Let's say I use the website: redacted.com
Website works fine when I am using it normally.
When I start using BURP SUITE PROXY to intercept requests, I start to have this error:
[2021-04-14T02:45:46.724Z] #firebase/firestore: Firestore (7.24.0): Could not reach Cloud Firestore backend. Backend didn't respond within 10 seconds.
This typically indicates that your device does not have a healthy Internet connection at the moment. The client will operate in offline mode until it is able to successfully connect to the backend.
Error: Uncaught (in promise): FirebaseError: [code=unavailable]: Failed to get document because the client is offline.
Please provide me the solution to this.
The answers do not work anymore due to the Firebase updates - i will give you a short instruction on how to find your custom match-replace rule:
make sure to activate "Intercept Server Responses" in the proxy options tab.
go "intercept" tab
set your burp proxy to "intercept is on"
type "this.forceLongPolling" in the search bar on the bottom
forward the requests until you find a match
there should be a pretty big response file containing something like this:
constructor(t,o,u,p,D,Q,Te,it){
this.databaseId=t,this.appId=o,this.persistenceKey=u,this.host=p,this.ssl=D,this.forceLongPolling=Q,this.autoDetectLongPolling=Te,this.useFetchStreams=it
}
in my case it contains the string "this.forceLongPolling=Q"
now create a match replace rule for this very special string to replace "this.forceLongPolling=Q" with "this.forceLongPolling=true" and make sure to choose "response body" as type:
Screenshot Rule
Using the idea of this troubleshoot (https://github.com/firebase/firebase-js-sdk/issues/1190#), i made the following Match and Replace in my Burp Suite and it worked!
this.forceLongPolling=void 0!==t.experimentalForceLongPolling&&t.experimentalForceLongPolling
to
this.forceLongPolling=true
And someone said before
This can change depending on the version of firebase-js-sdk so it's best to look around for experimentalForceLongPolling within your JS files and make sure it gets enabled.
Workaround for this issue (source).
For Burp, the following match and replace worked for me:
this.experimentalForceLongPolling=!!t.experimentalForceLongPolling
to
this.experimentalForceLongPolling=true
This can change depending on the version of firebase-js-sdk so it's best to look around for experimentalForceLongPolling within your JS files and make sure it gets enabled.
Faced the same issue. What worked for me is adding “firestore.googleapis.com” to the “No proxy for” option in Firefox’s proxy configuration.
Firefox Proxy Configuration
Related
We are using AWS Amplify for our NextJS web app and keep receiving error when ever I try to load the application once deployed to Amplify. Locally there is no issue.
I am using Amplify's default Auth configuration, with basic email and password auth. It looks like it could be related to the Amplify cookie being set in the header but I cannot find any documentation within AWS to prevent this or reduce the amount of information passed with the header. Any help would be appreciated.
I have faced the same issue and was able to solve it. Here's how -
Identify the CloudFront Distribution ID for your app. You can find it in the Deploy logs of your app build console.
Search & open that particular CF Distribution and go to the Behaviours tab.
Select the Default behaviour (5th one in my case) and hit Edit.
Scroll down to the Cache key and origin requests section.
Here you will find settings to control what's included in the headers of the request that goes to the server. In my case, I didn't need any Cookies so I chose None, and it solved the issue for me.
In your case, you can do the same or pick what all info needs to be in the headers.
Check to see if there are any unnecessary cookies for that domain.
I was getting this error (on a site I don't own). I took a look at the request headers and found a very large number of cookies (several dozen) for the site's domain. I cleaned up the cookies which seemed non-critical and the error went away.
As the error implies, the size of the entire request header section is above 8192 bytes. Request headers include the accept headers, the user agent, the cookies, etc. and all combined can get rather large. Large headers look malicious to some WAFs. I once had a single user having trouble with our site. Turns out they were a polyglot and had configured their browser to accept several dozen languages causing their accept-language header to be suspiciously long, and the WAF refused to proxy the request.
I faced the same issue using Nextjs, amplify and an external Auth provider.
The problem is that AWS S3 service has a request header maximum allowed size of 8192 bytes, so when ever you try to access the static generated pages of Nextjs it returns that error. This has already been asked here
In my case, I was using an external Auth provider and I was able to solve the issue configuring the cookies only for the '/api/' path. That way the Auth cookies are sent only to the Nextjs api endpoints, so your request header is lighter whenever you try to get the static pages.
Trying to make a request like shown below
(https://learn.microsoft.com/en-us/graph/api/user-list?view=graph-rest-1.0&tabs=http#code-try-15)
picture
picture
Tried to see if it works on their graph explorer ---> https://developer.microsoft.com/en-us/graph/graph-explorer
I need specifically to make this request work ---> https://graph.microsoft.com/v1.0/users?$search="displayName:wa"
But as you see I get this error which suggests that I didn't add the consistencyLevel header but I did, in multiple ways. It's annoying :))
============================================
Update:
I logged in my student microsoft account and now I got this
picture
You missed the "?" in the url
====================Update====================
It can work, but you need to send request with a correct access token. I'm afraid it met some issue when test in the self-contained test tool.
