Cordova POST data with AngularJS - angularjs

I was trying to POST my login credentials for one of my app built with Cordova and AngularJS. When I login from my browser, it works fine but when test the same in Android (also tested in iOS too, fails on both), the login fails and I get the following headers while debugging.
I saw the differences in these two headers, as in emulator the origin is
Origin: file://. It also has a warning sign for emulator saying "Provisional headers are shown"
Why is it failing in emulator and devices but works fine in browsers? Does cordova does anything internally while wrapping up the POST call?
I really don't understand why is it happening in emulators/devices but works fine in browsers.
In Browser - works fine
Remote Address:xx.xx.x.xxx:xxxx
Request URL:http://myEndpoint
Request Method:POST
Status Code:200 OK
Request Headers view source
Accept:application/json, text/plain, */*
Accept-Encoding:gzip, deflate
Accept-Language:en-US,en;q=0.8
Connection:keep-alive
Content-Length:166
Content-Type:application/x-www-form-urlencoded; charset=UTF-8
Host:myHost:xxxx
Origin:http://myComputerName.org:xxxxx
Referer:http://myComputerName.org:xxxxx/myAppName/
User-Agent:Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.115 Safari/537.36
Form Dataview parsed
grant_type=mypassword&client_id=1234&client_secret=1234&username=userName&password=mypassword
Response Headersview source
Access-Control-Allow-Credentials:true
Access-Control-Allow-Origin:http://myComputerName.org:xxxxx
Content-Type:application/json;charset=UTF-8
Date:Thu, 12 Mar 2015 15:25:53 GMT
Server:Apache-Coyote/1.1
Set-Cookie:
Transfer-Encoding:chunked
======================================================================
In My Android Emulator --> Failed to login
Request URL:http://myEndpoint
Request Headers
Provisional headers are shown
Accept:application/json, text/plain, */*
Content-Type:application/x-www-form-urlencoded; charset=UTF-8
Origin:file://
User-Agent:Mozilla/5.0 (Linux; Android 5.0; sdk_phone_armv7 Build/LRX09D) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/37.0.0.0 Mobile Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id:1234
Form Dataview parsed
grant_type=mypassword&client_id=1234&client_secret=1234&username=myUserName&password=mypassword

