Why is my HTTP POST multipart/form-data wrong? - http

I am trying to re-create a HTTP-POST multipart/form-data request.
My HTTP-Body looks like this:
--nVenJ7H4puv
Content-Disposition: form-data; name="abc"
I am just a text.
--nVenJ7H4puv
My HTTP-Post request has the following headers:
"Content-Type: multipart/form-data; boundary=nVenJ7H4puv"
Even though according to my knowledge I did everything correctly, I get the reply from the webserver:
Failed to read the request form. Form section has invalid
Content-Disposition value:
Can someone help me out what is wrong with this request?

Related

Coldfusion read HTTP post request from other server

I have a online form on a third-party server and the submission data is sent to my Coldfusion page using a standard HTTP POST request. I need to retrieve the form data in that .cfm page and insert to the database. I use requestcatcher.com and I can see the post request data format as below:
POST /test HTTP/1.1 Host: mytest.requestcatcher.com Connection:
Keep-Alive Content-Length: 1198 Content-Type: multipart/form-data;
boundary=----------------------637248012629755039 Expect: 100-continue
------------------------637248012629755039 Content-Disposition: form-data; name="e_2113"
My Name
------------------------637248012629755039 Content-Disposition: form-data; name="txtCity"
My City
------------------------637248012629755039 Content-Disposition: form-data; name="e_2123"
District
------------------------637248012629755039 Content-Disposition: form-data; name="e_2107"
test#test.com
------------------------637248012629755039 Content-Disposition: form-data; name="e_2128"
212-123-1234
------------------------637248012629755039 Content-Disposition: form-data; name="e_2158"
Maryland
------------------------637248012629755039 Content-Disposition: form-data; name="e_2130"
I want to know how can I get the value of all the form-data.
Thanks
Just dump the form scope to see all of the field names and values. You can then read that into the database. However, you should also setup an API key that the other server must send to you and you verify before processing data. Otherwise, anyone can send you form data and attack your database.
The data will be in the FORM scope.
So you can access txtCity by doing FORM.txtCity for example.
It is also in ARGUMENTS scope if the form was submitting to a cfc. So you can do ARGUMENTS.txtCity as well in a CFC file.
In addition to the other valid answers, as well as accessing the form scope, or the arguments scope if the request was posted to a CFC, it is worth knowing that you can also use getHTTPRequestData() to access the raw request data. getHTTPRequestData().content in the case of a POST request body.
This can come in useful on rare occasions where the exact request data is needed, before it has been parsed into the form scope by CF. One real-world example is the Paypal IPN verification process where it is necessary to echo the form data back to their handler in exactly the same order, casing and encoding as the original POST body.
Some useful reading if you do need to use getHTTPRequestData() : https://www.bennadel.com/blog/2824-gethttprequestdata-may-break-your-request-in-coldfusion-but-gethttprequestdata-false-may-not.htm

Item key in HTTP POST request. How did my browser get it?

I am trying to simulate an API for a website my company uses using python. I send GET and POST requests and listen for the response, parse it, etc. I've encountered a problem with trying to upload a file to the system. When I upload the file using the website normally my browser (Chrome) sends a POST request with a request body that looks like the following:
...
------WebKitFormBoundaryjSmcGTEU3c2TVyDq
Content-Disposition: form-data; name="file_to_upload_0"; filename="2228789-2-Quote.pdf"
Content-Type: application/pdf
------WebKitFormBoundaryjSmcGTEU3c2TVyDq
Content-Disposition: form-data; name="form_category_id"
5146
------WebKitFormBoundaryjSmcGTEU3c2TVyDq
Content-Disposition: form-data; name="form_file_identifier"
2228789
------WebKitFormBoundaryjSmcGTEU3c2TVyDq
Content-Disposition: form-data; name="file_id"
1748711477
------WebKitFormBoundaryjSmcGTEU3c2TVyDq
Content-Disposition: form-data; name="ticket_number"
CkuvRtqReP6Sy62gamx206ixksC4BE2z
...
This is the first HTTP request my browser sends after I click the upload button. My question is: how does my browser get the "file_id" and "ticket_number"? I looked at the page source of the page with the form, and neither of these numbers are anywhere on the page. Any help is appreciated.
Thanks
I realized that the answer is in the Javascript. The Javascript file was generating the file_id and whatnot.

