The application is in mvc+angular js.
From the login page application user is taken to the dashboard page.
The login post action works on the desktop but it is not working on the tablet. If I inspect the tablet with remote debugging, I can not find any errors and the response is empty.
Please help me on that.
Request URL:example.com/Account/Login
Request Method:POST
Status Code:302 Found
Accept:text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Encoding:gzip,deflate,sdch
Accept-Language:en-US,en;q=0.8
Cache-Control:max-age=0
Connection:keep-alive
Content-Length:248
Content-Type:application/x-www-form-urlencoded
Host:180.211.114.147:97
Origin:example.com
Referer:example.com/Account/Login
User-Agent:Mozilla/5.0 (Linux; Android 4.0.4; GT-P7310 Build/IMM76D) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.166 Safari/537.36
Form Dataview sourceview URL encoded
__RequestVerificationToken:64n4kAk06a1PWABGIXLpE2Tnm1v7_1rC6cCIopLeCdNF_1Q3xcir7pJUA0_y378SJxpMQ2fg_cPynE5acHanepnJ9yssLIa0I-Htuehw1pGDTDk0TC2Prhn4ph51qun0uzgHdvWXTrgtPVrGTSiQU_k_FGj9srDjc23tdKv54wc1
UserName:abc
Password:abc
RememberMe:False
Response Headersview source
Cache-Control:private
Content-Length:118
Content-Type:text/html; charset=utf-8
Date:Fri, 26 Feb 2016 10:49:56 GMT
Location:/
Server:Microsoft-IIS/7.5
Set-Cookie:.sessionVRSSPL=k1a2ahcdo0f2jdusojoyrlbn; path=/; HttpOnly
Set-Cookie:.vrssplUsernameCookie=; expires=Thu, 25-Feb-2016 10:49:52 GMT; path=/
Set-Cookie:.formVRSSPL=6892A40852C4C0CB194DEC4DE37746BC204A3FF36DF8A06B03B9C05BA3EB30F0BF51ADE8BA0A016E18E03BA6C80DD920ED8EB4FCCFEEA0D4229077F9925729A0084DC57F445F1894298725C9E480A273931DCF1F20539E46C9140FEA5E0B2682B8B164EEC08B8C714D540A37AE16D3D36548B107021C43C718578F982A543511; path=/; HttpOnly
X-AspNet-Version:4.0.30319
X-AspNetMvc-Version:4.0
X-Powered-By:ASP.NET``
Related
I'm experiencing some strange issues with headObject method from S3 class with browser's cache enabled (with cache disabled is everything fine).
The problem is that when trying to get a resource with headObject call, is randomly returning false or true without changing anything.
The resource exists phisically on bucket and correct url is https://s3-eu-west-1.amazonaws.com/wayonara-simo/_shards/_single_shard_1539048.jpeg
My environment is Angular v2.4.9 and Aws-Sdk v2.42.0, S3 CORS configuration:
<?xml version="1.0" encoding="UTF-8"?>
<CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
<CORSRule>
<AllowedOrigin>*</AllowedOrigin>
<AllowedOrigin>http://*</AllowedOrigin>
<AllowedOrigin>https://*</AllowedOrigin>
<AllowedOrigin>http://localhost:30300</AllowedOrigin>
<AllowedMethod>GET</AllowedMethod>
<AllowedMethod>POST</AllowedMethod>
<AllowedMethod>PUT</AllowedMethod>
<AllowedMethod>HEAD</AllowedMethod>
<MaxAgeSeconds>3000</MaxAgeSeconds>
<AllowedHeader>*</AllowedHeader>
</CORSRule>
</CORSConfiguration>
Additional infos:
follows errors throwed in console dev tools
XMLHttpRequest cannot load https://s3-eu-west-1.amazonaws.com/wayonara-simo/_shards/_single_shard_1539048.jpeg. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:30300' is therefore not allowed access.