Related

Aws sdk angular - strange behaviour of headObject method

I'm experiencing some strange issues with headObject method from S3 class with browser's cache enabled (with cache disabled is everything fine).
The problem is that when trying to get a resource with headObject call, is randomly returning false or true without changing anything.
The resource exists phisically on bucket and correct url is https://s3-eu-west-1.amazonaws.com/wayonara-simo/_shards/_single_shard_1539048.jpeg
My environment is Angular v2.4.9 and Aws-Sdk v2.42.0, S3 CORS configuration:
<?xml version="1.0" encoding="UTF-8"?>
<CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
<CORSRule>
<AllowedOrigin>*</AllowedOrigin>
<AllowedOrigin>http://*</AllowedOrigin>
<AllowedOrigin>https://*</AllowedOrigin>
<AllowedOrigin>http://localhost:30300</AllowedOrigin>
<AllowedMethod>GET</AllowedMethod>
<AllowedMethod>POST</AllowedMethod>
<AllowedMethod>PUT</AllowedMethod>
<AllowedMethod>HEAD</AllowedMethod>
<MaxAgeSeconds>3000</MaxAgeSeconds>
<AllowedHeader>*</AllowedHeader>
</CORSRule>
</CORSConfiguration>
Additional infos:
follows errors throwed in console dev tools
XMLHttpRequest cannot load https://s3-eu-west-1.amazonaws.com/wayonara-simo/_shards/_single_shard_1539048.jpeg. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:30300' is therefore not allowed access.
XMLHttpRequest cannot load https://s3.amazonaws.com/wayonara-simo/_shards/_single_shard_1539048.jpeg. Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:30300' is therefore not allowed access.
and these are errors in network panel:
Request URL:https://s3.amazonaws.com/_shards/_single_shard_1539048.jpeg
Request Method:OPTIONS
Status Code:403 Forbidden
Remote Address:54.231.72.34:443
Referrer Policy:no-referrer-when-downgrade
Response Headers
view source
Content-Type:application/xml
Date:Fri, 12 May 2017 09:48:11 GMT
Server:AmazonS3
Transfer-Encoding:chunked
x-amz-id-2:nZZfgEX/kdsJjSTOiBXUIbSCfE1Q09rjuULw3peidaDzzGQieqqknUZCyYaQFr9KqUmyaN6CGrI=
x-amz-request-id:D487590B572BCEA2
Request Headers
view source
Accept:*/*
Accept-Encoding:gzip, deflate, sdch, br
Accept-Language:it-IT,it;q=0.8,en-US;q=0.6,en;q=0.4
Access-Control-Request-Headers:authorization,x-amz-date,x-amz-user-agent
Access-Control-Request-Method:HEAD
Connection:keep-alive
Host:s3.amazonaws.com
Origin:http://localhost:30300
Referer:http://localhost:30300/
User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36
Request URL:https://s3.amazonaws.com/_shards/_single_shard_1539048.jpeg
Request Method:OPTIONS
Status Code:403 Forbidden
Remote Address:54.231.72.34:443
Referrer Policy:no-referrer-when-downgrade
Response Headers
view source
Content-Type:application/xml
Date:Fri, 12 May 2017 09:48:12 GMT
Server:AmazonS3
Transfer-Encoding:chunked
x-amz-id-2:Uux+RZH1B8UjtROZAVnLDzqpADeVyeHu3cElxyddYEPI3UMacF0VMy+fPK3ka/mDs2CRCo3+Pac=
x-amz-request-id:785D5A24F89811A3
Request Headers
view source
Accept:*/*
Accept-Encoding:gzip, deflate, sdch, br
Accept-Language:it-IT,it;q=0.8,en-US;q=0.6,en;q=0.4
Access-Control-Request-Headers:authorization,x-amz-date,x-amz-user-agent
Access-Control-Request-Method:HEAD
Connection:keep-alive
Host:s3.amazonaws.com
Origin:http://localhost:30300
Referer:http://localhost:30300/
User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36
Request URL:https://s3.amazonaws.com/_shards/_single_shard_1539048.jpeg
Request Method:OPTIONS
Status Code:403 Forbidden
Remote Address:54.231.72.34:443
Referrer Policy:no-referrer-when-downgrade
Response Headers
view source
Content-Type:application/xml
Date:Fri, 12 May 2017 09:48:12 GMT
Server:AmazonS3
Transfer-Encoding:chunked
x-amz-id-2:ttV1ZuiAIYNWJGa3MGTbO3BDiiQ2Pcby2z/VSaqEvnlYEzfAyGc4FQAWX44OWWy6FuKmRUaUSN8=
x-amz-request-id:9079F8A97F77F858
Request Headers
view source
Accept:*/*
Accept-Encoding:gzip, deflate, sdch, br
Accept-Language:it-IT,it;q=0.8,en-US;q=0.6,en;q=0.4
Access-Control-Request-Headers:authorization,x-amz-date,x-amz-user-agent
Access-Control-Request-Method:HEAD
Connection:keep-alive
Host:s3.amazonaws.com
Origin:http://localhost:30300
Referer:http://localhost:30300/
User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36
Request URL:https://s3.amazonaws.com/_shards/_single_shard_1539048.jpeg
Request Method:OPTIONS
Status Code:403 Forbidden
Remote Address:54.231.72.34:443
Referrer Policy:no-referrer-when-downgrade
Response Headers
view source
Content-Type:application/xml
Date:Fri, 12 May 2017 09:48:12 GMT
Server:AmazonS3
Transfer-Encoding:chunked
x-amz-id-2:kfOi2aYqtvg6paYr6GPsim8DIBffv3APlFjnXzKhBQiuVQNJkalt0kPQM8XggGUo67oJim9WSrs=
x-amz-request-id:22BF45BC5DD15C5A
Request Headers
view source
Accept:*/*
Accept-Encoding:gzip, deflate, sdch, br
Accept-Language:it-IT,it;q=0.8,en-US;q=0.6,en;q=0.4
Access-Control-Request-Headers:authorization,x-amz-date,x-amz-user-agent
Access-Control-Request-Method:HEAD
Connection:keep-alive
Host:s3.amazonaws.com
Origin:http://localhost:30300
Referer:http://localhost:30300/
User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36
Any help would be appreciated, thanks

