I have a web application deployed in weblogic. I'm using angularJS to make rest calls to the weblogic REST API in my web application. When the weblogic REST API session has expired, it responds with status code: 401 and header 'WWW-Authenticate'='Basic realm=x'. This causes the browser to pop-up basic authentication dialog before client side scripting handle the response. I want to prevent this login dialog from appearing. Is there any way to configure this in weblogic or handle it on client side with javascript (angularjs)?
I tried adding X-Requested-With: XMLHttpRequest to request headers with no luck.
I already tried the solutions mentioned in the below questions.
1, 2, 3
These are the header content of the response which cause the popup.
Content-Length → 1468
Content-Type → text/html; charset=UTF-8
Date → Tue, 29 Nov 2016 02:54:49 GMT
WWW-Authenticate → Basic realm="weblogic"
X-ORACLE-DMS-ECID → 3431314314
X-ORACLE-DMS-RID → 0
This is the request header
GET /management/weblogic/latest/domainRuntime/serverLifeCycleRuntimes? HTTP/1.1
Host: pahslk:58090
Connection: keep-alive
Accept: application/json, text/plain, */*
X-Requested-By: xx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.99 Safari/537.36
Referer: http://pahslk0:58090/.........
Accept-Encoding: gzip, deflate, sdch
Accept-Language: en-US,en;q=0.8
Cookie: JSESSIONID=......
I've quickly created a 401 response at my endpoint: https://edeen.pl/401.php
when you try to access, it will open the dialogue, but it doesn't happen with angular $http service http://plnkr.co/edit/rOWLjyjNJX5FO2HR0tJM
angular.module('plunker', [])
.controller('MainCtrl', function($http) {
$http.get('https://edeen.pl/401.php').error(function(error) {
console.log(error)
})
});
<!DOCTYPE html>
<html ng-app="plunker">
<head>
<script src="https://ajax.googleapis.com/ajax/libs/angularjs/1.2.23/angular.min.js"></script>
</head>
<body ng-controller="MainCtrl">
</body>
</html>
Related
I'm programming a simple web server in C. This is an example of the HTTP response the server generates:
"HTTP/1.1 200 OK\r\nContent-Type: text/html\r\nContent-Length: " + length + "\r\n\r\n" + resource
I used the loopback IP to access my web server (127.0.0.1) on port 9999. Upon typing 127.0.0.1:9999 on the web browser (firefox, the web page is loaded just fine. However, Wireshark is not showing neither of the HTTP request by the browser nor the HTTP response by the server, it actually doesn't capture any packets from/to 127.0.0.1.
Below is an example of an HTTP request received by the server:
GET / HTTP/1.1
Host: 127.0.0.1:9999
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:80.0) Gecko/20100101 Firefox/80.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
And the HTTP response generated by the server:
HTTP/1.1 200 OK
Content-Type: text/html
Content-Length: 97
<!DOCTYPE html>
<html>
<body>
<h2>HTML Page Test</h2>
<p>Very simple page</p>
</body>
</html>
What could be the root of the problem?
I have been trying to use the following code using React fetch to get a response from the OpenWeather API:
fetch('api.openweathermap.org/data/2.5/weather?q=Milwaukee&APPID=1234567890')
.then(response => response.text())
.then(data => {
console.log(data)
When I skip react and just copy the url (api.openweathermap.org/data/2.5/weather?q=Milwaukee&APPID=1234567890) into the browser I get a totally valid response. (For example ) When I use the fetch code in my React application, however, I get the following error:
Request URL: http://localhost:3000/api.openweathermap.org/data/2.5/weather?q=Milwaukee&APPID=1234567890
Request Method: GET
Status Code: 431 Request Header Fields Too Large
Remote Address: 127.0.0.1:3000
Referrer Policy: no-referrer-when-downgrade
I am running my react application off localhost from create-react-app. Why can I access that API just fine from my browser but get an error in my app?