Make POST request with file and xml content

I am trying to make a POST request to an api server.
I have a request body which is an xml parameter:
<create-user>
<user-name>username1</user-name>
<password>password1</password>
</create-user>
Next to this parameter, i also need so send a file.
I've tried with fiddler the following thing, but the data is not received by the server (the file exists, but the <create-user> parameter not.
Is possible to send a combination of xml parameters with uploaded files?
Yes. Just add boundary mark (and "Content-Type: application/xml") before XML body. Like the following:
------yxz
Content-Disposition: form-data; name="formInputXML"
Content-Type: application/xml
<create-user>...</create-user
------xyz
Content-Disposition: form-data; name="formInputFile"; filename="UserData.xml"
Content-Type: text/xml
<UserData.xml content>
------xyz--

Why .Net WebApi don't detect the request contentType automatically and do auto-binding?

Why .Net WebApi don't detect the request contentType automatically and do auto-binding?
If I make a request without informing the contentType a HTTP 500 error occour:
No MediaTypeFormatter is available to read an object of type 'ExampleObject' from content with media type ''undefined''.
why not try to detect the incoming data and bind automatically?
Another case:
This request with Content-Type: application/x-www-form-urlencoded send a JSON:
User-Agent: Fiddler
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Host: localhost:10329
Content-Length: 42
Request Body:
{"Name":"qq","Email":"ww","Message":"ee"}:
My Action don't detect the JSON request data automatically in object param:
public void Create(ExampleObject example) //example is null
{
{
Instead of letting the object null why they do not try to solve it?
Then, for the binding occurs I need to send with Content-Type: application/json.
It would be best if .Net WebAPI detects the type of request data and do a auto-binding? Why not in this way?
application/x-www-form-urlencoded means you will be sending data in the x-www-form-urlencoded standard. Sending data in another standard will not work.
Sounds like what you want to do is accept multiple formats from the server.
the way http works is that the client makes a request to the server for a resource and tells the server what content types it understands. This means that the client doesnt get a response it isnt able to decode, and the server knows which responses are more appropriate on the client. For example if you are a web-browser the most appropriate content type is text/html but if you get XML you can probably do something with that too. So you would make a request with the following:
accept: text/html, application/xml
this says you prefer html but also understand XML
In your example if your client wants application/x-www-form-urlencoded but can also deal with JSON then you should do the following when making a request
accept: application/x-www-form-urlencoded, application/json
For more details see the HTTP Spec on accept headers here http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html
You may also want to create a new media type formatter so your server knows how to give clients application/x-www-form-urlencoded, take a look at this blog post for more info on how to do this http://www.strathweb.com/2012/04/rss-atom-mediatypeformatter-for-asp-net-webapi/

How can i use a dump-file saved with HttpRequest.SaveAs to re-send the request to my localhost?

I'm troubleshooting an integration between an external service which posts multipart/form-data data to a Controller in MVC3.
On the production server I've captured erroneous request using HttpRequest.SaveAs to a file.
Is there any tool I can use to "replay" the request on my localhost so I can debug with Visual Studio?
(I've been trying with fiddler but I can't get it working right. If a dump a local request from a simple form with POST my controller recieves the files correctly. If i dump the same request and copy paste it into fiddler as raw and send the files are missing so there's something wrong.)
Since there's a built-in function to dump the request I'm thinking it might be some official way to resend the request as well. Is there a way to achieve this?
I have used NCAT command line tool to replay requests captured by SaveAs method.
Command looks like this:
NCAT localhost 80 < CapFileName
you can find it in NMAP library
See my blog for more information.
I got it working in fiddler if I do exactly this in the composer:
Open the dumpfile in notepad
Choose Parsed
Only enter the Content-Type as headers (and let fiddler add the others even if they were the same)
Paste the body of the request in request body from notepad
POST: http://localhost/Controller/Action
Request headers:
Content-Type: multipart/form-data; boundary=fJP-UWKXo6xvqX7niGR0StXXFQwdKhHc9quF
Request body:
--fJP-UWKXo6xvqX7niGR0StXXFQwdKhHc9quF
Content-Disposition: form-data; name="mmsimage"; filename="IMG_0959.jpg"
Content-Type: image/jpeg; name=IMG_0959.jpg; charset=ISO-8859-1
Content-Transfer-Encoding: binary
<the encoded file goes here as jibberish>
--fJP-UWKXo6xvqX7niGR0StXXFQwdKhHc9quF
Content-Disposition: form-data; name="somefield"
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
value of somefield
--fJP-UWKXo6xvqX7niGR0StXXFQwdKhHc9quF--

Resources