I would like to get the 'X-Total-Count' response header of a RESTful API. While trying to get the header in the query callback function of my ngResource 'User', it seems that $http ignores a lot of the reponse headers.
These are the response headers of my request:
Access-Control-Allow-Origin: *
Cache-Control: max-age=0, private, must-revalidate
Connection: close
Content-Encoding: gzip
Content-Type: application/json; charset=utf-8
Date: Fri, 17 Oct 2014 11:13:26 GMT
Link: <http://xxxx.xxx/user?page=2>; rel="next"
Transfer-Encoding: chunked
Vary: Accept-Encoding
X-Total-Count: 32
Here I'm querying the set of users:
User.query({
page: $scope.pagingOptions.currentPage,
limit: $scope.pagingOptions.pageSize
}, function(users, responseHeaders) {
console.log(responseHeaders());
console.log(responseHeaders('X-Total-Count'));
});
That's the result of the console:
Object { cache-control="max-age=0, private, must-revalidate", content-type="application/json; charset=utf-8"}
null
So why the $http's responseHeaders() function turns only 2 of 10 header properties?
Are you sure you are not doing cross origin resource sharing?
see 7.1.1 Handling a Response to a Cross-Origin Request
That specification forbids access to any response header field other
except the simple response header fields (i.e. Cache-Control,
Content-Type, ...)
Related
I try to send POST multipart/form-data but without attached file. It's like the client sends sign up form with email + password and without avatar file(this field isn't required).
HTTP request:
POST https://.../profile/user/own
headers=
Authorization: bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyX25hbWUiOiIwN2NjMDUzYS0wMTczLTExZWItOWI1OC0wMTg4NjFhYmViYjAiLCJzY29wZSI6WyJjbGllbnQiXSwiZXhwIjoxNjAxMzc0MzEzLCJ1dWlkIjoiMDdjYzA1M2EtMDE3My0xMWViLTliNTgtMDE4ODYxYWJlYmIwIiwiYXV0aG9yaXRpZXMiOlsiUGF5bWVudE1hcmtldENsaWVudCIsImxvYmJ5X2NoYXQiLCJVc2VyQmFsYW5jZSIsInVzZXItc2xvdC1yZWFkIiwibGVhdmVfY2FsbCIsInJlYWRfc2NoZWR1bGVfdXNlciIsInVzZXItY2FuY2VsLXNsb3QiLCJyZWFkX3VzZXJfcXVlc3Rpb25uYWlyZSIsIndyaXRlX3RpbWV6b25lIiwicmVhZF90aGVyYXBpc3RzX2luZm8iLCJlbmRfc2Vzc2lvbiIsImpvaW5fY2FsbCIsImVkaXRfdXNlciIsImFuc3dlcl9hY3Rpb24iLCJyZWFkX3Nlc3Npb24iLCJQYXltZW50VmVyaWZpQ2xpZW50IiwiYmVnaW5fc2Vzc2lvbiIsIm9jY3VweS1zbG90Iiwid3JpdGVfbWVzc2FnZSIsInJlYWRfdXNlciIsInJlYWRfY29udmVyc2F0aW9uIiwicmVhZF9jaGF0IiwicmVhZF9jdXJyZW50X2NoYXQiLCJzb2NrZXQiLCJtYWtlX2NhbGwiLCJyZWFkX2NhbGwiLCJyZWFkX21lc3NhZ2UiLCJjYWxsX3Rva2VuIl0sImp0aSI6Ijg1NjQ5MmJhLTI0ODUtNDAyZC1hZTJhLWZiY2E2YjhkNGY2MSIsImNsaWVudF9pZCI6ImNsaWVudCJ9.APWse9P8SIJtDMMay8UTT9CN_JEvSIRaznn8JALcYfxz107IaL5ezwEJfIEDBb9_WEDeVKvpjI1eUmiYBQiOcF5LkIPhpww_8vaSbWvWP3Tkg21QQceNEZwnjucMc6Doj1YNlx3iOs03Mv8zmOJZ2S1acz5sVj5cK_ufrItG7Ic_-bbpW67Byl1vNgbTgaJoGMRAgqfCxKpAVpxMFqNw3F8FMKe0dm-uYmJwpKlWVg4sEUOW7LSZ6wr3c5XgBHXVvTzVFb0sJyhFkw9W1nrMSJTxJqsaVGEzIe01qhQZasbRkMxC32XXlFzpGSmBDJpdWpTD3pUXrIhD4v15PWt3wg
accept: */*
host: api.dev.psychicbook.net
content-type: multipart/form-data
content-length: 108
formBody=