XMLHttpRequest cannot load https://s3.amazonaws.com/wayonara-simo/_shards/_single_shard_1539048.jpeg. Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:30300' is therefore not allowed access.
and these are errors in network panel:
Request URL:https://s3.amazonaws.com/_shards/_single_shard_1539048.jpeg
Request Method:OPTIONS
Status Code:403 Forbidden
Remote Address:54.231.72.34:443
Referrer Policy:no-referrer-when-downgrade
Response Headers
view source
Content-Type:application/xml
Date:Fri, 12 May 2017 09:48:11 GMT
Server:AmazonS3
Transfer-Encoding:chunked
x-amz-id-2:nZZfgEX/kdsJjSTOiBXUIbSCfE1Q09rjuULw3peidaDzzGQieqqknUZCyYaQFr9KqUmyaN6CGrI=
x-amz-request-id:D487590B572BCEA2
Request Headers
view source
Accept:*/*
Accept-Encoding:gzip, deflate, sdch, br
Accept-Language:it-IT,it;q=0.8,en-US;q=0.6,en;q=0.4
Access-Control-Request-Headers:authorization,x-amz-date,x-amz-user-agent
Access-Control-Request-Method:HEAD
Connection:keep-alive
Host:s3.amazonaws.com
Origin:http://localhost:30300
Referer:http://localhost:30300/
User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36
Request URL:https://s3.amazonaws.com/_shards/_single_shard_1539048.jpeg
Request Method:OPTIONS
Status Code:403 Forbidden
Remote Address:54.231.72.34:443
Referrer Policy:no-referrer-when-downgrade
Response Headers
view source
Content-Type:application/xml
Date:Fri, 12 May 2017 09:48:12 GMT
Server:AmazonS3
Transfer-Encoding:chunked
x-amz-id-2:Uux+RZH1B8UjtROZAVnLDzqpADeVyeHu3cElxyddYEPI3UMacF0VMy+fPK3ka/mDs2CRCo3+Pac=
x-amz-request-id:785D5A24F89811A3
Request Headers
view source
Accept:*/*
Accept-Encoding:gzip, deflate, sdch, br
Accept-Language:it-IT,it;q=0.8,en-US;q=0.6,en;q=0.4
Access-Control-Request-Headers:authorization,x-amz-date,x-amz-user-agent
Access-Control-Request-Method:HEAD
Connection:keep-alive
Host:s3.amazonaws.com
Origin:http://localhost:30300
Referer:http://localhost:30300/
User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36
Request URL:https://s3.amazonaws.com/_shards/_single_shard_1539048.jpeg
Request Method:OPTIONS
Status Code:403 Forbidden
Remote Address:54.231.72.34:443
Referrer Policy:no-referrer-when-downgrade
Response Headers
view source
Content-Type:application/xml
Date:Fri, 12 May 2017 09:48:12 GMT
Server:AmazonS3
Transfer-Encoding:chunked
x-amz-id-2:ttV1ZuiAIYNWJGa3MGTbO3BDiiQ2Pcby2z/VSaqEvnlYEzfAyGc4FQAWX44OWWy6FuKmRUaUSN8=
x-amz-request-id:9079F8A97F77F858
Request Headers
view source
Accept:*/*
Accept-Encoding:gzip, deflate, sdch, br
Accept-Language:it-IT,it;q=0.8,en-US;q=0.6,en;q=0.4
Access-Control-Request-Headers:authorization,x-amz-date,x-amz-user-agent
Access-Control-Request-Method:HEAD
Connection:keep-alive
Host:s3.amazonaws.com
Origin:http://localhost:30300
Referer:http://localhost:30300/
User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36
Request URL:https://s3.amazonaws.com/_shards/_single_shard_1539048.jpeg
Request Method:OPTIONS
Status Code:403 Forbidden
Remote Address:54.231.72.34:443
Referrer Policy:no-referrer-when-downgrade
Response Headers
view source
Content-Type:application/xml
Date:Fri, 12 May 2017 09:48:12 GMT
Server:AmazonS3
Transfer-Encoding:chunked
x-amz-id-2:kfOi2aYqtvg6paYr6GPsim8DIBffv3APlFjnXzKhBQiuVQNJkalt0kPQM8XggGUo67oJim9WSrs=
x-amz-request-id:22BF45BC5DD15C5A
Request Headers
view source
Accept:*/*
Accept-Encoding:gzip, deflate, sdch, br
Accept-Language:it-IT,it;q=0.8,en-US;q=0.6,en;q=0.4
Access-Control-Request-Headers:authorization,x-amz-date,x-amz-user-agent
Access-Control-Request-Method:HEAD
Connection:keep-alive
Host:s3.amazonaws.com
Origin:http://localhost:30300
Referer:http://localhost:30300/
User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36
Any help would be appreciated, thanks
We're developing a website with a REST Api (frontend in AngularJS 1.6.1, backend in Laravel 5.3).