mvc+angular not getting response of post method in tablet

The application is in mvc+angular js.
From the login page application user is taken to the dashboard page.
The login post action works on the desktop but it is not working on the tablet. If I inspect the tablet with remote debugging, I can not find any errors and the response is empty.
Please help me on that.
Request URL:example.com/Account/Login
Request Method:POST
Status Code:302 Found
Accept:text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Encoding:gzip,deflate,sdch
Accept-Language:en-US,en;q=0.8
Cache-Control:max-age=0
Connection:keep-alive
Content-Length:248
Content-Type:application/x-www-form-urlencoded
Host:180.211.114.147:97
Origin:example.com
Referer:example.com/Account/Login
User-Agent:Mozilla/5.0 (Linux; Android 4.0.4; GT-P7310 Build/IMM76D) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.166 Safari/537.36
Form Dataview sourceview URL encoded
__RequestVerificationToken:64n4kAk06a1PWABGIXLpE2Tnm1v7_1rC6cCIopLeCdNF_1Q3xcir7pJUA0_y378SJxpMQ2fg_cPynE5acHanepnJ9yssLIa0I-Htuehw1pGDTDk0TC2Prhn4ph51qun0uzgHdvWXTrgtPVrGTSiQU_k_FGj9srDjc23tdKv54wc1
UserName:abc
Password:abc
RememberMe:False
Response Headersview source
Cache-Control:private
Content-Length:118
Content-Type:text/html; charset=utf-8
Date:Fri, 26 Feb 2016 10:49:56 GMT
Location:/
Server:Microsoft-IIS/7.5
Set-Cookie:.sessionVRSSPL=k1a2ahcdo0f2jdusojoyrlbn; path=/; HttpOnly
Set-Cookie:.vrssplUsernameCookie=; expires=Thu, 25-Feb-2016 10:49:52 GMT; path=/
Set-Cookie:.formVRSSPL=6892A40852C4C0CB194DEC4DE37746BC204A3FF36DF8A06B03B9C05BA3EB30F0BF51ADE8BA0A016E18E03BA6C80DD920ED8EB4FCCFEEA0D4229077F9925729A0084DC57F445F1894298725C9E480A273931DCF1F20539E46C9140FEA5E0B2682B8B164EEC08B8C714D540A37AE16D3D36548B107021C43C718578F982A543511; path=/; HttpOnly
X-AspNet-Version:4.0.30319
X-AspNetMvc-Version:4.0
X-Powered-By:ASP.NET``