userData: {"email":"automation.tku1fin9av3#test.com","nickname":"5SkHTB0EVs"}
=========================
HTTP response:
status=
500
headers=
Server: nginx/1.17.10
Date: Mon, 28 Sep 2020 10:11:53 GMT
Content-Type: application/json;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,POST,PUT,PATCH,DELETE,OPTIONS
Access-Control-Max-Age: 3600
Access-Control-Allow-Headers: Content-Type, Authorization
Access-Control-Allow-Credentials: true
X-Application-Context: gateway-service:develop:8765
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Strict-Transport-Security: max-age=15724800; includeSubDomains
body=
{"timestamp":1601287913987,"status":500,"error":"Internal Server Error","exception":"org.springframework.web.multipart.MultipartException","message":"Could not parse multipart servlet request; nested exception is java.io.IOException: org.apache.tomcat.util.http.fileupload.FileUploadException: the request was rejected because no multipart boundary was found","path":"/profile/user/own"}
There is a special method for file uploading -> .formUpload("file", "image.jpg"), but I don't want to send any file.
If I make the same with Insomnia or anoter REST client, everything is OK, and it looks like:
HttpResponse<String> response = Unirest.post("https://.../profile/user/own")
.header("authorization", "bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyX25hbWUiOiJjMGRlNWI3ZS0wMTYzLTExZWItOWI1OC0wMTg4NjFhYmViYjAiLCJzY29wZSI6WyJjbGllbnQiXSwiZXhwIjoxNjAxMzY3NzUyLCJ1dWlkIjoiYzBkZTViN2UtMDE2My0xMWViLTliNTgtMDE4ODYxYWJlYmIwIiwiYXV0aG9yaXRpZXMiOlsiUGF5bWVudE1hcmtldENsaWVudCIsImxvYmJ5X2NoYXQiLCJVc2VyQmFsYW5jZSIsInVzZXItc2xvdC1yZWFkIiwibGVhdmVfY2FsbCIsInJlYWRfc2NoZWR1bGVfdXNlciIsInVzZXItY2FuY2VsLXNsb3QiLCJyZWFkX3VzZXJfcXVlc3Rpb25uYWlyZSIsIndyaXRlX3RpbWV6b25lIiwicmVhZF90aGVyYXBpc3RzX2luZm8iLCJlbmRfc2Vzc2lvbiIsImpvaW5fY2FsbCIsImVkaXRfdXNlciIsImFuc3dlcl9hY3Rpb24iLCJyZWFkX3Nlc3Npb24iLCJQYXltZW50VmVyaWZpQ2xpZW50IiwiYmVnaW5fc2Vzc2lvbiIsIm9jY3VweS1zbG90Iiwid3JpdGVfbWVzc2FnZSIsInJlYWRfdXNlciIsInJlYWRfY29udmVyc2F0aW9uIiwicmVhZF9jaGF0IiwicmVhZF9jdXJyZW50X2NoYXQiLCJzb2NrZXQiLCJtYWtlX2NhbGwiLCJyZWFkX2NhbGwiLCJyZWFkX21lc3NhZ2UiLCJjYWxsX3Rva2VuIl0sImp0aSI6Ijg5ZDg4OTViLTU1NzQtNDk2OC1hNmJhLWRmZjcyYmIxYWI1MyIsImNsaWVudF9pZCI6ImNsaWVudCJ9.bW7F65elarJNQ9RkfIJcH0uq9Og0ue8TXNZ7Gh_FFCdj_c8SVHlPXwu-nEoZZSTVk3gBB2I_hw8MqPfCZVZrlAlzyIfAcyuQ1WRgRH5-xVzYej3XqBEADuCjBabcO87LoPwz_vYCT3JZVhNZHcDMOkQ429dg0HdKeSBd6qJaPYCgWgq529b9-wnufNBx9LHyaTYLWZC5nMfmDbyep3sc2_q6YzqKMMH5a-s1SmOgQpKbCNyCx7gui3tiYqQh21zMN-PhtkRNAD78awzpIpZhuZTF-AbrQkI6J1Yvsg59AYkZZVBd5gyCSopydquezf7xaAc3Ot2L-DubGzWwr2u9gA")
.header("content-type", "multipart/form-data; boundary=---011000010111000001101001")
.body("-----011000010111000001101001\r\nContent-Disposition: form-data; name=\"userData\"\r\n\r\n{\"email\":\"automation.tku1fin9av3#test.com\",\"nickname\":\"qatest5\"}\r\n-----011000010111000001101001\r\nContent-Disposition: form-data; name=\"file\"\r\n\r\n\r\n-----011000010111000001101001--\r\n")
.asString();
How can I make the same but with Gatling?