In order to add CSRF protection, our backend needs to set a backend cookie on the client with a random string. In laravel, we return this response:
response("OK", 200)->cookie("csrf_token", "random_string");
The cookie is clearly being set with the response:
*Request headers*
POST /v1/auth/admin HTTP/1.1
Host: backend.test
Connection: keep-alive
Content-Length: 295
Accept: */*
Origin: http://frontend.test
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Referer: http://frontend.test/login
Accept-Encoding: gzip, deflate
Accept-Language: it-IT,it;q=0.8,en-US;q=0.6,en;q=0.4
*Response header*
HTTP/1.1 200 OK
Server: nginx/1.11.3
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: http://frontend.test
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS, PATCH
Access-Control-Allow-Headers: Origin, Content-Type, Accept, Authorization, X-Requested-With
Access-Control-Allow-Credentials: true
Cache-Control: no-cache
X-RateLimit-Limit: 60
X-RateLimit-Remaining: 59
Date: Mon, 13 Feb 2017 11:46:16 GMT
Set-Cookie: csrf_token=random_string; expires=Sat, 12-Feb-2022 11:46:16 GMT; Max-Age=157680000; path=/; domain=http://backend.test; HttpOnly
However, when I go to the http://backend.test Url, no cookie is set (document.cookie in the console returns null).
The backend cannot see the cookie either: dd($request->cookie("csrf_token") returns null.
It doesn't work even if we omit the domain. Any ideas?
For Angular to send the cookie along with the request in a CORS (Cross Origin Resource Sharing request), you need to set, in your config with $httpProvider injected as a dependency:
.config(function ($httpProvider) {
$httpProvider.defaults.withCredentials = true;
//rest of route code
}
When you use Laravel you do not have to set the csrf cookie by yourself. Laravel automatically does this job for you.
So laravel creates automatically a cookie to store the csrf token. The name of that cookie is "XSRF-TOKEN".
I am working on an angular-laravel app. I have an API kind of workflow.
The angular app sits at the root of the project directory in the angular folder.This has the build tools and dependency management tools configured like bower and grunt.
My routes.php has been configured to authenticate the user on login.
Route::post('login','LoginController#auth');
Route::get('checkAuthentication','LoginController#isLoggedIn');
When I call both the routes,I always get the response as false.
Tried printing the values in the Auth::attempt() method,which logs in the user,but the session does not persist.The user is immediately thrown out to the home page.
I start the applcication using grunt by running grunt serve. This starts the app on localhost:9000. I call the laravel routes from angular by giving path to the public folder as they are laravel routes. Example: localhost/project_dir/public/login. This check the user in database but immediately destroy or does not create session even after adding CORS extension. NO error is displayed.Just false is returned and the user is redirected to home page.
