How is it possible to make a request by HttpClient with the HTTP request header Sec-Fetch-Mode: no-cors in Blazor Webassembly?
My actuel code is :
var hc = new HttpClient();
var responseHTTP = await hc.GetAsync("https://www.somedomain.com/api/");
But this produces the following HTTP request headers :
:authority: www.somedomain.com
:method: GET
:path: /api/json?input=test&key=AIzaSyDqWvsxxxxxxxxxxxxxxxxx1R7x2qoSkc&sessiontoken=136db14b-88bd-4730-a0b2-9b6c1861d9c7
:scheme: https
accept: */*
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
origin: http://localhost:5000
referer: http://localhost:5000/places
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: cross-site
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36
x-client-data: CJS2yQxxxxxxxxxxxxxxxxxxxxxxxxygEI7bXKAQiOusoBCObGygE=
To specifically answer your question, you need to create a HttpRequestMessage first.
e.g.
var request = new HttpRequestMessage(HttpMethod.Get, "https://www.somedomain.com/api/");
request.SetBrowserRequestMode(BrowserRequestMode.NoCors);
request.SetBrowserRequestCache(BrowserRequestCache.NoStore); //optional
using (var httpClient = new HttpClient())
{
var response = await httpClient.SendAsync(request);
var content = await response.Content.ReadAsStringAsync();
}
This will correctly set the sec-fetch-mode header to no-cors
I've found however, that the response comes back as empty even though upon inspection in fiddler the response is there.
The closest I got to understanding the problem is through this issue here but unfortunately the bug was closed.
Related
I'm trying to scrape some data from a PowerBI dashboard but for some reason I'm not able to replicate an XHR request successfully. Here are the details of the original request taken from Chrome web inspector:
Request
Request URL: https://wabi-west-europe-api.analysis.windows.net/public/reports/querydata?synchronous=true
Request Method: POST
Status Code: 200 OK
Remote Address: 51.144.73.151:443
Referrer Policy: no-referrer-when-downgrade
Headers
Accept: application/json, text/plain, */*
Accept-Encoding: gzip, deflate, br
Accept-Language: it-IT,it;q=0.9,en-US;q=0.8,en;q=0.7,ar;q=0.6,fr;q=0.5,sl;q=0.4
ActivityId: b3b20ea3-8f93-1848-b4be-ebf1a5c0952f
Connection: keep-alive
Content-Length: 1176
Content-Type: application/json;charset=UTF-8
Host: wabi-west-europe-api.analysis.windows.net
Origin: https://app.powerbi.com
Referer: https://app.powerbi.com/view?r=eyJrIjoiM2MxY2RkMTQtOTA3Mi00MDIxLWE1NDktZjlmYTdlNDg0MTdkIiwidCI6IjhkZDFlNmI0LThkYWMtNDA4ZS04ZDhkLTY3NTNlOTgwMDUzMCIsImMiOjl9
RequestId: 70c90610-a020-7191-a0fe-91b74d0407b9
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
X-PowerBI-ResourceKey: 3c1cdd14-9072-4021-a549-f9fa7e48417d
Request body
{"version":"1.0.0","queries":[{"Query":{"Commands":[{"SemanticQueryDataShapeCommand":{"Query":{"Version":2,"From":[{"Name":"q","Entity":"LastRefresh","Type":0}],"Select":[{"Aggregation":{"Expression":{"Column":{"Expression":{"SourceRef":{"Source":"q"}},"Property":"Date Last Refreshed"}},"Function":3},"Name":"Min(Query1.Date Last Refreshed)"}]},"Binding":{"Primary":{"Groupings":[{"Projections":[0]}]},"DataReduction":{"DataVolume":3,"Primary":{"Top":{}}},"Version":1}}}]},"CacheKey":"{\"Commands\":[{\"SemanticQueryDataShapeCommand\":{\"Query\":{\"Version\":2,\"From\":[{\"Name\":\"q\",\"Entity\":\"LastRefresh\",\"Type\":0}],\"Select\":[{\"Aggregation\":{\"Expression\":{\"Column\":{\"Expression\":{\"SourceRef\":{\"Source\":\"q\"}},\"Property\":\"Date Last Refreshed\"}},\"Function\":3},\"Name\":\"Min(Query1.Date Last Refreshed)\"}]},\"Binding\":{\"Primary\":{\"Groupings\":[{\"Projections\":[0]}]},\"DataReduction\":{\"DataVolume\":3,\"Primary\":{\"Top\":{}}},\"Version\":1}}}]}","QueryId":"","ApplicationContext":{"DatasetId":"ec162a68-e319-4018-8364-d2a74d3ed429","Sources":[{"ReportId":"8ef2e9f7-0417-4e8f-bd02-f7a3ee0fedd2"}]}}],"cancelQueries":[],"modelId":3563760}
For my simulated request I use:
httr::POST("https://wabi-west-europe-api.analysis.windows.net/public/reports/querydata?synchronous=true", content_type_json(), add_headers(.headers = heads), body = payload) %>% content()
to perform the request. As headers I only used: 'X-PowerBI-ResourceKey', 'RequestId', 'ActivityId', 'Referer'. Payload is the json copied from the Request body. I get this response:
$error
$error$code
[1] "BadRequest"
$error$message
[1] "Bad Request"
$error$details
$error$details[[1]]
$error$details[[1]]$message
[1] "After parsing a value an unexpected character was encountered: C. Path 'queries[0].CacheKey', line 1, position 488."