Running laravel app using Grunt fails to start session on local environment

I am working on an angular-laravel app. I have an API kind of workflow.
The angular app sits at the root of the project directory in the angular folder.This has the build tools and dependency management tools configured like bower and grunt.
My routes.php has been configured to authenticate the user on login.
Route::post('login','LoginController#auth');
Route::get('checkAuthentication','LoginController#isLoggedIn');
When I call both the routes,I always get the response as false.
Tried printing the values in the Auth::attempt() method,which logs in the user,but the session does not persist.The user is immediately thrown out to the home page.
I start the applcication using grunt by running grunt serve. This starts the app on localhost:9000. I call the laravel routes from angular by giving path to the public folder as they are laravel routes. Example: localhost/project_dir/public/login. This check the user in database but immediately destroy or does not create session even after adding CORS extension. NO error is displayed.Just false is returned and the user is redirected to home page.
Remote Address:127.0.0.1:80
Request URL:http://localhost/project_dir/public/user/check
Request Method:POST
Status Code:200 OK
Response Headers
view source
Access-Control-Allow-Origin:http://localhost:9000
Cache-Control:no-cache
Connection:Keep-Alive
Content-Length:4
Content-Type:text/html; charset=UTF-8
Date:Wed, 29 Jul 2015 10:30:33 GMT
Keep-Alive:timeout=5, max=99
Server:Apache/2.4.9 (Win64) PHP/5.5.12
Set- Cookie:laravel_session=eyJpdiI6InlaVVlxUDRra3E1NXdcL25OekJvSlBRPT0iLCJ2YWx1ZSI6IlVaWGF6NmdsV1wvZ3NcL1FTVkR5Y2J3czlQNUkyaWdxZlJmeG5zK2U2c0lqM2VOMEY5S000cVwveTBVazBwVFNSZXlhZmhWSEUxUlRyMVJidE5TcE5jM2FBPT0iLCJtYWMiOiIzYzQ2YjJkMjVmMjZiODBiNzgwNmY3YjQ3NmMwOWI5MmM3NmFmZmNmMzY1MDFkNjFlMjg0MjQ0MzVjNGUyYTAzIn0%3D; expires=Wed, 29-Jul-2015 12:30:33 GMT; Max-Age=7200; path=/; domain=http://localhost:9000/; httponly
Vary:Origin
X-Powered-By:PHP/5.5.12
Request Headers
view source
Accept:application/json, text/plain, */*
Accept-Encoding:gzip, deflate
Accept-Language:en-US,en;q=0.8
Cache-Control:max-age=0
Connection:keep-alive
Content-Length:0
Host:localhost
Origin:http://localhost:9000
Referer:http://localhost:9000/
User-Agent:Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.107 Safari/537.36 FirePHP/4Chrome
X-FirePHP-Version:0.0.6
X-Wf-Max-Combined-Size:261120
Above are request response headers for a route to check users session.
How can I debug it to resolve the issue? Is it angular rejecting the request?
Update:
I tried disabling the laravel_session cookie using this link but still no luck
Remote Address:127.0.0.1:80
Request URL:http://localhost/project_dir/public/user/check
Request Method:POST
Status Code:200 OK
Response Headers
view source
Access-Control-Allow-Origin:http://localhost:9000
Cache-Control:no-cache
Connection:Keep-Alive
Content-Length:4
Content-Type:text/html; charset=UTF-8
Date:Wed, 29 Jul 2015 13:41:51 GMT
Keep-Alive:timeout=5, max=100
Server:Apache/2.4.9 (Win64) PHP/5.5.12
Vary:Origin
X-Powered-By:PHP/5.5.12
Request Headers
view source
Accept:application/json, text/plain, */*
Accept-Encoding:gzip, deflate
Accept-Language:en-US,en;q=0.8
Cache-Control:max-age=0
Connection:keep-alive
Content-Length:0
Host:localhost
Origin:http://localhost:9000
Referer:http://localhost:9000/
User-Agent:Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.107 Safari/537.36

Structr CORS api request

I'm trying to make a XHR request from my AngularJS instance running on port :8080 to my Structr instance running on port :8082
Thing is, Structr doesn't seem to accept OPTIONS requests on port:8080
Here is the Request header :
OPTIONS /structr/rest/issues HTTP/1.1
Host: localhost:8082
Connection: keep-alive
Cache-Control: max-age=0
Access-Control-Request-Method: GET
Origin: http://localhost:8080
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.94 Safari/537.36
Access-Control-Request-Headers: accept, -hx-password, -hx-user
Accept: */*
Referer: http://localhost:8080/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: fr-FR,fr;q=0.8,en-US;q=0.6,en;q=0.4,nl;q=0.2
Here is the Response headers from the server:
Access-Control-Allow-Headers:Content-Type
Access-Control-Allow-Methods:GET,PUT,POST
Access-Control-Allow-Origin:http://localhost:8080
Content-Length:44
Content-Type:application/json; charset=utf-8
Expires:Thu, 01 Jan 1970 00:00:00 GMT
Server:Jetty(9.1.4.v20140401)
Set-Cookie:JSESSIONID=1w7n8c71lcbh31s7kwygtat69c;Path=/
The most interesting part IMHO is
Access-Control-Allow-Methods:GET,PUT,POST
I have to say that my understanding of java and HTTP Requests is really sparse so I don't really feel like digging in the source code...
Or maybe it's a simple Angular thing everyone knows but me...
Thanks to Axel Morgner the answer is :
There are two ways to solve it:
1: Let Structr serve also the AngularJS code.
2: Configure the REST > endpoint to accept OPTIONS using a ResourceAccess flag, see docs.structr.org/rest-user-guide#Securing > REST Endpoints.
Beware that when you create a Schema, structr automatically creates new resourceAccess nodes for the new possibles actions.