Remote Address:127.0.0.1:80
Request URL:http://localhost/project_dir/public/user/check
Request Method:POST
Status Code:200 OK
Response Headers
view source
Access-Control-Allow-Origin:http://localhost:9000
Cache-Control:no-cache
Connection:Keep-Alive
Content-Length:4
Content-Type:text/html; charset=UTF-8
Date:Wed, 29 Jul 2015 10:30:33 GMT
Keep-Alive:timeout=5, max=99
Server:Apache/2.4.9 (Win64) PHP/5.5.12
Set- Cookie:laravel_session=eyJpdiI6InlaVVlxUDRra3E1NXdcL25OekJvSlBRPT0iLCJ2YWx1ZSI6IlVaWGF6NmdsV1wvZ3NcL1FTVkR5Y2J3czlQNUkyaWdxZlJmeG5zK2U2c0lqM2VOMEY5S000cVwveTBVazBwVFNSZXlhZmhWSEUxUlRyMVJidE5TcE5jM2FBPT0iLCJtYWMiOiIzYzQ2YjJkMjVmMjZiODBiNzgwNmY3YjQ3NmMwOWI5MmM3NmFmZmNmMzY1MDFkNjFlMjg0MjQ0MzVjNGUyYTAzIn0%3D; expires=Wed, 29-Jul-2015 12:30:33 GMT; Max-Age=7200; path=/; domain=http://localhost:9000/; httponly
Vary:Origin
X-Powered-By:PHP/5.5.12
Request Headers
view source
Accept:application/json, text/plain, */*
Accept-Encoding:gzip, deflate
Accept-Language:en-US,en;q=0.8
Cache-Control:max-age=0
Connection:keep-alive
Content-Length:0
Host:localhost
Origin:http://localhost:9000
Referer:http://localhost:9000/
User-Agent:Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.107 Safari/537.36 FirePHP/4Chrome
X-FirePHP-Version:0.0.6
X-Wf-Max-Combined-Size:261120
Above are request response headers for a route to check users session.
How can I debug it to resolve the issue? Is it angular rejecting the request?
Update:
I tried disabling the laravel_session cookie using this link but still no luck
Remote Address:127.0.0.1:80
Request URL:http://localhost/project_dir/public/user/check
Request Method:POST
Status Code:200 OK
Response Headers
view source
Access-Control-Allow-Origin:http://localhost:9000
Cache-Control:no-cache
Connection:Keep-Alive
Content-Length:4
Content-Type:text/html; charset=UTF-8
Date:Wed, 29 Jul 2015 13:41:51 GMT
Keep-Alive:timeout=5, max=100
Server:Apache/2.4.9 (Win64) PHP/5.5.12
Vary:Origin
X-Powered-By:PHP/5.5.12
Request Headers
view source
Accept:application/json, text/plain, */*
Accept-Encoding:gzip, deflate
Accept-Language:en-US,en;q=0.8
Cache-Control:max-age=0
Connection:keep-alive
Content-Length:0
Host:localhost
Origin:http://localhost:9000
Referer:http://localhost:9000/
User-Agent:Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.107 Safari/537.36
I was trying to POST my login credentials for one of my app built with Cordova and AngularJS. When I login from my browser, it works fine but when test the same in Android (also tested in iOS too, fails on both), the login fails and I get the following headers while debugging.
I saw the differences in these two headers, as in emulator the origin is
Origin: file://. It also has a warning sign for emulator saying "Provisional headers are shown"
Why is it failing in emulator and devices but works fine in browsers? Does cordova does anything internally while wrapping up the POST call?
I really don't understand why is it happening in emulators/devices but works fine in browsers.
In Browser - works fine
Remote Address:xx.xx.x.xxx:xxxx
Request URL:http://myEndpoint
Request Method:POST
Status Code:200 OK
Request Headers view source
Accept:application/json, text/plain, */*
Accept-Encoding:gzip, deflate
Accept-Language:en-US,en;q=0.8
Connection:keep-alive
Content-Length:166
Content-Type:application/x-www-form-urlencoded; charset=UTF-8
Host:myHost:xxxx
Origin:http://myComputerName.org:xxxxx
Referer:http://myComputerName.org:xxxxx/myAppName/
User-Agent:Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.115 Safari/537.36
Form Dataview parsed
grant_type=mypassword&client_id=1234&client_secret=1234&username=userName&password=mypassword
Response Headersview source
Access-Control-Allow-Credentials:true
Access-Control-Allow-Origin:http://myComputerName.org:xxxxx
Content-Type:application/json;charset=UTF-8
Date:Thu, 12 Mar 2015 15:25:53 GMT
Server:Apache-Coyote/1.1
Set-Cookie:
Transfer-Encoding:chunked
======================================================================
In My Android Emulator --> Failed to login
Request URL:http://myEndpoint
Request Headers
Provisional headers are shown
Accept:application/json, text/plain, */*
Content-Type:application/x-www-form-urlencoded; charset=UTF-8
Origin:file://
User-Agent:Mozilla/5.0 (Linux; Android 5.0; sdk_phone_armv7 Build/LRX09D) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/37.0.0.0 Mobile Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id:1234
Form Dataview parsed
grant_type=mypassword&client_id=1234&client_secret=1234&username=myUserName&password=mypassword
I have this little angular app on the frontend which is a food list. So write a food and click submit and it will show the list.
