I am facing a problem in golang http server where client is sending a http request with invalid parameters in header. The request parameters are as follows:
GET /a-53-qf21489190x38856_2/yy HTTP/1.1
Host: xxx.xxx.xxx.xxx:80
User-Agent: mot-w845
Connection: Keep-Alive
Profile: http://10.213.2.68
X-MDN9035445271
accept: application/vnd.wap.mms-message
accept-language: en
accept-charset: US-ASCII, ISO-8859-1, UTF-8
HTTP/1.1 400 Bad Request
Content-Type: text/plain; charset=utf-8
Connection: close
Here X-MDN9035445271 doesn't contain colon (:) separator, because of this server is returning bad request. Is there any way to ignore such kind of header and process the request normally.
Related
I was practice on http smuggling
And i see a case it was strange to me
When sending request like
POST /200 HTTP/1.1
Host: host.com
Content-Length: 0
Connection: keep-alive
GET /404 HTTP/1.1
X: x
The server will response with 200
But when sending normal request like
GET /200 HTTP/1.1
Host: host.com
Connection: keep-alive
The server will response with 404
And it happening only if i sending theses two requests in the same connection
Can anyone explain what is that
For example, if the request was
GET /feed.xml HTTP/1.1
Host: www.nowhere123.com
Accept: application/xml
... would it be admissible for a server to respond with a header Content-Type: application/atom+xml (even though the request had Accept: application/xml), or should it serve the same body but with Content-Type: application/xml?
A server is allowed to ignore the header field, so yes, sending something more specific is ok. There's a reason why HTTP messages are self-descriptive. (see https://greenbytes.de/tech/webdav/rfc7231.html#rfc.section.5.3.2.p.7)
I'm having a problem setting a content-type of application/json header on my post request.
saveUpdates(alltabs: AllTabs): Observable<Response> {
let api = this.host + this.routes.save;
let headers = new Headers();
headers.append('Content-Type', 'application/json');
return this._http.post(api, JSON.stringify(alltabs), { headers: headers })
.map((response: Response) => <Response>response.json())
.do(data => console.log("saveUpdates(): " + data))
.catch(this.handleError);
}
Request Headers:
OPTIONS /api/productsave HTTP/1.1
Host: wbtest:92
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Access-Control-Request-Method: POST
Origin: http://localhost:3000
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.84 Safari/537.36
Access-Control-Request-Headers: content-type
Accept: */*
Referer: http://localhost:3000/product/60000010080
Accept-Encoding: gzip, deflate, sdch
Accept-Language: en-US,en;q=0.8
Response Headers:
HTTP/1.1 405 Method Not Allowed
Cache-Control: no-cache
Pragma: no-cache
Allow: POST
Content-Type: application/json; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Access-Control-Allow-Origin: *
Date: Tue, 14 Jun 2016 15:16:15 GMT
Content-Length: 76
As you can see, my request has two unexpected headers added "Access-Control-Request-Headers" and "Access-Control-Request-Method". This seems to suggest an issue with CORS (Cross-Origin Resource Sharing). However, the web.conf file on the API server has been working and the response headers states "Access-Control-Allow-Origin: *".
Any idea what could be wrong?
UPDATE:
The above code is correct - the problem is with the Sever code not being configured to handle preflight requests. In my case, the .NET Web API 2 application was not configured to allow CORS.
With CORS, you have two kinds of requests. As a matter of fact, the CORS specification distinguishes two distinct use cases:
Simple requests. This use case applies if we use HTTP GET, HEAD and POST methods. In the case of POST methods, only content types with the following values are supported: text/plain, application/x-www-form-urlencoded and multipart/form-data.
Preflighted requests. When the "simple requests" use case doesn't apply, a first request (with the HTTP OPTIONS method) is made to check what can be done in the context of cross-domain requests.
It seems that your server isn't configured to support preflighted request. The reason for the 405 status code (405 Method Not Allowed).