Extra Information
In case it is useful here is the link to sign up for a free OpenWeather API
Here is the rest of the information from the response header:
HTTP/1.1 431 Request Header Fields Too Large
x-powered-by: Express
connection: close
date: Wed, 18 Sep 2019 15:45:21 GMT
transfer-encoding: chunked
Or from the request header:
GET /api.openweathermap.org/data/2.5/weather?q=Milwaukee&APPID=1234567890 HTTP/1.1
Host: localhost:3000
Connection: keep-alive
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.132 Safari/537.36
Accept: */*
Sec-Fetch-Site: same-origin
Referer: http://localhost:3000/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9,es-US;q=0.8,es;q=0.7,ar-JO;q=0.6,ar;q=0.5
(My APPID is fake in all these examples, so the request won't work by just copying and pasting what I have)
It's a pretty "catchy" bug - you are missing http:// in front of your url, so:
fetch('https://api.openweathermap.org/data/2.5/weather?q=Milwaukee&APPID=1234567890')
Since you've missed it, url is resolved to this (you can see it in your Network tab):
http://localhost:3000/api.openweathermap.org/data/2.5/weather?q=Milwaukee&APPID=1234567890
I'm writing the client-side of an app with ReactJS, I'm stuck at getting data from a certain api. I get "No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:3000' is therefore not allowed access" error.
As I suppose the server is missing the "Access-Control-Allow-Origin" headers in order to enable CORS but what I don't understand is why when I'm trying to make an AJAX call with "Restlet Client - REST API testing" browser extension it actually works. I get a following success response. But It doesn't work inside my actual React Request. Is there a way I can to get rid of this error without any changes on the server side? Why does this extension actually work?
Connection: keep-alive
Content-Type: application/json; charset=UTF-8;
Date:
2017 Sep 22 22:45:40-1m 50s
Server: ..../1.6.2
Transfer-Encoding: chunked
Accept: */*
Accept-Encoding: gzip, deflate, br
Accept-Language: ru-RU,ru;q=0.8,en-US;q=0.6,en;q=0.4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36
My React code but nothing special in there, just testing if I'm getting a response
componentWillMount() {
const url = "https://myserver.ru/api/issue?perPage=10";
Request.get(url).then((response) => {
this.setState({
issues: response
});
});
}
If you are making a cross-site requests then browser will expect Access-Control-Allow-Origin headers from the server. The value of that header can be,
Access-Control-Allow-Origin: *
or
Access-Control-Allow-Origin: http://localhost:3000
When you are requesting from localhost, make sure it also need to add port number as well.
More about CORS documentation:
https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS
Hope it helps.
I am working on an angular-laravel app. I have an API kind of workflow.
The angular app sits at the root of the project directory in the angular folder.This has the build tools and dependency management tools configured like bower and grunt.
My routes.php has been configured to authenticate the user on login.
Route::post('login','LoginController#auth');
Route::get('checkAuthentication','LoginController#isLoggedIn');
When I call both the routes,I always get the response as false.
Tried printing the values in the Auth::attempt() method,which logs in the user,but the session does not persist.The user is immediately thrown out to the home page.
I start the applcication using grunt by running grunt serve. This starts the app on localhost:9000. I call the laravel routes from angular by giving path to the public folder as they are laravel routes. Example: localhost/project_dir/public/login. This check the user in database but immediately destroy or does not create session even after adding CORS extension. NO error is displayed.Just false is returned and the user is redirected to home page.
