I use the next link in order to send chunking files with plupload.
I change the url parameter in order to send the request to my localhost:
url: "./upload.cfm", was changes to url: "localhost/upload"
As I see, the request is sent, but with request methods: OPTIONS.
Why it happens and how I can change it to POST?
Since you are now making a cross-origin HTTP request, you are triggering a preflight request in which the browser asks the destination server if your website is allowed to ask browsers to make POST requests to the destination server.
Either configure the destination server to respond to the OPTIONS request with a response granting permissions (after getting that response the browser will make the POST request), or continue to make requests with XHR only to the same origin.
Related
I'd like to know if how I might achieve the following in IIS.
User clicks button in email with HTTP GET link.
Request is sent to IIS
IIS sends POST to MS Flow HTTP endpoint to trigger flow.
Flow finishes and sends back 200 OK
Original HTTP GET receives reply with REDIRECT to different URL (HTTP GET)
Essentially I need the first HTTP GET to tigger my flow, wait for it to complete then redirect the user to another webpage if successful.
Thanks !
I'm playing a bit with HTTP requests with fiddler.
Basically the site is my router interface which asks for a password.
The password is then encrypted (with a function i have, branded MD5 of some kind) and passed to the server in the body of the POST request.
Here what i've done:
With fiddler i sniffed the browser GET request (got a redirection 302)
With fiddler i sniffed the server response
With fiddler i sniffed the browser POST request (after typing the password)
Browser successfully logged in.
then:
With fiddler composer i performed a GET request equal to the one sniffed. (got a redirection 302)
With fiddler i sniffed the server response (each time the site provides to the client a different Set-Cookie value which is used in the brand MD5 function for antiXRSF attacks).
With fiddler composer i reproduced the sniffed POST request with a different body content due to the new Set-Cookie value.
The body of the post request is indeed correct because it is calculated by the very same function used by the browser.
What came to my mind now:
I'm using the wrong Set-Cookie value --> not possible since if i try to guess the body content of a browser request with the available parameters, the guess turns out to be correct.
The redirection performed by fiddler is done without the Set-Cookie or with a different one --> i saw i can decide not to follow a redirect, is there a way to decide what to pass in the header during a redirection? I'll test more directly on the redirected url.
Regards,
The redirection performed by fiddler is done without the Set-Cookie
Correct. Fiddler's Composer does not have a cookie jar. If a call returns a cookie via Set-Cookie on a redirect, that cookie is not added to a Cookie header when the redirected request is sent.
It's my understanding that caching is one of the main utilities of a proxy server. I'm currently trying to develop a simple one and I would like to know exactly how caching works.
Intuitively I think that it's basically an association between a request and a response. For example: for the following request: "GET google.com" you have the following response: "HTTP/1.0 200 OK..."
That way, whenever the proxy server receives a request for that URL he can reply with the cached response (I'm not really worried right now about when to serve the cached response and when to actually send the request to the real destination).
What I don't understand is how to establish the association between a request and a response since the HTTP response doesn't have any field saying "hey this is the response you get when you request the X URL" (or does it?).
Should I get this information by analyzing the underlying protocols? If so, how?
Your cache proxy server is already putted into play when a request arrives. Therefore you have the requested resource URL. Then you look in your cache and try to find the cached resource for the requested resource URL, if you cannot find the resource in your cache (or the cache is outdated), you fetch the data from the source. Keep in Mind, that you have to invalidate the cached resource if you receive a PUT, POST or DELETE request.
I use backbone.js' s model. When i save the model, it sends HTTP OPTIONS method to server-side on firefox, but sends HTTP POST method with safari.
I know it is not an issue about backbone.js, it is about CORS. I will just check if method, GET, POST, PUT and DELETE on server-side, i will not do a job with HTTP OPTIONS method.
my requested url is my api: api.foo.com
and api requested from: bar.com
so, how can i control in all browsers request my api.foo.com with HTTP POST not OPTIONS?
and how can i share api.foo.com' s content with all request from any other domains?
Note: i have already changed response' s headers from server-side to: Access-Control-Allow-Origin: *
The OPTIONS request is actually the so called preflight request of the CORS specification. This preflight request is used by web browsers to check under what conditions the server would accept a request from the respective origin. If the response to the preflight request was satisfying, the browser will send the actual request.
So to comply with this specification, you need your server to reproduce the steps of preflight request processing.
See what I'm trynig to do is on a post request made collect the http headers and then add them to app.Request.Headers.Add().
In my application basically another post request overides certain post requests that I make.
On each request to my server there is a redirection to another server which adds some headers over my original post request
I need some way of saying maybe ok add these headers but then execute my post request with its headers after