See this article for more details:
http://restlet.com/blog/2015/12/15/understanding-and-using-cors/
I'm sending an http request to a server that requests an image but using range header with several ranges, the request text is:
GET /images/nav_logo102.png HTTP/1.1
Host: www.google.com.eg
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Accept-Language: en-us,en;q=0.5
Cookie: PREF=ID=8aacc11c670a5a37:U=cba349de64cbf880:FF=0:LD=en:TM=1310392358:LM=1327944471:S=zc8_vfTdF5U3C-XN; NID=56=15iHWUMVXBGpdEkEcMCeu32GUL6GlK3aEB5vmocRT4kdILhwGpe9mn6DqDrnZBYWJzA2g4YzfXP8IP3tH7Hw4CzC6FwDrV3uqgv3XhCqmrWI0TBD52Vs3nbdth5YzkOR; SID=DQAAAMUAAAC5feWAhXsCT9NT6ObU32dOLBTU_KtRzxc7Ug6QWIhQW_bpXNvzQtoddtt-a2BbUefv89ZjwNwgrgCiCse3INYkeCyfR7PVPaoDPEmUWQ_0sHXBgbf5U0JBg0XxT8KZMmY9kLOZfEKGg0UGtfNNk8uJKWwPXWlkCYjGalQFyVinUNwiYqayYHGvnA0vtiftBCgqnpHawkyVWoo9hCk3vfDKrRHSdO-GQZoxbL21VlH2dbsJJrnJBaVlR-y8KTg14eLgYpt2swZJxcVZwHThhaF-; HSID=AJLTtk1qkIE6L4aLe; GZ=Z=1
User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:5.0) Gecko/20100101 Firefox/5.0
Range: bytes=2048-4095,4096-6143,6144-8191,8192-10239,10240-12287,12288-14335,14336-16383,16384-18431,18432-20479,20480-22527,22528-24575,24576-26623,26624-26722
but the server is responding with
HTTP/1.1 200 OK
and sending the whole image
if i try the same thing but with only one range, it works and i get only the requested range.
any idea how the request should be made?
You should add \r\n\r\n after last header.
REQUEST:
GET /images/djsBox_2.jpg HTTP/1.1\r\n
Range: bytes=0-2,10-20\r\n
Host: www.djsoft.net\r\n
Accept: */*\r\n
\r\n
I checked it with WFetch tool, and the response is HTTP/1.1 206 Partial Content\r\n
And the server actually returned 2 parts of data:
Accept-Ranges: bytes\r\n
Content-Length: 196\r\n
Content-Type: multipart/byteranges; boundary=4b9e42cd78baa9\r\n
\r\n
\r\n
--4b9e42cd78baa9\r\n
Content-type: image/jpeg\r\n
Content-range: bytes 0-2/4543\r\n
\r\n
яШя\r\n
--4b9e42cd78baa9\r\n
Content-type: image/jpeg\r\n
Content-range: bytes 10-20/4543\r\n
\r\n
\x000\x001\x001\x001\x000`\x000`\x000\x000я\r\n
--4b9e42cd78baa9--\r\n
I have used the Java Sun Wireless Toolkit 2.5.2 to generate method stubs for my SOAP webservice. I have been using this for a while and it works great. I now need to add support for the French language. When I send up a string like 'pièce' as one of the properties on an object, it turns into 'pi??ce' by the time it is read by the server. Obviously, the encoding is off somewhere, but I can't see anywhere that I can change the way the generated stub encodes the parameters passed to the web service. Any suggestions?
Update: Here is the header and the start of the xml sent from the BlackBerry:
POST /website/service.asmx HTTP/1.1
Connection: close
Via: MDS_4.1.5.26
Content-Length: 2257
Content-Type: text/xml
Content-Language: en-US
Accept: */*
Host: host
User-Agent: RIM JSR172/1.0
SOAPAction: "http://www.test.com/Test"
<?xml version="1.0" encoding="utf-8"?>
Here is the header and the start of the xml sent from the iPhone (which works):
POST /website/service.asmx HTTP/1.1
Connection: keep-alive
Content-Length: 2359
Content-Type: application/soap+xml; charset=utf-8
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: fr-fr
Host: host
User-Agent: wsdl2objc
Soapaction: http://www.test.com/Test
<?xml version="1.0"?>
There is a Unicode BOM? I'd check the packet sniffer. As it may not be the content-type but rather the bytes themselves.