I had the same issue. I have some entries with, and some without files. Both need to be uploaded using body parts.
When i set one fields using StringBodyPart it worked for me:
val uploadDocument = doIfEqualsOrElse(session => session("file").as[String], "") {
// executed if the session value stored in "myKey" starts with "admin"
exec(
http("upload: ${title}")
.post(
clientPortalUrl + "/customerportal/api/documents"
)
.headers(multipartUploadHeaders)
//if we do not call formUpload() we need set one field using StringBodyPart, the rest will follow.
.bodyPart(StringBodyPart("title", "${title}")).asMultipartForm
.formParam("documentType", "${documentType}")
.formParam("accountId", "${accountId}")
.formParam("period", "${period}")
.formParam("endDate", "${endDate}")
.formParam("signer", "${signer}")
.formParam("nexusRecipient", "${nexusRecipient}")
.formParam("vatFiscalEntityDivision", "${vatFiscalEntityDivision}")
.formParam("editor", "${editor}")
.formParam("repeatable", "${repeatable}")
.requestTimeout(5.minutes)
.check(status.is(201))
.check(jsonPath("$.title").exists)
)
} {
exec(
http("upload: ${title}")
.post(
clientPortalUrl + "/customerportal/api/documents"
)
.headers(multipartUploadHeaders)
.formParam("title", "${title}")
.formParam("documentType", "${documentType}")
.formParam("accountId", "${accountId}")
.formParam("period", "${period}")
.formParam("endDate", "${endDate}")
.formParam("signer", "${signer}")
.formParam("nexusRecipient", "${nexusRecipient}")
.formParam("vatFiscalEntityDivision", "${vatFiscalEntityDivision}")
.formParam("editor", "${editor}")
.formParam("repeatable", "${repeatable}")
.formUpload("files[]", "${file}")
.requestTimeout(5.minutes)
.check(status.is(201))
.check(jsonPath("$.title").exists)
)
}
I am using angular JS to login to my app. On the server, it returns a X-AUTH-TOKEN. When I do a JSON request. The header response looks like this...
Pragma: no-cache
Date: Thu, 19 Nov 2015 12:44:05 GMT
X-Content-Type-Options: nosniff
Server: Apache-Coyote/1.1
X-Frame-Options: DENY
Access-Control-Max-Age: 3600
Access-Control-Allow-Methods: POST, GET, OPTIONS, DELETE
Access-Control-Allow-Origin: chrome-extension://gmodihnfibbjdecbanmpmbmeffnmloel
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
X-AUTH-TOKEN: eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiJiaWxseWpvZSJ9.le0y_pOfQAyLJO4IJ4ZjQQqgqgiN2xtpLAzORawoDm4O4euHFh32LtjMrBUTkr8G2LeY_2bALe_rcm3LY_NlSg
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Content-Type, Accept, X-Requested-With, remember-me
Content-Length: 88
X-XSS-Protection: 1; mode=block
Expires: 0
As you can see. X-AUTH-TOKEN is present. But when I try to retrieve it and save it to local storage...
