the service/backend is sending me set-cookies in a 302 redirect but i am not able to read the response header which has set-cookies. basically i want to redirect the user to login page and clear the session if Set-Cookie:redirectURL="" and it expires immediately. Not sure how to proceed.
I am afraid you can't intercept the 302 status code from JavaScript.
This is because the status 302 simple means request is not yet fulfilled and server is asking the user agent to initiate a new request for the Url specified in Location header of redirection response.
This entire redirection process is internal to the user agent and JavaScript code is notified only on completion of the request.
Related
I am working on a react application, where there is a need to send the object parameters inside a body because of confidentiality. So I am making a POST request from the react app client-side to the backend server like this
axios
.post('htps://java.backend.xyz/path1', {
data: password,
})
.catch(function (error) {
handle(error);
});
After making this POST request there is a preflight request with "method = OPTIONS" and "URL= 'htps://java.backend.xyz/path1'"...to which java-backend-server responds with status_code=200.
After the above preflight request, java-backend-server addresses the POST request and instead of sending a response the java-backend-server respond with a GET request (i.e redirect) as for example:
https://express-app.xyz/path2?query_para1=abc&query_param2=123, requestMethod=GET
And in response to the above GET request, the express app responds with status_code=200
But immediately after this GET request, there is a preflight request with request Method=OPTIONS and having the same URL as above i.e
https://express-app.xyz/path2?query_para1=abc&query_param2=123, requestMethod=OPTIONS
and for this above OPTIONS request express server responds with a status_code=204 which means that the client doesn't need to navigate away from its current page...this is something prohibiting my app to make a final redirect i.e after the backend server responds with a GET request, my react app is not able to make a redirect even search engine does not update the redirect URL which is
https://express-app.xyz/path2?query_para1=abc&query_param2=123
So, here Is this even possible? I am assuming that the preflight request after the GET request prohibits the client side to be able to make a final redirect. Can someone please help me with this scenario
I am not sure if I understand your problem correctly but what you can do is send a post response which will which will indicate client to redirect to specific location.
This can be achieved by sending response with status code 302 and location in header (location:redirect_url)
For more info :- https://en.m.wikipedia.org/wiki/HTTP_302
I am working on a web application, both the backend and the frontend are hosted on different endpoints on an internal PaaS, which redirects to a SSO page if any request coming to it doesn't have the authenticated cookie.
When I send a GET request from the frontend to the backend, it also passes through the cookies (with credentials in axios). But when I make a POST request, the browser first makes a preflight OPTIONS request without cookie and internally the backend service redirects to the SSO, as a result it never gets to sending the POST request at all.
The preflight request by design exclude user credentials, how can I get around it?
Write a middleware in your backend, top in the heirarchy and check the request type in it.
if it is "OPTIONS", just verify the origin, if it is familiar respond right away with 200 instead of passing control to next, if not then respond with 403
if it is not "OPTIONS", just pass the control to next so that it deals accordingly
assuming a node-express server, the middleware would look like this
app.use((req,res,next)=>{
if(req.method==='OPTIONS' && whiteListUrls.includes(req.origin)){
res.status(200);
}else{
next();
}
})
In postman I want to create a GET request that returns a 302 status code (along with a Location response header). I have been trying to replicate the original request from the browser inspector, but I always get a 200 response (and no Location response header).
How can I get the desired response with the Location response header?
Please try to turn off automatical redirects (File->Settings: General Tab):
What is probably happening is that Postman receives a 302 status code, but is configured to redirect in this case, so it automatically redirects after which Postman receives a 200 status code, which is what you end up seeing.
Apparently turning off "automatically follow redirects" should offer you a solution.
https://learning.getpostman.com/docs/postman/launching_postman/settings/
View postman request when redirects
So what is going on is I have integrated the PayU payment gateway in my angular app. It has a success and failure url to which it gets redirected to according to the payment response. Now those urls are client's url where the client receives the response from PayU after payment success/failure. It is sent as a POST with few query parameters that are to be parsed.
Now the problem is that since the request is a POST request on a localhost url(with the same port on which I am already running the app), the console says that 'Method is not Allowed'.
The success url is http://localhost:8005/#!/payment/success
My app is running on http://localhost:8005 (which is the same).
Now I tried to define the url in app.js so as to receive the response as follows -
.state('successScreen',{
url:'/payment/success/',
templateUrl:'partials/successScreen.html',
controller:'paySCtrl'
});
but it doesn't work.
when I am redirected to the url(http://localhost:8005/#!/payment/success) after payment, I am getting that 'Method Not Allowed' error.
The same url is working with GET request though but it cannot be a GET request as it is a response from third party so cannot change it from POST to GET.
So can anyone please help me with how can I overcome this thing or a work around maybe?
When I test submitting my form (by the post method) with a logged in user, it sends data correctly, but when I am not logged in, it redirects to the login page.
But this if statement in beforeRender() of app_controller.php returns false:
if ($this->RequestHandler->isPost())
In fact, $this->data is empty. Where is the problem?
Yes, indeed. POST data cannot be retained through a redirect. The HTTP protocol simply doesn't allow for it* and CakePHP doesn't do anything to work around this limitation. The browser sends a POST request to the server, the server responds with a 302 Found redirect with a Location header, the browser issues a GET request to the given Location. The browser does not send the POST data again.
See Stack Overflow question Post data again after authorization for a manual workaround.
* HTTP allows it using a 307 Temporary Redirect, but no browser seems to implement this correctly.