Our error logger is picking up the following error periodically:
System.InvalidOperationException: Request format is unrecognized for
URL unexpectedly ending in '/TheMethodName'
The reason this error is being thrown is because the request to the script service is using the GET method, and the default security settings only allow POST requests.
The strange part is that the only place in our code where we are calling this particular service method is through an $.ajax call, and it is specifically using type: 'POST'. There is no other place in the app where a GET request is made for this service.
The ui is making the POST call every 20 seconds to retrieve some data, and it does not seem that the GET's are interfering with that -- they are just extraneous. I've looked at the IIS logs, and I can see the proper POST requests, and then sometimes a GET request.
As an added wrinkle, it's not just this web service that is getting the extra GET calls -- we are logging these to several other service endpoints as well.
My guess is that the browser or a proxy server or something is making these calls on its own (like as part of prefetching or some sort of caching), but I have no evidence of that. In looking at the user agent for the bad requests, they are coming in from a variety of browsers.
Has anybody else seen this before, or have an idea of what might be causing it?
Related
I have an ASP.NET 4.7.2 WebForms project that uses both standard postbacks with viewstate and AJAX requests using JSON data. It is hosted on Amazon Web Services EC2 using a load balancer to split requests between 2 IIS servers. (The sessions are set to sticky so it shouldn't be switching servers partway through the session.) Most of the time these requests work fine. I'm servicing many thousands of requests per day that have no problems.
Unfortunately not all the requests work correctly. I'm getting about 200 requests per day that throw an error. Either "Invalid postback or callback argument" for the requests with a viewstate or "Unterminated string passed in" for the JSON ones. When this happens, my error logger records the POST parameters for the request and I can see that the request was cut-off and the entire viewstate or JSON request didn't come through. (The JSON requests include a file base64 encoded and only part of it comes through.)
If the user retries the request it seems to work, but they shouldn't have to. These are not spam bots because the entire site is behind a login screen and the values I'm seeing in the incomplete requests are real valid data... just not all of it.
I'm not sure how to track down this problem as it seems intermittent, and as far as I can tell ASP.NET is doing the right thing saying the data is invalid... it is invalid because it's incomplete. On the other hand I'm using pretty standard services with AWS and IIS running an ASP.NET site and if there was a bug in any of those I'd expect it would have been fixed a long time ago or people wouldn't be using them.
I have inherited this code which runs a 1-second-JQuery-Ajax-loop on the client side. It used to heavily exploit cookies and I am trying to change it to plain stateless HTTP at least, but now I have the following problem:
Every POST from the client is processed, and the first few GETs too, but after a short while the server-side HttpHandler is not even called on GET requests and the client code success callbacks always get passed the same - non-updated - data.
//edit: since people tend to assume otherwise: I have stepped through the code with a debugger, so when I say "handler is not called on get requests" and "client code success callbacks get passed the same data always" I mean that quite literally.
I figure this might be a problem of the Web Server caching responses to HTTP requests, but it's kind of a wild guess.
So I have a bunch of questions which might help me solve such problems in the future:
Is this a reasonable theory?
I would like to somehow have an overview over all the HTTP requests
the server registers and how he chooses to process them.
Also, where and how would I go about configuring the server beyond
the web.config, if for example I wanted to configure its caching
behaviour?
It's the clientside cache which is causing this.
Set cache to false on your AJAX request.
$.ajax({
url: "http://your.url.here",
cache: false
})
.done(function(data) {
// ...
});
More details here.
Whats difference between return new HttpStatusCodeResult(500) and cause a real error in the action (like division by zero)?
I'm asking because my customErrors works fine when a error like division by zero ocurred, but if i return new HttpStatusCodeResult(500) the customError dont show my page
HttpStatusCodeResult is for notifying the browser of the result of an action, using an actual HTTP status code. For example, if the browser tries to load an image that is no longer available, you could send a 404. If the user is attempting to access a resource that requires authentication, you could return a 401.
Errors caused by your code often don't need to inform the browser of an error, but instead need to inform the user, using an error page with a message. This error page though, would (most likely) be sent to the browser with an HTTP status code of 200.
tldr; these are two different types of errors with different meanings, meant for different recipients.
I have written a WCF service to return JSON on REST requests. Works great with a browser hitting it. But when my JavaScript hits it, the first request is an OPTIONS request for the url with "Access-Control-Request-Method: GET".
I think I need to handle CORS as documented here. However the suggested code won't compile and the suggested web.config is illegal in places.
What do I need to do so the service will respond appropriately when asked if a GET can be requested on a url?
You may have to enable it in IIS as well: http://encosia.com/using-cors-to-access-asp-net-services-across-domains/
I'm implementing the logic for a RESTful web server which supports searching with a SolR like syntax. Here are some common valid requests:
"https://www.somewhere.com/fooResource/123"
"https://www.somewhere.com/fooResource/456"
"https://www.somewhere.com/fooResource?q=title:hi"
"https://www.somewhere.com/fooResource?q=title:hello&sort=foo"
My question is very generic; what should I do if I receive a request like this?
"https://www.somewhere.com/fooResource?q=title:hi&something=foo"
I received a query parameter "something" which has no meaning to me, and our search engine will ignore it. Should I
return a 4xx status code immediately
ignore it and return a 200 with results
either my be "right" depending on my use case
Many web pages just ignore stuff that they aren't expecting.
Usually the URL and parameters are a result of clicking something or running some code on a browser or web service client. These would seldom submit anything unexpected.
If there is some reason you expect someone to be fooling with your web site and submitting requests that are "hackish" in some fashion, you might want to lock them out by recognizing illegal parameters and returning some error. 4xx would be reasonable for REST service.
Read the HTTP status definitions. I would practice not returning anything with bad info. The definition of 400 is The request could not be understood by the server due to malformed syntax. The client SHOULD NOT repeat the request without modifications. and seems appropriate here, but your use case may deem otherwise.
If you IGNORE you are not giving the client any information. They may never know something is wrong.