$http.post(loginUrl)
.success(function(data, status,headers) {
$scope.hello = data;
var TOKEN = headers("X-AUTH-TOKEN");
window.localStorage['X-AUTH-TOKEN-TRIVIA'] = headers("X-AUTH-TOKEN");
})
It always returns NULL. Why is it not retrieving the token if its clearly in the header ?
I have also used single quotes.
$http.post(loginUrl)
.success(function(data, status,headers) {
$scope.hello = data;
var TOKEN = headers('X-AUTH-TOKEN');
window.localStorage['X-AUTH-TOKEN-TRIVIA'] = headers('X-AUTH-TOKEN');
})
Figured it out... Thanks to another post
Angular.js saying custom HTTP response header is null
The problem is server side. You must add Access-Control-Expose-Headers: X-Auth-Token
In my case using Spring Boot or Spring. You probably would have to add this in your CorsFilter
response.setHeader("Access-Control-Expose-Headers", "X-Auth-Token");
I'm using CakePHP as backend and AngularJS as frontend, whereas front- & backend are in different domains so this is basically a CORS-situation.
Basically I'm trying to send the contents of a form to a Cake-API (later this is meant to do authentication part - but I'm failing earlier) via $http.post. So here is the code:
aeapBackend.login = function(username, password) {
return $http.post(
API_URL + 'api_mobile_user/login', {
test: username,
test2: password
}
);
};
Whereas the corresponding API in CakePHP looks like this:
function beforeFilter() {
parent::beforeFilter();
$this->Auth->allow(array('login'));
}
public function login() {
$this->response->header(array(
'Access-Control-Allow-Origin' => '*',
'Access-Control-Allow-Headers' => 'Content-Type'
)
);
$this->autoRender = false;
}
What happens next is that the preflight OPTIONS request ist done - which looks quite good to me:
Request Headers:
OPTIONS /api_mobile_user/login HTTP/1.1
Host: aeap.localhost
Connection: keep-alive
Access-Control-Request-Method: POST
Origin: http://asf.localhost
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 7_0 like Mac OS X; en-us) AppleWebKit/537.51.1 (KHTML, like Gecko) Version/7.0 Mobile/11A465 Safari/9537.53
Access-Control-Request-Headers: accept, content-type
Accept: */*
Referer: http://asf.localhost/?username_input=hjk&password_input=hjgk&login_button=
Accept-Encoding: gzip,deflate,sdch
Accept-Language: de-DE,de;q=0.8,en-US;q=0.6,en;q=0.4
Response headers:
HTTP/1.1 200 OK
Date: Wed, 05 Nov 2014 15:29:00 GMT
Server: Apache/2.4.10 (Win32) OpenSSL/1.0.1i PHP/5.5.15
X-Powered-By: PHP/5.5.15
Set-Cookie: CAKEPHP=j6st0hnq8ear2cc6psg56d6eu3; expires=Wed, 05-Nov-2014 19:29:00 GMT; Max-Age=14400; path=/; HttpOnly
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Content-Type
Content-Length: 0
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
But when the actual POST-request is done I get an status code 403:
XMLHttpRequest cannot load http://aeap.localhost/api_mobile_user/login. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://asf.localhost' is therefore not allowed access. The response had HTTP status code 403.
How can I avoid this? In my opinion I already enabled CORS support for Cake ['Access-Control-Allow-Origin']. It seems to me that AngularJS posts some additional informations whioch are not checked during the preflight and then rejected by the backend.
Used versions: CakePHP 2.5.3, AngularJS: 1.3.0
Thanks to Marvin Smit I was able to determine the reason for the behavior which was not connected to CORS are the headers. I set 'Access-Control-Allow-Origin' => '*'on web-server level so I was able to get a response which pointed to the security component of CakePHP.
