I have a requirement where I need to route a series of requests to the same member
in a load balancer cluster.
The requests look like this:
/server/create-some-id => responds with a unique ID
/server/do-something-with-id/{ID}
/server/do-something-with-id/{ID}
... etc.
The requirement is that requests 2 and on have to be routed to the same balancer
member as request 1. Due to some legacy code, I can't just create a cookie in
the response of request 1 to use for routing.
I'm wondering if there's an Apache module which is able to SetEnvIf based on either
a response header or the response body, or any other way to solve this?
Thanks!
It does not seem to be possible to enable stickyness based on the response headers or body in Apache 2.
Related
I am new to mulesoft 4.4, I can to send http request to url xyz with one http_request_configuration, but I need to select application url dynamically based on the users input payload (kind of http routing with different host), I don't know how to achieve this in mulesoft. Do I need to crate multiple http_request_configuration for this?
Kind regards
J Babu
You can set the URL at the HTTP Request operation level. For example using a variable:
<http:request method="GET" doc:name="Request" url="#[vars.myUrl]"/>
Note that you should not try to use the URL to add query parameters. Use the HTTP Request query params feature for that.
I have an AngularJs website and when I am trying to post data then when I am opening my website without using www then I am getting
Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource
Otherwise, I am not getting any error.
I tried to search and found that I should implement CORS on my backend which is in NodeJs but can anyone please tell me how can I only implement CORS Headers such that for both www and without, it would work but for any other domain trying to access my API must result in preflight error.
I am trying to do this because I read here which-security-risks-do-cors-imply that allowing all domains can increase security overhead for my website which I do not want.
Thanks.
I'm afraid this is not something you can tweak just in your client-side code. In order for cross-origin requests to work, you need to set an http response header: it's the server, who serves the resource, who will need the change, not the client side code from angularJs.
I believe that you should update your question stating what your server side language is and how are you handling http requests in the server side. As far as I know, just adding a header like:
Access-Control-Allow-Origin: http://client.domain.com
In your responses will do the trick. Where client.domain.com is the domain of your client, angularJs application.
Just getting up to speed with authentication in angular . What I read a lot is the usage of headers to pass in a token like here: $http Auth Headers in AngularJS
My question is with passing in the token for every request to the backend what are the main reasons to use headers? Is this just for a cleaner solution or is it for performance?
Using headers for this isn't an Angular thing, many APIs use these so that for example a server can determine if the client should be allowed access quickly by examining only the headers and not the request body. This allows better separation of concerns between authentication and authorization functions, and payload processing on the server.
Upstream servers (of which there may be many layers) can add and remove headers and generally route and authorize your request more efficiently than if this data were to be in the request body.
Headers also keep authentication data out of URL request parameters which looks cleaner but also stops authentication data appearing in browser history etc.
One downside could be that if you are making requests through a network proxy there's a chance that the proxy may strip some headers especially if they're non-standard names.
If your connection to server is HTTPS then HTTP HEADERS are also encrypted. Where as query params are not.
I originally wrote an REST API to work with a previously written mobile app. The mobile programmer requested from me to generate an auth_token on login that he will pass as a header on each request that needed authentication. This API runs at api.example.com.
Later on, I was commissioned to write an AngularJS app that communicates with this API, so I had to use Access-Control-Allow headers on the backend for OPTIONS requests to be CORS compatible CORS so my browser allows the connection (looks like iOS does not look for this headers). This app runs at one.example.com.
Now, I have to write a second AngularJS app that will run at two.example.com and there's a third being planned for the near future at three.example.com.
My problem is that my Access-Control-Allow-Origin header looks like this:
Access-Control-Allow-Origin: http://one.example.com:80
* is not allowed, nor I'm able to set this header to more than one origin. So as far as I can see I have two solutions:
Implement token-based authentication in parallel to the current cookie-based one. I'm thinking on this. This will of course take some time I'm willing to save.
Send the requester a header or param to the API endpoint identifying the app on the OPTIONS request and server-side, produce the CORS headers accordingly. I don't even know if it's possible and this looks nasty for even thinking it.
Any better ideas?
If they have the same origin, example the same domain (example.com) or the same subdomain (1.ex.example.com and 2.ex.example.com) they can share the same cookie. Because cookie is based on the domain itself.
I'm trying to make a POST request between two sites.
I've seen the need to change header of request on server side using the access-allow. My problem is that when I send request I can't see this modification in the response header.
If I go on directly on page the headers are change. If I sent request with GET, I can see too that the headers has been changed. Maybe there is server configuration of http which is forbidden across domain POST request?
I'm using a Ngnix server that serves Drupal sites.
As far as I know, the header you should change is the response header of the site that receive the request (or site 2). Thus, it allows the client (or site 1) to perform a CORS request, adding the header "Access-Control-Allow-Origin" and the domain of site 1 (or '*') into the response.