$error$details[[1]]$target
[1] "request.queries[0].CacheKey"
$error$details[[2]]
$error$details[[2]]$message
[1] "'request' is a required parameter"
$error$details[[2]]$target
[1] "request"
I can't understand what I'm doing wrong.
UDPATE:
solved with a change of approach in Correct way to get response body of XHR requests generated by a page with RStudio Chromote
I am trying to turn an XHR (XMLHttpRequest) request into an R command.
I am using the following code:
library(httr)
x <- POST("https://transparency.entsoe.eu/generation/r2/actualGenerationPerGenerationUnit/getDataTableDetailData/?name=&defaultValue=false&viewType=TABLE&areaType=BZN&atch=false&dateTime.dateTime=17.03.2017+00%3A00%7CUTC%7CDAYTIMERANGE&dateTime.endDateTime=17.03.2017+00%3A00%7CUTC%7CDAYTIMERANGE&area.values=CTY%7C10YBE----------2!BZN%7C10YBE----------2&productionType.values=B02&productionType.values=B03&productionType.values=B04&productionType.values=B05&productionType.values=B06&productionType.values=B07&productionType.values=B08&productionType.values=B09&productionType.values=B10&productionType.values=B11&productionType.values=B12&productionType.values=B13&productionType.values=B14&productionType.values=B20&productionType.values=B15&productionType.values=B16&productionType.values=B17&productionType.values=B18&productionType.values=B19&dateTime.timezone=UTC&dateTime.timezone_input=UTC&dv-datatable-detail_22WAMERCO000010Y_22WAMERCO000008L_length=10&dv-datatable_length=50&detailId=22WAMERCO000010Y_22WAMERCO000008L",
user_agent("Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.50 Safari/537.36"),
add_headers(`Referer`="https://transparency.entsoe.eu/generation/r2/actualGenerationPerGenerationUnit/show?name=&defaultValue=true&viewType=TABLE&areaType=BZN&atch=false&dateTime.dateTime=17.03.2017+00:00|UTC|DAYTIMERANGE&dateTime.endDateTime=17.03.2017+00:00|UTC|DAYTIMERANGE&area.values=CTY|10YBE----------2!BZN|10YBE----------2&productionType.values=B02&productionType.values=B03&productionType.values=B04&productionType.values=B05&productionType.values=B06&productionType.values=B07&productionType.values=B08&productionType.values=B09&productionType.values=B10&productionType.values=B11&productionType.values=B12&productionType.values=B13&productionType.values=B14&productionType.values=B15&productionType.values=B16&productionType.values=B17&productionType.values=B18&productionType.values=B19&productionType.values=B20&dateTime.timezone=UTC&dateTime.timezone_input=UTC&dv-datatable_length=100",
Connection = "keep-alive",
Host = "https://transparency.entsoe.eu/",
Accept = "application/json, text/javascript, */*; q=0.01",
`Accept-Encoding` = "gzip, deflate, br",
Origin = "https://transparency.entsoe.eu",
`X-Requested-With` = "XMLHttpRequest",
`Content-Type` = "application/json;charset=UTF-8",
`Accept-Language`= "en-US,en;q=0.8,nl;q=0.6,fr-FR;q=0.4,fr;q=0.2"))
But I keep getting an 400 error: bad request instead of the 200 which would mark a successful response.
