How can I add common header to every request in Paw? - paw-app

I need to add a header (or set of headers) for many existing requests (all in workspace except two) and I would like this header to be added as default to new request or be able to add them without rewriting or copying it all.
All I can think of is to use environment variables for the header name and value but if I have multiple headers I would need to add them to every request but it is difficult to maintain.
Is there better way to do this? Is there anything like inheritance for the requests?

you could try adding it as environment variable and use it for every request.
visit https://paw.cloud/docs/environments/environments-reusable-presets

Related

Jetty Split File Server combined with a Header Filter

This Jetty doco page https://www.eclipse.org/jetty/documentation/9.3.x/embedded-examples.html#embedded-split-file-server shows how to set up two context handlers which serve two different resource bases (eg. /var/www/docs and /var/www/api-docs) to the same path (eg. myurl.com/documentation).
A previous question showed how to do this with a ServletContextHandler: Serving static files from alternate path in embedded Jetty. You can add a Filter to a ServletContextHandler, but how do you add a Filter to a ContextHandlerCollection? For example an X-Frame-Options header?
Thanks!
Use a custom HandlerWrapper and wrap the other Handlers you want to act on.
See https://stackoverflow.com/a/39217143/775715

Using Fiddler: Inject cookie into all subsequent requests from initial request

I have a batch of requests in Fiddler, the first is a login request and returns a valid cookie. The rest need to use this cookie, I know I can break and edit headers but is it possible to automatically script this behaviour? I'm pretty new to Fiddler but it looks powerful so I'm hoping this is possible, anyone know how or where to start?
To manually add a header, use the Filters tab and use the Request Headers section.
To automatically add a header, click Rules > Customize Rules. Scroll to OnBeforeResponse and write code that stores the target cookie in a global variable declared just inside the Handlers function, e.g.
static var m_MyCookie: String;
Then, inside the OnBeforeRequest function, use that variable, e.g.
if (!String.IsNullOrEmpty(m_MyCookie)) oSession.oRequest["Cookie"] = (m_MyCookie + ";" + oSession.oRequest["Cookie"] )
If you're only trying to add this header to specific requests, use, for instance, the oSession.uriContains function to determine whether the target URL is one that you want to have the cookie.

How to apply the PUT verb in a REST request?

I'm working on a REST server. I have an order RESOURCE.
From my understanding the PUT verb should create a new order based on the URL. My question is: How can this work if the resource is new and you don't know the ID of the new order?
I know the debate about POST vs PUT, but I'm quoting the w3 specs for PUT http://www.w3.org/Protocols/rfc2616/rfc2616-sec9.html
"If the Request-URI does not point to an existing resource, and that URI is capable of being defined as a new resource by the requesting user agent, the origin server can create the resource with that URI"
In RESTful APIs, PUT is typically used to update a resource or create one if it doesn't exist at the specified URL (i.e. the client provides the id). If the server generates the id, RESTful APIs typically use a POST to create new resources. In the latter scenario, the generated id/url is usually returned or specified in a redirect.
Example: POST /orders/
According to W3C Both PUT and POST can be used for update and/or create.
The basic difference between them is how the server handles the Request-URI. PUT URI identifies the entity and the server should't try to map it to another URL, while POST URI can be a handler for that content. Examples:
It's OK to POST a new order to /order, but not a PUT. You can update order 1 with a PUT or POST to /order/1.
To put it simply POST is for creating and PUT is for updating. If you don't have an ID for an object because it isn't created yet, you should be using a POST. If an object DOES exist and you just don't have the ID for it, you're going to have to search for it using a GET of some kind.
The thing to remember is Idempotence. A PUT (and GET for that matter) is idempotent. Basically meaning, you can hit the same URL over and over and it shouldn't make a difference the 2nd or 3rd time (It edits the data once, and calling it again it doesn't make that change again). However a POST is not idempotent. Meaning, you hit the same URL 3 or 4 times in a row and it's going to keep changing data (creating more and more objects). This is why a browser will warn you if you click back to a POST url.
You say, "don't know the ID of the new order" therefore the following is not true "URI is capable of being defined as a new resource by the requesting user agent", therefore PUT is not appropriate in your scenario.
Where is the confusion? I am of course assuming the Id would be part of the URL.

ASP.NET MVC 2 EditModel include Id? Securing Id is not tampered with

I am looking for some best practices when is comes to creating EditMoels and updating data in an ASP.NET MVC app. Lets say I have a Url like so /Post/Edit?Id=25
I am ensuring the user has permissions to edit the specific post by Id on the Get request and the same for my Post in the controller. I am using the ValidateAntiForgeryToken.
Questions: Should I include the Id property in my EditModel? If so, Should I encrypt it?
The problem is I can use FireBug to edit the Id hiddedinput and edit a different post as long as I have permission to do so. This is not horrible, but seems wrong.
Any help would be great!
There are several ways to prevent this.
The first - don't send sensitive data to the client at all. Keep the post id in session variables, so the user can never edit it. This may or may not be an option depending on your architecture.
The next approach is to convert the direct reference to an indirect one. For example, instead of sending postids = {23452, 57232, 91031} to the client to render a drop-down list, you should send an opaque list {1,2,3}. The server alone knows that 1 means 23452, 2 means 57232 and so on. This way, the user can't modify any parameter you don't want him to.
The last approach is including some kind of hash value that adds as an integrity check. For example, suppose you have 3 hidden fields in a html page - {userId=13223, postId=923, role=author}. You first sort the field names and then concatenate the values to get a string like postId=923&userId=13223&role=author. Then, append a server secret to this string, and hash (SHA-1 or MD5) the entire string. For eg. SHA-1('postId=923&userId=13223&role=author&MySuperSecretKey'). Finally add this hashed value as a hidden parameter. You may also want to add another hidden field called ProtectedParameters=userId,postId,role.
When the next request is made, redo the entire process. If the hash differs, balk the process.
Security wise, I have listed the options in decreasing order. At the same time, its probably in the increasing order of convenience. You have to pick the right mix for your application.
I don't think you should worry with that, if the user does what you said, i suppose that you'll know who edited what, so if he edits the wrong post, doing as you said, you can always remove his edition rights...
If you can't thrist your users, don't let them edit anything...

How to add and access Custom Header in C#

I need to add a custom header something like
MYName: Balaji
which i need to access from .aspx file through
Request.ServerVariables["HTTP_MYName"];
should return "Balaji". I need so many variables like this it will added dynamically.
Kindly help.
Also, I cannot persist this varaibles in any of the .Net controls or objects like
cookies, sessions, application, hidden variable etc., or cannot store this in d/b and get it back whenever is required, I NEED IT ONLY IN HTTP HEADERS.
Kindly send the C# code how to add this variable and get the value back in .aspx file.
What do you mean by "get the value back in .aspx file"? HTTP headers are intended to be used as directives to a browser, how to interpret the given content. You don't have access to these values in your document.
Setting a custom HTTP header is quite easy, however:
Page.Response.AddHeader("MyCustomHeader", "VerySecretValue")
Updated my answer as per your comment.
If you need to transfer information between a HTTPModule and an ASPX page, you can use HTTPContext.Current, since this stays the same in both places.
So, you add it by
HttpContext.Current.Items.Add("SecretKey", "SecretValue");
and read it as
string s = HttpContext.Current.Items["SecretKey"];

Resources