I am trying to use PAW to query an IP Whitelisted HTTP service endpoint. I have a proxy (quotaguard) that I've whitelisted. Now I would like to use this proxy server in PAW but it doesn't work. I have set the Proxy Settings in PAW's configuration dialog to this URL (which I got from quotaguard and which works with curl and export HTTP_PROXY):
http://:#static.quotaguard.com
Now when I activate this custom proxy in PAW, all my requests fail with a "PAW can't find this server" error.
What am I doing wrong?
Set a Proxy-Authorization header with value of:
Basic xxxx -> where xxxx is a base64 encoded string of username:password from quotaguard
The url is just the url portion minus the username and password.
Example: static.quotaguard.com:8000
Related
how can I change nginx conf to :
1.restrict the user from sending anything in the body param in curl and respond with an appropriate error
2.restrict the user from sending content-type in the request header in curl and respond with an appropriate error
I have setup an NGINX Reverse Proxy; using Keycloak 18 to validate users. Moving onto the customer network, I had to change the port mapping of the NGINX-RP to 9443 from 443. Keycloak provides a bearer token upon login. The bearer token will have the iss claim url: xx.xx.xx.xx:9443. This creates an authentication error, because the the expected value is xx.xx.xx.xx. Is there any way for me to change the url authority to contain the new port number?
In the nginx you could use the X-Forwarded headers to tweak the request and update the host and port for downstream calls.
But, you could also handle all your authentication related api calls under the same port (server{} block with location{} sub blocks) and that way you don't have to make this change plus you can also preserve the integrity of the request.
I'm working on building a web application that communicates with a Laravell API through an Nginx server. I tried following the directions on the Nginx website for wide open cors, but it doesn't like the wild card response when sending credentials.
Access to fetch at 'https://api.***.com/' from origin 'http://localhost:8080' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '' when the request's credentials mode is 'include'.
The API server requires a Bearer access token to authenticate, and each endpoint is at its own path on the server. What is the correct way to configure Nginx in this scenario?
The error message is right, you can't use a wildcard origin and credentials:
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin
For requests without credentials, the literal value "*" can be specified, as a wildcard; the value tells browsers to allow requesting code from any origin to access the resource. Attempting to use the wildcard with credentials will result in an error.
Instead, just pass back the actual origin, the one that arrived in the Origin HTTP header, then it will always match:
add_header Access-Control-Allow-Origin $http_origin always;
I'm using VueJS with vue-request for http requests. I'm trying to subscribe an user to a Mailchimp list but Mailchimp uses BasicAuth, so I'm doing as such:
scope.$http.post('https://us15.api.mailchimp.com/3.0/lists/listid/members',
{...mydata...}, {headers: {Authorization: 'Basic myencodedAPIkey'}})
But I get an error from the API: 401 Unauthorized - Your request did not include an API key.
So I check the Network log on Chrome and the Authorization is on my headers like this: **Access-Control-Request-Headers: authorization** but it should be like **Authorization: myencodedAPIkey**
On the Console the error appears as:
XMLHttpRequest cannot load
https://us15.api.mailchimp.com/3.0/lists/listid/members. Response
to preflight request doesn't pass access control check: No
'Access-Control-Allow-Origin' header is present on the requested
resource. Origin 'http://127.0.0.1:8000' is therefore not allowed
access. The response had HTTP status code 401.
When I use Postman it works just fine as the header is correctly sent.
This problem seems to have been solved here with setting the header on every request
https://laracasts.com/discuss/channels/vue/how-to-solve-the-allow-control-allow-cross-in-the-vuejs-header-request-setting?page=2
and here through setting it once
Vue-Request not sending Authorization Header
You are getting CORS error, when you are trying to request from one host to another, and the 'another' part does not allow it to happen. To prevent this error you can use webpack proxy configuration, so this way you do not have cross origin request, but I don't know how you will deal with this in production environment if your api does not allow cross origin requests.
In a project I'm working on, our devServer configuration is as follow
proxy: {
'/api': {
target: 'http://localhost:8080/'
}
},
with this, any request happening on /api/any/url will be redirect to localhost:8080/api/any/url
We have a service that redirects the user to an object in an S3 bucket. The authentication for that request is stored in the query portion of the URL.
I understand that the spec doesn't specify what is to be done with request headers in the case of a redirect, but implementations I've seen will strip the Authorization header when HTTP Basic is used.
What's interesting is that when we call our service through HTTP Basic authentication, it works fine. The client strips the Authorization header from the request and the file is delivered from S3.
But when we call our service using OAuth bearer tokens the Authorization header is left in for the redirect, causing S3 to return a 400 error response.
Is there a way for the server's redirect response to instruct the client to strip the Authorization header before accessing the response's Location header?