I've extracted the values via the Chrome network monitor from this website. The XHR request is sent when the plus button is clicked. I can send it repeatedly from my browser, but it doesn't seem to work from R.
What am I doing wrong in creating the Post request?
I have a simple node server. All it does is log the req.headers and res (I am learning!).
let http = require('http');
function handleIncomingRequest(req, res) {
console.log('---------------------------------------------------');
console.log(req.headers);
console.log('---------------------------------------------------');
console.log();
console.log('---------------------------------------------------');
res.writeHead(200, {'Content-Type': 'application/json'});
res.end(JSON.stringify( {error: null}) + '\n');
}
let s = http.createServer(handleIncomingRequest);
s.listen(8080);
When I use curl to test the server it sends 1 request. When I use chrome it sends 2 different requests.
{ host: 'localhost:8080',
connection: 'keep-alive',
'cache-control': 'max-age=0',
'upgrade-insecure-requests': '1',
'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36',
accept: 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8',
'accept-encoding': 'gzip, deflate, sdch, br',
'accept-language': 'en-GB,en;q=0.8' }
and
{ host: 'localhost:8080',
connection: 'keep-alive',
'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36',
accept: 'image/webp,image/*,*/*;q=0.8',
referer: 'http://localhost:8080/',
'accept-encoding': 'gzip, deflate, sdch, br',
'accept-language': 'en-GB,en;q=0.8' }
This is in incognito mode as in normal mode there are 3 requests!
What is the browser doing and why?
Hard to tell without seeing the full transaction data (for example, what was the request, i.e. what came after GET or POST - and what were the answers from the server).
But it could be caused by the 'upgrade-insecure-requests': '1' header:
When a server encounters this preference in an HTTP request’s headers,
it SHOULD redirect the user to a potentially secure representation of
the resource being requested.
See this.
accept: 'image/webp,image/*,*/*;q=0.8'
On the other hand, the second request is probably for an image only, most likely the favicon.ico or a (bigger) icon for iPad/iPhone maybe (that could explain the 3 requests). You should check out the full request data to be sure.
You can use F12 en select network in the browser to see what's really happening.
I have been trying to figure this out all day. I have an one application that forwards to another application in order to handle logins. The first application redirects to a webAPI URL. That url then takes one of the parameters and creates a token. It then sends a 403 response with a Set-Cookie Header. The cookie that is sent is that header is never being set.
After a bunch of research I thought that It might need a P#P header so I have tried various combinations of that.
Here is the Code:
Public Function Authenticate(t As String, forwardURL As String) As HttpResponseMessage
Dim resp As New HttpResponseMessage()
If VestigoBusinessObjects.UserToken.IsValid(t, EncType.AES) Then
Dim user As New UserToken(t, EncType.AES)
user.ResetExperation()
'Create usertoken cookie
Dim Cookie = New CookieHeaderValue("t", user.GetEncTicket())
Cookie.Expires = DateTimeOffset.Now.AddDays(1)
Cookie.Domain = Request.RequestUri.Host
Cookie.Path = "/"
resp.Headers.AddCookies(New CookieHeaderValue() {Cookie})
resp.StatusCode = HttpStatusCode.RedirectMethod
resp.Headers.Location = New Uri(forwardURL)
resp.Headers.Add("Pragma", "no-cache")
resp.Headers.Add("Cache-Control", "no-cache")
Return resp
End If
resp.StatusCode = HttpStatusCode.Unauthorized
Return resp
End Function
Here are the headers that I see being set back in the browser:
Request URL:deleted because it won't let me post them?