I basically tried to send a POST-Reuqest to an API which did not expect that data should be posted to it. Therefore the access was denied. So I had to add $this->Security->csrfCheck = false to the beforeFilter:
function beforeFilter() {
parent::beforeFilter();
$this->Auth->allow(array('login'));
$this->Security->csrfCheck = false;
}
For what it's worth, the proper way to do this for Cakephp 3 is as follows
public function beforeFilter() {
parent::beforeFilter();
$this->Auth->allow(array('login'));
$this->eventManager()->off($this->Csrf);
}
Although, this is not recommended for AJAX requests. The following doc can help you more. CSRF And AJAX
Can anyone suggest me how to read the set-cookie value from through angularJS
Access-Control-Allow-Credentials:true
Access-Control-Allow-Headers:Origin, Content-Type,Accept, Authorization, X-Requested-With
Access-Control-Allow-Methods:POST, GET, PUT, OPTIONS,DELETE, HEAD
Access-Control-Allow-Origin:*
Access-Control-Expose-Headers:Set-Cookie
Access-Control-Max-Age:3600
Cache-Control:private
Content-Length:274
Content-Type:text/html; charset=utf-8
Date:Fri, 18 Jul 2014 15:09:10 GMT
Server:Microsoft-IIS/7.5
Set-Cookie:.ASPXAUTH=874412C6B46506F2CEB94F14CD64288B50FA245EBAE69E5B7EA0B7BD7BCFBA19DC1EBD1A1D96293561B495B7DAD0FE3E8DB5E82B436E9086EB42F06AE141A5DF141B921CD7D8871C697A2C31F3D6E7AE47FA23FDA276AB380DC4E81C6A200D5244808284A7EA02B8B44F9F048D840D57B470B8E3C22D6A9B857189968A68D3B28340DD4C236A65C9BD3A3B25361383BE429003F9A8DD495B2CFE36785EA982558D6017D40109D8DAE3BB3ECBD9124604; path=/
X-AspNet-Version:4.0.30319
X-AspNetMvc-Version:4.0
X-Powered-By:ASP.NET
My assumption is that you are using $http. If that's the case, it would be something like this:
$http.get(someServiceUrl).then(function (response) {
var foo = response.headers()['Set-Cookie'];
}
I have an AngularJS app that parses HTML which largely comes from emails. In some cases data-bind-html will throw a Parse Error but not all cases. I've been unable to determine why.
Does anyone know some types of tokens or syntax that can cause the error?
Here's a sample of a file which trips it up:
,
I received the following error message...:
------------------------------------------------------------------------ The server encountered an unexpected condition that prevented it from
fulfilling the request.
HTTP_Status = 500 (Internal Server Error)
URL =
----------------------------------------- Request Headers
----------------------------------------- POST /ss/servlet/FooServlet/ HTTP/1.1 Accept: Accept: / Host: mydomain.org Content-Length: 141
User-Agent: FooBar/2.1.94 Pragma: no-cache Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded; charset="utf-8"
Connection: Keep-Alive Cookie:
BIGipServerpool_cookie_apps_ss_8188=rd860o00000000000000000000ffff0a0ad0aco8188;
JSESSIONID=5215F941A173B6127E9A95B3E99E3A74
----------------------------------------- Response Headers
----------------------------------------- HTTP/1.1 500 Internal Server Error Server: Apache-Coyote/1.1 Set-Cookie:
JSESSIONID=A9B7C98E5359D961DC8958F87CCCF49E; Path=/ss
Content-Disposition: attachment; filename="spreadsheet.csv"
Content-Description: spreadsheet.csv Content-Transfer-Encoding: binary
Content-Type: application/csv;charset=ISO-8859-1 Transfer-Encoding:
chunked Date: Wed, 06 Mar 2013 18:46:19 GMT Connection: close
-------------...
Emails can contain a lot of arbitrary encoding and invalid HTML, such as <email#domain.com>. To eliminate the Parse Errors I've implemented my own filter which takes effect before it goes through ngSanitize/bind-html.
ng-bind-html="obj.emailContent | sanitizeEmail"
myModule.filter('sanitizeEmail', function() {
return function(input) {
return input.replace(/<[\w-]*\.[\w-]*>/g, '').replace(/<[\w\.\$-]+[\:#].*>/g, '');
};
});