I have a mac, I need to test my website on Microsoft Edge in Windows using a virtual box. I want to add some http request headers to the call. However, I only found https://msdn.microsoft.com/en-us/windows/hardware/commercialize/customize/mobile/mcsf/custom-http-headers-for-internet-explorer which is for the phone. I didn't find anything for desktop. Since it is on virtual box, I doubt apps like Charles would work either.
Take a look at fiddler from Telerik.
It's a free web debugging proxy. With it you can intercept and modify pretty much everything that flows in and out of your browser.
Telerik Fiddler
From the menu choose Customize Rules. Adding a request header would require something like this to be added. The sample file is well documented.
oSession.oRequest["someHeaderToSend"] = "someValue";
Related
I need to debug my web app which is written by asp.net to find out how it is acting when rendering the content for the crawlers like Googlebot. The first thing I found was some online/offline tools but none of them can pass the Request.Browser.IsCrawler flag.
Then I tried to simulate a handmade request adding the Googlebot UserAgent but still no chance.
I used Telerik Fidler and Chrome while setting User-Agent to Googlebot/2.1 (+http://www.googlebot.com/bot.html), including _escaped_fragment_ in the URI and successfully saw the page from crawler perspective.
I have a website written in Ruby using Ruby on Rail framwork, everything was fine when using HTTP protocol, but when switching to HTTPS protocol.
Some CSS material can not shown, but some of it can.
The font can not be shown, originally the font was designed, but now it is not.
Anyone know what happen?
Without any specific error I assume browser is probably blocking files loading from mixed content, i.e. using both HTTP and HTTPS. Use your browser developer tools network tab to confirm this.
You can use // instead of http:// so that resources load from the relative protocol that the page content is loading from; Can I change all my http:// links to just //?
Also read; How to fix a website with blocked mixed content
I have a Web Application (ASP.NET C# for .NET 3.5) that uses the Session object to store, amount little things the debug information so when things go wrong, this is the first place to go.
The process is simple actually,
no matter what browser (except IE), when I navigate to a page, in the Debug Log I have data, just like the one show below
alt text http://www.balexandre.com/temp/2010-04-14_1048.png
problem is that in Internet Explorer, the Debug Log is always blank (blank as no information, not no html code)
alt text http://www.balexandre.com/temp/2010-04-14_1051.png
What can I do?
I tried several Security settings of IE8:
add the site (machine name) to Trusted Sites
disable Protect Mode
set Local intranet security level to LOW
set Accept All Cookies under Privacy
checked the Allow Active Content under Advanced tab
I really don't know what more can I do :-(
Any help is greatly appreciated!
You could try using Fiddler - a web debugging proxy - to check traffic between IE and your site. Also, if you can, try other versions of IE on different machines/networks to see if it's a global problem, or just related to one browser. And don't forget you can hit F12 to enable developer console in IE.
I'm currently working on a concept for a reverse proxy to basically relay responses and requests between the user and an otherwise invisible website. So basically the user goes to a site, let's say www.myproxyportal.com, where it is possible to access a website (in an iframe) in the webserver's intranet which isn't made public (for example internal.myproxyportal.com).
I've been working on a solution where I translate request objects to the desired location and return that response to the website. Works great, except for stuff like CSS links, IMG's, etc. I can do the translation of course, but then the link would go to internal.myproxyportal.com/css/style.css and this will never work from the outside.
How to approach such a thing?
Are there any out of the box solutions maybe?
EDIT: I found this, which is very similar to what I have written so far, but it also lacks support for external images, css, javascript, etc.
You can change settings in IIS to route all requests through ASP.NET pipeline, not just .aspx pages. Then simply create an HttpHandler to handle those in your proxy.
By default, IIS doesn't run "static" content requests through ASP.NET engine.
Apache has a pretty slick reverse proxy built-in, I use it extensively.
See more here: http://www.apachetutor.org/admin/reverseproxies
I am just curious to know if there is a specific reason why the .Net Framework adds the 'X-Powered-By:ASP.NET' Http Header in its responses? Do other web servers (Apache, httpd) do the same thing?
EDIT: I know that it can be changed. I want to know if there is a reason to keep it or leave it as it is?
I know that PHP does this. I guess there is no real purpose, other than marketing and making it easier for script kiddies to find suitable victims. For PHP it's better to disable the flag entirely since it shows the PHP version and therefore makes the server more vulnerable to attacks.
Edit: Who knows, it might also lead to better search results on bing... ;-)
It is a default custom header when using IIS. It is a setting in IIS, you can change it if you wish.
Using IIS6 -
Click on the HTTP Headers tab
You can edit or remove the header in the Custom HTTP Headers box.
It is probably there so that sites like Netcraft can pull together statistics for the number of servers running IIS and ASP.NET. This used to be considered an important thing when .NET was released. By stating that n number of sites started using ASP.NET Microsoft could provide metrics for companies that only adopt technology based on the number of other users out there.
I don't believe there is a strong technical reason for having it since a PHP app could imitate an ASP.NET application, by setting the same header in Apache. I could imagine some naive client applications like FrontPage 2003, or SharePoint Designer might use headers like this to validate that they are indeed connecting to an ASP.NET enabled site but that is speculation on my part.
It is fairly common to see a signature for the server/executing engine sent with the headers of a page whether you're running Apache and PHP or IIS and ASP.NET. Just acts as some free publicity, I suppose.
"X-Powered-By:" isn't a standard header, but "Server: " is (and it clearly serves the same purpose).
In a world of SaaS and Cloud services, Web frameworks are 'strategic' assets, and every little piece of real-estate is advidly conquered... sometimes the cheating way.
Tomcat, Apache, WebSphere, JBoss, you name it..
Appearantly, it's not actually a standard HTTP header field.
If "Why" used in context of "how to change it" - go to IIS properties of your site ant open tab "HTTP Headers" and correct Custom HTTP Header.