t=bB%2B%2FpRLq%2BzobRcXgQuw5rjMa8Yeb1Wxb7qIZCtjLfwiN8RNT%2BQYjzIuWI9j3JPn4qnpXpgK%2F%2B6ucL96lBmpD6ryIbFJvP3yPOfJjXuZsECfWlj58etczEco79q0SNJj0c%2BwKLREh5FWMfTvN%2BQxSn8nMEr6JzS06CuPizM1k0Kef52ZrHVkxHDv6qVyGLJrxRFebwbpFT0LNMCCihJ%2BZ%2FbmfvvKl9lfg18vHT8nhL1dDtAlR0Fd%2FdSuB5L6Yg3Yj%3F%3FHKZNy0zYBTVwdL7NXMFGXw%3D%3D&forwardurl=http%3A%2F%2Flocalhost%3A4644%2FInternalMonitor.html
Request Method:GET
Status Code:303 See Other
Remote Address:[::1]:4644
Response Headers
Cache-Control:no-cache
Content-Length:0
Date:Tue, 29 Nov 2016 22:58:11 GMT
Location:deleted because it won't let me post them
P3P:CP="IDC DSP COR IVAi IVDi OUR TST"
Pragma:no-cache
Server:Microsoft-IIS/10.0
Set-Cookie:t=5524596D26C583E9DEAC935880DD6FE40D579B362A63EECE67942CD0DCEDDE47D5B6B367AF3547A93E4F309C12F2607EED1F02E19D698D2BAD97E6E9BB1FD807EF331842AEA6B62CE0BFF90206F62B31EAAB5035BD26BC66B89D1A8A676E47FB2CD007B5644487781D79DD0D26454B16E60EF96E6034EA350F8190C0317BCF3CA0875EAA41795014F1F1430E55E79E56E911BA097F09E89DAF3BC86BFE8E5EC6E74C72CDB500005E0E0FDA6E2B394A8400DDB63C4B33EA755D0D083A87B5B1244F1529353FE758EF666ECBA57BEE50AF4D319AB42F1183A3244E01AF87A3F9CADF8861DC29497945052CC568E6B4D996A9E0F8139CEEF4DCCCBB1990F138F735D2FC6FEFA352430FE9CB999926A47EA374E87895F8079F3C0550A45000EF26E030E14CE814E823BCC788E4882CCBCC795FAAC7C9BC4D7A5BEBD902CF79900296D61DC277A2CC375AEBE3FEAF6E605CC167DF757A8805332C33E32A6B8DECF3C92DCB96B7A4E015499D6B5FFB807FAA69408A74EFE323C58C796027ED89D39E4F6C22B3865B301B7B1BF77C1CA4B2AD39B245E9B0388B3D2D3D9C33DFD577ED633F9AB82AC2A63DA608BBCA32FFCEC96FE7CB299930674745018B81BE606C6181F0A5C94AA6DB025A6B5829ABCABD4A7A075BE33246CBE151D320904AA3643C6AE7E4DBA553500AB19522970036DA64323E1A4352241DB8CF4FEE6FE121135DC9364F8A2C3ADA4346BAFBF8B18F7875F3; expires=Wed, 30 Nov 2016 22:58:12 GMT; domain=localhost; path=/
X-AspNet-Version:4.0.30319
X-Powered-By:ASP.NET
X-SourceFiles:=?UTF-8?B?
YzpcVEZTXFZlc3RpZ29cVGVzdFxDZW50cmFsTW9uaXRvclxhcGlcQXV0aGVudGljYXRpb25Db250cm9s
bGVyXEF1dGhlbnRpY2F0ZQ==?=
Request Headers
Accept:text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/;q=0.
8
Accept-Encoding:gzip, deflate, sdch, br
Accept-Language:en-US,en;q=0.8
Cache-Control:no-cache
Connection:keep-alive
Cookie:ASP.NET_SessionId=cnru1r4g0svzeomwglkwestw; .ASPXAUTH=1566301093F4FC41F147432F8A4B044E3A19EFC46C47A1BE54F95A98E08EE8952197E5212230F0416776480CA3496036DCA0C0B8AEF0D08675D4B20E655E107F055E1D60150BF84334F65FE63E134B0252EF3B8F02E1E0BC372DBA80006300215AAE095F4333F48BB04D0DF315D825BF1A1B0F27A81E32E82ACEEA791BF11551A8F96A1B0AED9EC11EEA5EF34AE03406; hoursDiffGMTTime=-5; ScreenResolution=1920x1080; BrowserResolution=1920x950; t=FDB5B335C4DCE820A037947D7A19D487FF44AB3CC2EA8E44FB6EA59FDA43E14BA53B0E455EED57C63040B8995C67C9B96146516B600B0ED4FC397DFFBE16FA259C554AC24A2CCBB99537FBA6BAC2F1F78031BD3F0D11FED97B57CB401738319890ACD128926B3DF05AEAE975979B18DE32A60795FB8360B4D1CB8517B7E34E7B14EF0EBE77036FA72504F3C2B12B2C147D6599C1357F2789A09134B9F2020F4A413E96A5DBE0E725E09EAEB82AB8DFAB212760E5D09501BC0AD9248119CAF245E2B448437529A7AF72725E0DB2EA2975915D934B13E6226C4DF0D1E4426B25DA6822F1D678127B30736355B645729501888C5079629052467C5AB0458709AEE6B3BA04363951DDDCE33DA656C5B1E3979A7BFD182459074B3588856A0859FCFBC5EB95A6BF8C6ECAF9623E8A2E167580191C1C3BE89446FA212E0E908578DC7CE1E99F11CCD460A2E07E1D53F25DA96AFD92D9D13B753C80015E7E2722A1F473D1E958CA0FA19DA3F959E4A813D55C8468B8A16F959C7F3469D71F6433282FE5C03B5FFEE32ED2739CBB4ECBF79D8573769F497A954B58611F7FB9D3EB256492675F36523E6557545FC9AFD27A04360835AD5DC54CE94372FAB5830AEB7FAE086E1D13837ADB91EEC76C0F12614524E98B0D5B0C6D833490D280F62FDBF69706896D9B5EDDD2B59C8DF3A82CEF4475941A319BBD03FB4C16522B5188081943EDFEB0DFD857FB853D903B036DF66F0B9F