Remote Address:127.0.0.1:80
Request URL:http://localhost/project_dir/public/user/check
Request Method:POST
Status Code:200 OK
Response Headers
view source
Access-Control-Allow-Origin:http://localhost:9000
Cache-Control:no-cache
Connection:Keep-Alive
Content-Length:4
Content-Type:text/html; charset=UTF-8
Date:Wed, 29 Jul 2015 10:30:33 GMT
Keep-Alive:timeout=5, max=99
Server:Apache/2.4.9 (Win64) PHP/5.5.12
Set- Cookie:laravel_session=eyJpdiI6InlaVVlxUDRra3E1NXdcL25OekJvSlBRPT0iLCJ2YWx1ZSI6IlVaWGF6NmdsV1wvZ3NcL1FTVkR5Y2J3czlQNUkyaWdxZlJmeG5zK2U2c0lqM2VOMEY5S000cVwveTBVazBwVFNSZXlhZmhWSEUxUlRyMVJidE5TcE5jM2FBPT0iLCJtYWMiOiIzYzQ2YjJkMjVmMjZiODBiNzgwNmY3YjQ3NmMwOWI5MmM3NmFmZmNmMzY1MDFkNjFlMjg0MjQ0MzVjNGUyYTAzIn0%3D; expires=Wed, 29-Jul-2015 12:30:33 GMT; Max-Age=7200; path=/; domain=http://localhost:9000/; httponly
Vary:Origin
X-Powered-By:PHP/5.5.12
Request Headers
view source
Accept:application/json, text/plain, */*
Accept-Encoding:gzip, deflate
Accept-Language:en-US,en;q=0.8
Cache-Control:max-age=0
Connection:keep-alive
Content-Length:0
Host:localhost
Origin:http://localhost:9000
Referer:http://localhost:9000/
User-Agent:Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.107 Safari/537.36 FirePHP/4Chrome
X-FirePHP-Version:0.0.6
X-Wf-Max-Combined-Size:261120
Above are request response headers for a route to check users session.
How can I debug it to resolve the issue? Is it angular rejecting the request?
Update:
I tried disabling the laravel_session cookie using this link but still no luck
Remote Address:127.0.0.1:80
Request URL:http://localhost/project_dir/public/user/check
Request Method:POST
Status Code:200 OK
Response Headers
view source
Access-Control-Allow-Origin:http://localhost:9000
Cache-Control:no-cache
Connection:Keep-Alive
Content-Length:4
Content-Type:text/html; charset=UTF-8
Date:Wed, 29 Jul 2015 13:41:51 GMT
Keep-Alive:timeout=5, max=100
Server:Apache/2.4.9 (Win64) PHP/5.5.12
Vary:Origin
X-Powered-By:PHP/5.5.12
Request Headers
view source
Accept:application/json, text/plain, */*
Accept-Encoding:gzip, deflate
Accept-Language:en-US,en;q=0.8
Cache-Control:max-age=0
Connection:keep-alive
Content-Length:0
Host:localhost
Origin:http://localhost:9000
Referer:http://localhost:9000/
User-Agent:Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.107 Safari/537.36
I built a oData-Service which works well.
Now I want to query them with Breeze but I always get an 404 error.
In Fiddler I see first a 200 with empty Body and then follows the 404 with "No HTTP resource was found that matches the request URI".
But running in a normal browser the odata Service delivers the right data.
I debug it and set a breakpoint on the Server to see if the service is called correctly. After sending the request the breakpoint shows that the Service is called. But parallel to the break breeze calls the fail-method of
manager.executeQuery(query)
.then(querySucceeded)
.fail(queryFailed);
and e.message is empty.
Any idea??? :-/
Next entry...
I deactivate CORS and now I get the 404 immediately.
Here is the request:
OPTIONS xxx:8080/myDataService/odata/Person?$select=Name HTTP/1.1
Host: xxx:8080
Connection: keep-alive
Access-Control-Request-Method: GET
Origin:localhost:61244
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.99 Safari/537.36
Access-Control-Request-Headers: dataserviceversion, accept
Accept: /
Referer: http://localhost:61244/index.html
Accept-Encoding: gzip, deflate, sdch
Accept-Language: de-DE,de;q=0.8,en-US;q=0.6,en;q=0.4
and here the answer:
HTTP/1.1 404 Not Found
Content-Length: 178
Content-Type: application/json; odata.metadata=minimal
Server: Microsoft-HTTPAPI/2.0
OData-Version: 4.0
Date: Mon, 19 Jan 2015 12:11:48 GMT
{
"error":{
"code":"","message":"No HTTP resource was found that matches the request URI xxx:8080/myDataService/odata/Person?$select=Name'."
}
}
No surprise that the OPTION request passes; you've probably got the server set to say "OK" to every request ... and that's just fine for now.
The rejection has to do with the address of your GET request: xxx:8080/myDataService/odata/Person. Are you sure that's the right endpoint? The path is usually plural (Persons).
It's easy enough to just paste that url into a browser address bar and see what it does.