Is there any way to add a check in Pingdom that makes an HTTP POST request to an API with a JSON POST body? I see in their advanced configuration screen that you can specify a POST body but it indicates that it sends the request as a form post, not JSON.
I tried specifying the JSON in the POST body section and setting the "Content-Type" header manually to "application/json", but that doesn't appear to work.
We just set the Content-Type header to application/json and it worked nicely.
Related
I'm trying to do an image upload using a Symfony REST API.
However, I'm having problems trying to read the POST request file parameter on Symfony's side using Postman.
On Postman I have the following body on the POST request:
form-data POST request with key=file and value=some image
When the Request reaches Symfony, I have the following:
public function uploadImage(Request $request)
{
$params = $request->request;
$file = $params->get('image');
dump($file);
...
}
The file variable is null. I have also tried using $params = $request->files but the result is the same.
If I dump $request->getContent() I can see the file is passing through, but cannot have access to it to do what I need.
Am I missing something?
I managed to figure it out, it has something to do with the Postman app I'm using.
Basically, when I choose form-data on the body, the Headers tab is not automatically updated to something like Content-Type => multipart/form-data, it just keeps the previous one it existed (application/json, for example).
When I found this out, I changed the Content-Type to multipart/form-data but it was still not working.
It only worked when I unticked the Content-Type on Headers.
Why is that?
I was missing the boundary part on the Content-Type, which Postman automatically generates when the body is a form-data and no Content-Type header is generated.
So,
Content-Type = multipart/form-data -> doesn't work
Content-Type = multipart/form-data; boundary=----WebKitFormBoundary5Qa5cbeHtIOCMAKa -> works fine (you don't need to specify this, as Postman will make a request with this set)
I think what you should use is $request->files->get('file');
I'm using Restangular. I would like to get full response so I set
Restangular.setFullResponse(true);
but then I discovered that my custom headers does not work. Documentation for setFullResponse() method says:
in order for Restangular to access custom HTTP headers, your server must respond having the Access-Control-Expose-Headers: set.
I would like to send my custom headers but I don't want to change server settings. Is it possible?
If I leave default settings i.e.setFullResponse(false) there is no issue with custom headers. Is there another solution except changing server settings?
The sentence you cite from the setFullResponse() docs is about what headers from the response your Restangular app will be able to access. And what that is saying is, it’s not possible to access most of the headers from the response unless the server’s already configured to send the right response-header names in the Access-Control-Expose-Headers header.
Without the server setting any value for that header, the only response headers that browsers will let you access from client-side JavaScript in your web app are the Cache-Control,
Content-Language,
Content-Type,
Expires,
Last-Modified
&
Pragma response headers.
See https://fetch.spec.whatwg.org/#cors-safelisted-response-header-name for the spec on that.
I would like to send my custom headers but I don't want to change server settings. Is it possible?
If you mean you want to send custom headers in a request from your client-side Restangular code to the server, please provide more details about exactly which custom headers you want to send.
There too though, there’s another CORS header your server must send in the response: the Access-Control-Allow-Headers response header. If the server isn’t configured to send that with the right header names listed, then your request will fail. The reason in that case is, you will hit https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS#Preflighted_requests.
I need to make an HTTP GET request with custom request headers in-browser and process the result as it streams in. The Fetch API is ideal for this:
fetch('https://example.com/resource', {
method: 'GET',
headers: {
'X-Brad-Test': 'true'
},
cache: 'no-store',
mode: 'cors'
}).then((res) => {
const reader = res.body.getReader();
// etc.
});
This works quite well. Since there are custom headers, the browser pre-flights the request with an OPTIONS request to /resource. I have configured my server to respond with a 204 No Content and the following headers:
Access-Control-Allow-Headers: X-Requested-With, Range, If-Range, X-Brad-Test
Access-Control-Allow-Origin: *
The browser is happy with this, then makes a GET request, the server returns a 200 OK with the data, and the browser allows me to access the response headers and body.
The problem comes in when there is a redirect. The OPTIONS request succeeds with the 204 No Content and the same headers as before. The browser makes the correct GET request, and on the server I send a 302 with a Location: header. Chrome throws the following error:
Fetch API cannot load https://example.com/resource. Redirect from 'https://example.com/resource' to 'http://some-other-origin/resource' has been blocked by CORS policy: Request requires preflight, which is disallowed to follow cross-origin redirect.
This was unexpected, and seems nonsensical to me. I expected the browser to follow the redirect, and do another pre-flight request for this new location, but it didn't do that.
Stranger still is that I can sort of hack around this client-side. I can make an HTTP request without my custom header, figure out where I ended up after redirects by looking at the Response object, then make a second request at the new target with my custom headers. This doesn't work in all cases of course, and I'd rather not rely on this hack. I'd rather find a proper way.
Two Questions:
What is the proper way to allow the client to follow redirects? Is there some sort of Access-Control-* header I can use?
Why does this restriction exist? What security issue is prevented by not following and running pre-flight on the followed URL?
Supporting redirects to requests that require a preflight is very recent change to Fetch (which defines CORS).
https://github.com/whatwg/fetch/commit/0d9a4db8bc02251cc9e391543bb3c1322fb882f2
I believe some implementations have started adjusting their implementations, but this will take some time to reach everyone.
How can we change content type in request header of http request for restful web services? From where do we exactly change it?
Add HTTP Header Manager and add your desired header there:
TL;DR To add Content type header you must have HTTP Header Manager associated to HTTP Request
You must add it for :
GET, DELETE, PUT and PATCH require a Content-Type.
Without overriding your request will be sent with defaults as:
Connection: keep-alive
Content-Length: [length of body]
Content-Type: text/plain
Host: [your host]
User-Agent: Apache-HttpClient/4.5.7 (Java/1.8.0_191)
Unlike using postman (advantage over JMeter), where you choose your content type in the same component,
In JMeter you must have HTTP Header Manager which can be added as
Child component of HTTP Request - effect only one request
Same or above HTTP Request's hierarchy - may/will impact other HTTP requests in scope
Notice you can have multiple Header Managers:
JMeter now supports multiple Header Managers. The header entries are merged to form the list for the sampler. If an entry to be merged matches an existing header name, it replaces the previous entry. This allows one to set up a default set of headers, and apply adjustments to particular samplers. Note that an empty value for a header does not remove an existing header, it just replace its value.
Notice you can't use it in multipart/form-data:
When using multipart/form-data, this suppresses the Content-Type and Content-Transfer-Encoding headers; only the Content-Disposition header is sent.
It won't be sent it in redirected urls:
Headers are sent for the initial request, and won't be sent for the redirect. This is generally only a problem for manually created test plans, as a test plan created using a recorder would continue from the redirected URL.
Steps to add HTTP Headers
Create an HTTP Request
Thread Group -> HTTP Request
Right-click on the HTTP Request and add config element "HTTP Header
Manager"
HTTP Request -> Add -> Config Element -> HTTP Cache Manager
Via JMeter UI you can add Request Header:
Thread group scope:
Thread group(right-click)-> Add-> Config Element -> HTTP Header Manager
Request scope (#Override Thread group scope):
request (right-click)-> Add-> Config Element -> HTTP Header Manager
See what I'm trynig to do is on a post request made collect the http headers and then add them to app.Request.Headers.Add().
In my application basically another post request overides certain post requests that I make.
On each request to my server there is a redirection to another server which adds some headers over my original post request
I need some way of saying maybe ok add these headers but then execute my post request with its headers after