Host:localhost:4644
Pragma:no-cache
Upgrade-Insecure-Requests:1
User-Agent:Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.99 Safari/537.36
Query String Parameters
t:bB+/pRLq+zobRcXgQuw5rjMa8Yeb1Wxb7qIZCtjLfwiN8RNT+QYjzIuWI9j3JPn4qnpXpgK/+6ucL96lBmpD6ryIbFJvP3yPOfJjXuZsECfWlj58etczEco79q0SNJj0c+wKLREh5FWMfTvN+QxSn8nMEr6JzS06CuPizM1k0Kef52ZrHVkxHDv6qVyGLJrxRFebwbpFT0LNMCCihJ+Z/bmfvvKl9lfg18vHT8nhL1dDtAlR0Fd/dSuB5L6Yg3Yj??HKZNy0zYBTVwdL7NXMFGXw==
forwardurl: deleted because it won't let me post them
Any input would really be appreciated.
I have an Intel Edison running a Node.JS server that is printing everything I post to it into the console. I can successfully post to it using Postman and see the sent raw data in the console.
Now I'm using Processing to POST to it, which will fire off different events on the Node.JS server.
My problem is that I can't seem to successfully POST the raw body to the server, I've been trying to get this working for several hours already.
import processing.net.*;
String url = "192.168.0.107:3000";
Client myClient;
void setup(){
myClient = new Client(this, "192.168.0.107", 3000);
myClient.write("POST / HTTP/1.1\n");
myClient.write("Cache-Control: no-cache\n");
myClient.write("Content-Type: text/plain\n");
//Attempting to write the raw post body
myClient.write("test");
//2 newlines tells the server that we're done sending
myClient.write("\n\n");
}
The console shows that the server received the POST, and the correct headers, but it doesn't show any data in it.
How do I specify the that "test" is the raw POST data?
The HTTP code from Postman:
POST HTTP/1.1
Host: 192.168.0.107:3000
Content-Type: text/plain
Cache-Control: no-cache
Postman-Token: 6cab79ad-b43b-b4d3-963f-fad11523ec0b
test
The server output from a POST from Postman:
{ host: '192.168.0.107:3000',
connection: 'keep-alive',
'content-length': '4',
'cache-control': 'no-cache',
origin: 'chrome-extension://fhbjgbiflinjbdggehcddcbncdddomop',
'content-type': 'text/plain',
'user-agent': 'Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.111 Safari/537.36',
'postman-token': 'd17676a6-98f4-917c-955c-7d8ef01bb024',
accept: '*/*',
'accept-encoding': 'gzip, deflate',
'accept-language': 'en-US,en;q=0.8' }
test
The server output from my POST from Processing:
{ host: '192.168.0.107:3000',
'cache-control': 'no-cache',
'content-type': 'text/plain' }
{}
I just figured out what was wrong, I needed to add the content-length header to tell the server how much data to listen for, and then a newline before the data.
Final code:
import processing.net.*;
String url = "192.168.0.107:3000";
Client myClient;
void setup(){
myClient = new Client(this, "192.168.0.107", 3000);
myClient.write("POST / HTTP/1.1\n");
myClient.write("Cache-Control: no-cache\n");
myClient.write("Content-Type: text/plain\n");
myClient.write("content-length: 4\n");
myClient.write("\n");
myClient.write("test");
myClient.write("\n\n");
}