When I add a food I query my backend wich is a sails app at localhost:1337 and it gets updated. The problem is I get redirected to
localhost:9000/#/food and get 404.
This is the faulty request
POST / HTTP/1.1
Host: localhost:9000
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image /webp,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: fr-FR,fr;q=0.8,en-US;q=0.6,en;q=0.4
Content-Type: application/x-www-form-urlencoded
Cookie:sails.sid=s%3A8gIjNxaZVE9dMr7nonXJzEaQ9hUcvcHm.Sp0K6ezep%2F7Y%2BV6TivtdRxqiBV 2S1LdH2IDNPWS9Ikk
Origin: http://localhost:9000
Referer: http://localhost:9000/
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.115 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id: 137B2031-138E-4B6B-A3AE- FB8EE96E9015
HTTP/1.1 404 Not Found
Connection: keep-alive
content-length: 14
Content-Type: text/html; charset=utf-8
Date: Mon, 23 Feb 2015 12:21:51 GMT
X-Content-Type-Options: nosniff
The other request that gets code 200 and update the server model looks like this:
OPTIONS /food HTTP/1.1
Host: localhost:1337
Accept: */*
Accept-Encoding: gzip, deflate, sdch
Accept-Language: fr-FR,fr;q=0.8,en-US;q=0.6,en;q=0.4
Access-Control-Request-Headers: accept, content-type
Access-Control-Request-Method: POST
Origin: http://localhost:9000
Referer: http://localhost:9000/
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.115 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id: 137B2031-138E-4B6B-A3AE- FB8EE96E9015
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: content-type, access-control-allow-origin, authorization,X-Requested-With
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS, HEAD
Access-Control-Allow-Origin: http://localhost:9000
Allow: GET,POST,PUT,HEAD,DELETE,TRACE,COPY,LOCK,MKCOL,MOVE,PURGE,PROPFIND,PROPPATCH, UNLOCK,REPORT,MKACTIVITY,CHECKOUT,MERGE,M- SEARCH,NOTIFY,SUBSCRIBE,UNSUBSCRIBE,PATCH,SEARCH,CONNECT
Connection: keep-alive
Content-Length: 175
Content-Type: text/html; charset=utf-8
Date: Mon, 23 Feb 2015 12:21:51 GMT
set-cookie: sails.sid=s%3A_kBdyRZgZ23Gh9YLkZfWBgnMody- jq-S.IY71%2BhJiBxTd19YIG2tgS2EOn1LPT%2BD9QAEQWtVB%2FbE; Path=/; HttpOnly
X-Powered-By: Sails <sailsjs.org>
At first I was looking at sails but I have CORS enabled and everything just like this:
https://github.com/tarlepp/angular-sailsjs-boilerplate/blob/master/backend/config/cors.js
So maybe it's more an angular issue. The request that fails is from the frontend to itself so just a redirect on itself when it has been updated on the server. I don't get why the request is denied...
If you want to take a look at the code:
http://okamuuu.hatenablog.com/entry/2014/04/10/135240
Issues seem the same as this Yeoman, Grunt, AngularJS and error 404 on POST form but that doesn't help me
Well, apparently your request is going to the port 9000:
Host: localhost:9000
Yet you said your app is running at port 1337.
So, in your $http requests, you need to specify the port. Otherwise, it will use the port your browser is currently connected to (9000) and there's no app there!
So, instead of
$http.get('/someUrl')
Try
$http.get('http://localhost:1337/someUrl')