are text/html.
so browser should show the new response content,right? but NOT. it still show the first.
1, how browser send more request? i guess they are made by javascript.
2, why browser did not show new content?
Yes it does sound like a client-side scripting language, most likely JavaScript;
It can be an AJAX load. AJAX does not have to be XMLHttpRequest, although most ajax implementations use XMLHttpRequest.

Filling in a webform using Arduino and HTTP

I'm trying to get an arduino to login in to a website that I have created.
On the website there is a basic form that has two fields one for password and one for username, it also has a submit button labelled login.
I used fiddler2 to sniff the http packets when I login in using chrome and am trying to use the information from that http post to recreate my own post to login.
Here is the portion of the code that I am using for the login:
if (client.connect(server, 80)) {
Serial.println("connected to server");
// Make a HTTP request:
client.println("POST/username=slwhore&passwd=1234qwer%21&op2=login&lang=english&force_session=1&return=B%3AaHR0cDovL3JlbW90bGV0LmNvbS8%3D&message=0&loginfrom=loginmodule&cbsecuritym3=cbm_56b7d5e7_00583e07_b0b6f81b4c86d117542f5cc7b7c3416e&Submit=Login HTTP/1.1");
client.println("Host:www.remotlet.com");
client.println("Content-Type: application/x-www-form-urlencoded");
client.println("Content-Length: 229");
client.println("Connection: close");
client.println();
I then have another piece of code that recieves the information coming back from the host which I know works. When I run this code I am able to connect to the server but I don't get any response form it at all. Any help would be greatly appreciated.
Your HTTP request is completely wrong, it will never ever be accepted by any kind of server web.
1st line: the HTTP 1st line is METHOD URI VERSION.
You didn't put a space between the method and the URI, also the POST data is not part of the URI as it is when using GET requests. I don't know what your server uses but usually sane logins don't use GET and don't pass the login inside the URI.
2nd line: you forgot a space
4th line: you set a content length but you don't send any content apparently.
General consideration: in HTTP the line terminator is \r\n, not just \n.
I suggest you do the request with the browser, intercept the traffic with wireshark and see how it's done.

Resources