While I was trying my project on localhost it was working fine, using https://cors-anywhere.herokuapp.com/ since I got the CORS problem. But once I deployed the site on Netlify, it gave me the error 426 (Upgrade Required), with or without using https://cors-anywhere.herokuapp.com/.
These are the messages that appear on my console:
>Failed to load resource: the server responded with a status of 426 (Upgrade Required)
>Error: Request failed with status code 426
at createError.js:16
at settle.js:17
at XMLHttpRequest.<anonymous> (xhr.js:61)
I have been searching and some people seem to have similar problem to this. I have seen solutions like having my own server to pass the requests, but I don't know how to do it and, correct me if I am wrong, wouldn't that be the same as using https://cors-anywhere.herokuapp.com/?
Newsapi changed their pricing model.
You can't make requests from the browser anymore, you'll have to use a backend. I had the same problem and the easiest way around it was implementing a Node (Express) server.
I guess the free plan simply is not longer available in production.
"Requests from the browser are not allowed on the Developer plan, except from localhost."
Here's the updated plan page..
https://newsapi.org/pricing
Actually newsapi.org api in developer plan is no more working in production.
because in developer plan CORS is only enabled for localhost.
Developer Plan $0
CORS enabled for localhost.
https://newsapi.org/pricing
but if you want to fetch news in production then there is a alternative for this which have 1000 request per month free works in production also .
https://newsapi.in/
Newsapi.in this website provide api that have cors enabled for all origins.
Enjoy...
As others have mentioned, Newsapi no longer allows you to make requests from the browser.
newscatcher has a no-card free tier that allows for 10,000 requests. On top of that, depending on your use case you can even mail them to increase the limits for a short span of time, or to add extra data points.
What is to be done?
We have an application deployed on the Sharepoint (corporate) Server which uses the windows credentials to log into the application.
App URL format: http://testmachine:1000/sites/test/
Windows Credentials Format: user_id#domain.co.in
The objective is to perform the load/performance testing on the application (especially the log in functionality) for such n number of users.
Normally when I hit the app URL in the Firefox/IE, it pops up a window asking for credentials. I enter the credentials, browse the app and then log out. I intend to capture this in JMeter and simulate this for large number of users.
Where I’m stuck?
Now I start the JMeter proxy server, and then try the same steps as above. But when the pop up window appears, JMeter simply doesn’t record the it nor it does record anything else after the login.
What I’ve tried?
If I try the same steps after enabling “Automatically detect intranet network” in IE, then it simply auto detects my windows credentials (No credentials pop-up), logs me into the app (this is not recorded in JMeter either) and takes me to the home page. And any page thereafter I hit gets recorded in JMeter.
I’ve also tried to use the HTTP Authorization Manager using following parameters:
BaseURL : http://testmachine:1000/sites/test/
Username: DOMAIN\USER_ID
Password: i_wont_tell_you
Domain: \
Realm:
It didn't help. I am quite confused about how-to-use the above element. And not even sure whether its a right approach to get the solution to my problem.
Any help/suggestions?
P.S. I know about a tool called Badboy, but have to go for it as a last resource. Also not even sure if it records the pop windows.
And sorry if the post is verbose.
UPDATE:
I have also tried -
Username: USER_ID and Domain: my_company_domain
But this is not the actual problem. Problem is, when I try to hit the pages (automation) which I've recorded previously return success response even if I haven't used the HTTP Authorization Manager. I'm not sure what I'm missing.
OK. Finally I got what was missing.
First, I had to change the implementation of every request to HttpClient3.1
Second, it was really frustrating to see that JMeter documentation was misleading.
It says that the config file httpclient.parameters, should be edited as following:
http.authentication.preemptive$Boolean=false
But it didn't work. Changing it to true worked like a charm.
Hope this helps other people.
JMeter works at the HTTP layer so the proxy will only capture requests made over this protocol layer. It sounds to me like you have already found the right approach to use for recording by using '“Automatically detect intranet network” in IE', you can use this method to capture most requests and you will have to figure out authentication manually. How you do this depends on how your application communicates with your server to authenticate a user.
My sample works great on my Wifi internet at home. However, at work we have a proxy server and it is not working at all.
I enabled the default proxy and still not working. The "CreateRequest" call throws the exception:
Sequence contains no elements
Any idea? Thanks
I enabled logging and no file is being generated. What do you want me to do?
Regards
Activate logging and see what it tells you.