Custom HTTP method at Mule HTTP point - http

I use Mule as REST API <-> AMQP.
And I have to send custom Request Method: "PRINT", but I'm receiving:
Status Code: 400 Bad Request
The request could not be understood by the server due to malformed syntax.
Do you have any ideas how I can add custom HTTP method to Mule?

Unfortunately, because of this validateMessage() method here Mule rejects any method not listed here :(
I guess you need to open a bug with MuleSoft, asking for the capacity to configure extra methods, and in the meantime create a patch for the transport.

Related

400 Bad request while consuming a rest service with POST method?

I'm getting http requestor connection problem with POST:request a bad request even though I'm configuring properly. I'm sending json payload in the body and Bearer token in headers parameters with content type, I can evaluate the token and payload properly but still getting as a bad request when I tried to hit the direct URL as well, and I tried the trigger in postman with the same token generated in mule where I'm getting the success response but while using the same service within mule getting as bad request, I'm using http connector plugin version 1.7.1 in pom.xml.. Is there any problem with the dependency? can anyone help me with this?
If you are successful doing the request in postman then the HTTP request in your Mule application has to need some adjustments to make it match the postman request. Compare them carefully to make them match.

how to fix the bug found during SOAPUI security testing

I was doing a automation testing on my web application with SOAPUI, I have found a bug which is http method fuzzing basically it means "HTTP Method Fuzzing
An HTTP Method Fuzzing Scan attempts to use other HTTP verbs (methods) than those defined in an API. For instance, if you have defined GET and POST, it will send requests using the DELETE and PUT verbs, expecting an appropriate HTTP error response and reporting alerts if it doesn't receive it.
Sometimes, unexpected HTTP verbs can overwrite data on a server or get data that shouldn't be revealed to clients."
Can anyone knows how I can solve this issue or how I block the HTTP request other than GET or POST which may remove this bug.
I am using Node.js and express for my web application.
Please check the images:
Image 1
Image 2

HTTP POST Response code 200 OK

We have exposed a HTTP endpoint with POST method. To make a successful call the clients has to make the POST call with a request body and other required parameters.
When we hit the endpoint directly in the browser the response says 200 OK. Its a GET call. there is no implementation for GET.
The question is - an endpoint which supports only POST should throw an error while hitting directly on the browser with a GET ?
What should be the best error. Do we have to handle this in GET saying GET is not appropriate method on this end point?
Or is it correct to leave the GET response as 200 OK - to make the clients feel the end point is up and running?
If you're asking about what an HTTP server SHOULD do... the answer is: it has to implement GET and HEAD. See RFC 7231.

Return status code 4xx for client requests with invalid/unsupported Content-Type (like text/plain)

I've implemented a RESTful API using ASP.NET Web API (included in ASP.NET MVC 4).
When a client requests my services with an unsupported Content-Type (like "text/plain"), I get the following exception:
System.InvalidOperationException: No MediaTypeFormatter is available
to read an object of type [...] from content with media type
'text/plain'.
and my service returns a HTTP status code 500 and an error is logged/reported (I'm using ELMAH).
Unfortunately, I do not find an easy way to "catch" this type of unsupported client request. IMHO, the service should return a status code like 404 (not found) or 400 (bad request), because the error is not a server error (but a client side error).
In another SO question I found this answer How do I configure the status code returned by my ASP.NET Web API service when the request has an unsupported Content-Type? which shows a possible solution by implementing a custom DelegatingHandler.
So my question is: Do I miss something? Is there any ASP.NET Web API built-in functionality that targets this problem...
I finally "fixed" the problem with a custom DelegatingHandler similar to this implementation
How do I configure the status code returned by my ASP.NET Web API service when the request has an unsupported Content-Type?.
You can find my implementation here: http://blog.janjonas.net/2012-09-05/asp_net-mvc_4_rc-web-api-return-http-status-code-4xx-invalidoperationexception-no-mediatypeformatter-available-read-object-type-content-media-type
You can certainly use your own custom DelegatingHandler or you can make your custom HttpModule
which will implement the IHttpModule and check the current http request and validate the request.

Generating HTTP Request

In how many ways can an HTTP request be generated?
There are endless ways how you can create and from where you can send HTTP requests to a server. Actually your server has no idea, what the origin of such a request is (if it's AJAX or "regular" request, or sent from a console application or ...)
But there are HTTP methods (HTTP verbs) that (can) tell the server about the intent of the request: http://en.wikipedia.org/wiki/HTTP_Verbs#Request_methods
Also you can set headers in a request, for example the content-type or the accepted encoding: http://en.wikipedia.org/wiki/List_of_HTTP_header_fields
Most JavaScript libraries for example set the (non-standard) HTTP header X-Requested-With, so your application can differentiate between regular and ajax requests.
You see, it's even possible to set your own, non-standard headers. There are endless possible combinations...
HttpRequest is a C# class that wraps a petition sent by a client during a Web request.
There are many ways to generate it. The most usual one happens when your browser connects to an ASP.NET website.
You can, for example, create your own custom HttpRequest to petition a specific web page from a C# console application.
Are you trying to achieve something more specific?

Resources