We are using Realex HPP mode in an iframe inside a Peoplesoft Campus Solutions page(Tools Release=8.54.28 and Campus Solutions= 9.00.00.000)
The issue we are finding when using the test sandbox environment seem to be that HTTP response header is not making the iFrame to go to the url specified
We already tried firewall rules
We tried recommendation to remove the MERCHANT_URL and use the two fields specified in Realex HPP iFrame / WebView Optimisation
added fields HPP_POST_DIMENSIONS and HPP_POST_DIMENSIONS
but even that the browser seem to have back an HTTP response back it is not triggering the iframe in the browser to go to the URL specified.
Just to take out the Peoplesoft Adapters out of the equation we tried with another test payment vendor and it worked.
Can anybody confirm that Realex test sandbox is providing the right HTTP Headers in the response?
When comparing the responses to others it seem to be missing the "LOCATION Header"
Thanks at front for any help on this topic.
Jerson
Related
I'm trying to fetch data from a website (https://gesetze.berlin.de/bsbe/search). Using Mozilla, I've taken a look at the network analysis. Usually, I'm just messing around with the parameters of the POST-Request to see how I might influence the response of the server. But when I simply re-send the request (making no changes at all), I'm getting HTTP-response 500. The server answer states as message: security_notAuthenticated.
Can anyone explain that behaviour? The request is done by the same PC, the same browser in the same session, and there is no login function on that website. Pictures shown below.
Picture 1 - Code 200
Picture 2 - Code 500
The response security_notAuthenticated indicates, that your way of repeating the request omits some authentication-related information.
When I repeat the request, using Mozilla Firefox's "Resend" or "Edit and resend" function, the Cookie header is not sent with the request. Although it occurs in the editable header list when using "Edit and resend" it's missing when watching the actual sent request. I'm not sure whether this is a feature or a bug.
When using Firefox's "Use as Fetch in Console" function, the header will automatically be included and you still have the ability to change the headers and the body. The fetch API is a web standard and some introductory material about fetch can be found on MDN.
If you want to do custom requests, in the browser, fetch is a good option.
In other environments and languages you usually use some HTTP client (just search the web for "...your language... http request" or similar, you will find something).
Chrome update has given me great trouble
So far, I still haven't found anyone's answer in Chrome 80 that correctly answers SameSite issuess.
Leave the following questions for me and us.
In my html page, there is only provided by YouTube.
However, in Chrome, 'cross-site requests if they are set with SameSite = None and Secure' are displayed.
What should I do?
I only did YouTube iframe, what value should I send cookie value and session value?
I want a direct solution.
A fake method like 'cross-site-cookie = name' doesn't help me.
I need a direct way to experience.
I want about php version <7.3 and I want to solve the problem with php or javascript or .htaccess etc.
only youtube iframe tag
Chrome's new cookie policy requires applications to be served over HTTPS, if some iframe content involves usage of secure cookies.
This rule is enforced to disable unsafe requests accross sites, and reduce the risk of Cross Site Request Forgery (CSRF).
You can read more about possible use cases in this post:
https://web.dev/samesite-cookie-recipes/
I'm writing some http client code to interact with a website, and I need to set some cookies. Simply visiting the website sets 4 cookies (as seen in Chrome Settings).
However, when I look at the HTTP response headers for when those cookies were set (using Live HTTP Headers extension), there is no Set-Cookie header anywhere. How were those cookies set? Is there another way than through Set-Cookie?
Edit: Some of the cookies are HttpOnly.
If you load a site in your browser, it might also load other assets that can also set cookies (given that they are on the same domain).
But there is a second way to set cookies: with Javascript via document.cookies.
As far as I know, if your javascript or python code sets a cookie for that domain, then the response will include the SET-COOKIE field. You can view that from at least the inspect console.
So I see that you're using HTTP live extension, but it doesn't look like it shows that field in the response.
I tried looking for other extensions that could show it, but I wasn't able to find one as far as I know. I suppose we both can always fall back to the chrome inspect console. If you go to the network tab, you should actually see the req-resp.
I am unable to show https://login.salesforce.com inside an IFrame.
<iframe src="https://login.salesforce.com"/>
I am using OAuth between my application and salesforce.
For the sake of a better user experience, I do not want the users to leave my application's main window.
Any suggestions?
Sample to demonstrate the issue - http://jsfiddle.net/ngWxY/
We've been using the SSP in an iFrame without a problem for years. Then this past weekend our Salesforce domain received the Spring '13 update and we can no longer display the SSP in an iFrame. We discovered the reason is that Salesforce is now including the X-Frame-Options: DENY header in its HTTP Response, which tells the browser not to display the content in an iFrame. Some browsers give you an explanation msg, while others show nothing at all. We are waiting for a response from Salesforce; perhaps you are experiencing the same thing? Browse the SSP login URL in a regular browser window and use diagnostic tools to check the response headers of the returned content.
I remember having seen somwhere that it is possible to tell where a user came from to a website. More specifically, I want to determine the (Google etc.) search that led to my site. How can I do that?
As far as I know the HTTP protocol, nothing like this is sent to the server in a GET request, so I also wonder how it is done technically.
"Referer" field in the HTTP header
You need to check the Referer header. [sic]
When a user clicks a link in a webpage, the browser sets the referer header of the request for the link's target to the page that contained the link.
If a user came to your site from a Google search, this header will be a url in Google.com.
However, for privacy reasons, some browsers do not send this header.
Referer was misspelled in the original HTTP implementation, and the mispelling stuck. (It should be spelled Referrer)
What you're looking for is the Referrer. Look up platform specific info to find out how to use it.
sign up for google analytics for free to get those statistics and a whole lot more. Seeing where someone came from is done by checking the http referer header.
The client may set the Referer field as part of the HTTP header to indicate the referring page. However, as with everything else that the client controls this cannot be viewed as anything but an indication. It is not always set and the client may fake the data, so keep that in mind when using client data.
The Referer HTTP Header contains the URL of the site containing the link clicked on. But it is sent by browsers only and in can be suppressed by security settings!