I have an ajax request which looks like this:
$.ajax({
headers: {
'Accept': 'application/json',
'Content-Type': 'application/json'
},
'url': defaults.addToCartUrl,
'data': JSON.stringify({CSRFToken: Config.CSRFToken,currentUser: currentCustomer, entries: cartItems}),
'type': 'POST',
'dataType': 'json',
beforeSend: function(xhr) {
xhr.setRequestHeader('X-CSRFToken', Config.CSRFToken);
},
'success': function (data, textStatus, jqXHR) {
},
'error': function (jqXHR, exception, m) {
console.log('Cannot move products from
}
});
The problem is that I keep getting this HTTP Status 403 - Bad or missing CSRF value but I set the token as a parameter in the data payload as well as on the request header.
Isn't the beforeSend supposed to set the token to "X-CSRF-Token"? Maybe use ajaxSetup for your headers?
Example:
$.ajaxSetup({
headers: {
'X-CSRF-Token': $('meta[name="csrf-token"]').attr('content')
}
});
Related
I'm on React Native, and
I have a code like this :
fetch('http://someurl.com', {
method: 'POST',
headers: {
Accept: 'application/json',
'Content-Type': 'application/json',
},
body: JSON.stringify({
...dataSample
}),
})
.then(response => console.log(response))
.catch(error => console.error(error))
The request always go in the catch, with this error result :
{ [[object Error]]
line: 24055,
sourceURL: 'http://10.0.2.2:8081/index.delta?platform=android&dev=true&minify=false' }
NB: When i do a request to the same url/params with postman, the url work very well.
My question is : How can i debug this? and get more explicit error message?
When I make CORS request from 127.0.0.1:
return jQuery.ajax({
'type': 'GET',
'url': url,
xhrFields: {
withCredentials: true
},
ContentType: 'application/json',
});
Then everything is OK:
But when I change first letter of ContentType to lowercase as next:
return jQuery.ajax({
'type': 'GET',
'url': url,
xhrFields: {
withCredentials: true
},
contentType: 'application/json',
});
Then request is failed:
I suppose that nginx compares headers case sensitively.
Is this a case? or something different happened... =(
The point is that your browser doesn't send Content-Type: application/json in the second case. The NGINX isn't involved in that at all, your browser sends the Content-Type in both cases, but when you give the ContentType parameter to jQuery, it's being silently ignored. The correct parameter is contentType, not ContentType.
We have got rw_ads permissions for an app. Through that app We have taken access_token with all given permissions.
As mentioned in the documentation, we have rw_ads permission, but If we try to create/update campaign we are getting the below error.
{
"serviceErrorCode": 100,
"message": "Not enough permissions to access: POST /adCampaignsV2/sdafnk",
"status": 403 }
var request = require("request");
var options = { method: 'POST',
url: 'https://api.linkedin.com/v2/adCampaignsV2/sdafnk',
headers:
{ 'Authorization': 'Bearer XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX',
'Content-Type': 'application/json' },
body:
{ patch:
{ '$set':
{ runSchedule: { end: 1548405000000, start: 1547713800000 },
status: 'ACTIVE' } } },
json: true };
request(options, function (error, response, body) {
if (error) throw new Error(error);
console.log(body);
});
Code for creation of campaign is mentioned below
var request = require("request");
var options = {
method: 'POST',
url: 'https://api.linkedin.com/v2/adCampaignsV2',
headers: {
'Authorization': 'Bearer <accessToken>',
'Content-Type': 'application/json'
},
body: {
account: 'urn:li:sponsoredAccount:<accountId>',
audienceExpansionEnabled: false,
costType: 'CPM',
creativeSelection: 'OPTIMIZED',
dailyBudget: { amount: '200', currencyCode: 'INR' },
locale: { country: 'IN', language: 'en' },
name: 'Campaign text ad test',
objectiveType: 'WEBSITE_TRAFFIC',
offsiteDeliveryEnabled: false,
runSchedule: { end: 1547708400000, start: 1547967600000 },
type: 'TEXT_AD',
unitCost: { amount: '10', currencyCode: 'INR' },
status: 'PAUSED'
},
json: true
};
request(options, function (error, response, body) {
if (error) throw new Error(error);
console.log(body);
});
When you perform a partial update, the header X-RestLi-Method must be included in the request and set to PARTIAL_UPDATE.
Also if you use implicit grant-type, check if you have defined the scope correctly at the start. if you use client-credentials grant-type check if the account has the right permissions.
Direct Sponsored Content can be created by:
Ad Account Users with a role higher than VIEWER. Organization users
with DIRECT_SPONSORED_CONTENT_POSTER or ADMINISTRATOR roles.
also the code you added in this question is for Reactivating a campaign. not for updating/creating one.
In the following code, I get the warning:
expressions are not callable
I am using the Google Closure Compiler. The warning occurs when the request object is called as a function. How can I get rid of this warning?
var request = require('request'); // See https://github.com/request/request
request({
url: "https://www.googleapis.com/oauth2/v4/token",
method: "POST",
json: false,
body: tokenPostData,
headers: {
"content-type": "application/x-www-form-urlencoded"
},
}, function (error, response, body) {
});
Figured out the solution. Just add "call" after the request object and make sure the first parameter value is "this".
var request = require('request'); // See https://github.com/request/request
request.call(this, {
url: "https://www.googleapis.com/oauth2/v4/token",
method: "POST",
json: false,
body: tokenPostData,
headers: {
"content-type": "application/x-www-form-urlencoded"
},
}, function (error, response, body) {
});
i got a problem in meteor when i try to make a cross origin call.
when i make the call using Ajax.
$.ajax({
type: 'GET',
url: signoutUrl,
async: false,
contentType: "application/json",
dataType: 'jsonp',
success: function (nullResponse) {
console.log('success');
},
error: function (e) {
console.log('error in HTTP :: >>>>' + JSON.stringify(e));
}
});
it works fine with no problem. but when i am using meteor's HTTP.call method for the same Http request it sent me the error.
No 'Access-Control-Allow-Origin' header is present on the requested resource.
i set the parameters and header in meteor Http.call are
HTTP.call(method, URL,
{params: {
async: false,
contentType: "application/json",
dataType: 'jsonp'},
headers:{'Access-Control-Allow-Origin':'https://www.google.com/*'}
}, function (err, result) {}
but when i check the request. i found the header is like
access-control-request-headers:access-control-allow-origin
so, help me where i am wrong in this HTTP request and how to resolve it