GWT FormPanel does not submit the session ID after updating on GWT version 2.4.0

After I updated the GWT version on 2.4.0 and the GAE version on 1.6.2 the com.google.gwt.user.client.ui.FormPanel does not submit the jSessionId anymore. I discovered this bug when I tried to get the HttpSession (request.getSession(false)) in the servlet-doPost-method which now returns null.
In my deployed version on appspot.com the app is still working. So I analyzed the post-request with the chrome development tools and detect that the jSessionId is not be submitted by the FormPanel:
Development Mode:
Request URL:http://halligalli:8888/_ah/upload/ahJtcDNzdHJlYW1pbmdwbGF5ZXJyGwsSFV9fQmxvYlVwbG9hZFNlc3Npb25fXxhHDA
Request Method:POST
Status Code:302 Found
Request Headersview source
Accept:text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Charset:ISO-8859-1,utf-8;q=0.7,*;q=0.3
Accept-Encoding:gzip,deflate,sdch
Accept-Language:de-DE,de;q=0.8,en-US;q=0.6,en;q=0.4
Cache-Control:max-age=0
Connection:keep-alive
Content-Length:7181438
Content-Type:multipart/form-data; boundary=----WebKitFormBoundaryB1bDbQ8YLCAabTG5
Host:halligalli:8888
Origin:http://127.0.0.1:8888
Referer:http://127.0.0.1:8888/Mp3Streaming.html?gwt.codesvr=127.0.0.1:9997
User-Agent:Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.7 (KHTML, like Gecko) Chrome/16.0.912.75 Safari/535.7
Request Payload
------WebKitFormBoundaryB1bDbQ8YLCAabTG5
Content-Disposition: form-data; name="newBlob"; filename="09Anything new.mp3"
Content-Type: audio/mp3
Deployed Version:
Request URL:http://***.appspot.com/_ah/upload/AMmfu6ZrLfT_jYLHJKBXRoWX9_DeeYoa3Ob-vY0bbOcAJ3bj9ihT7Wp5yPmM3yjhn2RBpJAE8Pr7fIA8O-rhY8k0ARTy7hyU3GU3Qw4WrTHvXcSJ9mXZndA/ALBNUaYAAAAATyp8A-H7HSFTkl5ekVfXgXOmd3gK2PQ3/
Request Method:POST
Status Code:302 Found
Request Headersview source
Accept:text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Charset:ISO-8859-1,utf-8;q=0.7,*;q=0.3
Accept-Encoding:gzip,deflate,sdch
Accept-Language:de-DE,de;q=0.8,en-US;q=0.6,en;q=0.4
Cache-Control:max-age=0
Connection:keep-alive
Content-Length:7181438
Content-Type:multipart/form-data; boundary=----WebKitFormBoundaryXy11Yxjeo1JfdJdq
Cookie:JSESSIONID=KOiv4hx1rqIJ1aZdP8CufQ ◄◄◄◄◄◄◄◄◄◄◄◄◄◄◄◄◄◄◄◄HERE IS THE DIFFERENCE
Host:***.appspot.com
Origin:http://***.appspot.com
Referer:http://***.appspot.com/
User-Agent:Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.7 (KHTML, like Gecko) Chrome/16.0.912.75 Safari/535.7
Request Payload
------WebKitFormBoundaryXy11Yxjeo1JfdJdq
Content-Disposition: form-data; name="newBlob"; filename="09Anything new.mp3"
Content-Type: audio/mp3
I am using the FormPanel to upload files which will be stored in the GAE Blobstore and I need the session object to get the owner of the uploaded file (every other RPC in the development mode contains the jSessionId).
Any suggestions?
Thanking you in anticipation!
From your failing request:
Request URL:http://halligalli:8888/_ah/upload/ahJtcDNzdHJlYW1pbmdwbGF5ZXJyGwsSFV9fQmxvYlVwbG9hZFNlc3Npb25fXxhHDA
[…]
Host:halligalli:8888
Origin:http://127.0.0.1:8888
Referer:http://127.0.0.1:8888/Mp3Streaming.html?gwt.codesvr=127.0.0.1:9997
You're not sending the request to the same origin: your browser doesn't send to halligalli a cookie that has been set for 127.0.0.1.
As far as I can tell, this is a limitation of the BlobstoreService in the dev environment. See GWT Blobstore error calling createUploadUrl()

Resources