We're migrating our services to apigee and we're running into an issue. We have a service that returns large payloads (>55MB) and when I pass it through a defined apigee proxy, it would return:
{
"fault": {
"faultstring" : "Body buffer overflow",
"detail": {
"errorcode": "protocol.http.TooBigBody"
}
}
}
Is there an apigee policy and/or proxy setting I can use to avoid this?
And, no, streaming is not an option. We need to duplicate the behavior as we want the migration to apigee transparent to our clients.
You should try the TargetEndpoint property response.streaming.enabled . That property passes the response through to the caller untouched without loading the payload into the message buffer. It does not require you to use any kind of HTTP streaming. You will not be able to edit the payload in any way, but it should pass through fine.
Loading a very large payload into memory in the message processor is forbidden because it could result in memory issues for Apigee Edge.
Related
I created login FE and finished it.
And as per usual my goto for ajax was Axios. My code is as follows.
const baseUrl = http://localhost:5000/project/us-central1/api
Axios.post(
`${baseUrl}/v1/user/login`,
{ ...data },
{
headers: {
Authorization: 'Basic auth...'
}
},
).then(r => console.log(r).catch(e =>console.log(e));
Now when i try to send request to my local firebase cloud function.
I get a 400 bad request.
after checking the request, I was wondering why it wasn't sending any preflight request, which it should do(to the best of my knowledge) but instead I saw a header named Sec-Fetch-Mode. I searched anywhere it's a bit abstract. And I can't seem to figure anything why my request still fails.
Is there anything Im missing in my config of axios?
My FE is running on a VSCode Plugin named live server(http://127.0.0.1:5500)
Also, my firebase cloud function has enabled cors
// cloud function expres app
cors({
origin: true
})
Any insights would be very helpful.
The OPTIONS request is actually being sent, because you are sending a cross-origin request with an Authorization header which is considered as non-simple. It doesn't show in developer tools because of a feature/bug in Chrome 76 & 77. See Chrome not showing OPTIONS requests in Network tab for more information.
The preflight request is a mechanism that allows to deny cross-origin requests on browser side if the server is not CORS aware (e.g: old and not maintained), or if it explicitly wants to deny cross-origin requests (in both cases, the server won't set the Access-Control-Allow-Origin header). What CORS does could be done on server side by checking the Origin header, but CORS actually protects the user at browser level. It blocks the disallowed cross-origin requests even before they are sent, thus reducing the network traffic, the server load, and preventing the old servers from receiving any cross-origin request by default.
On the other hand, Sec-Fetch-Mode is one of the Fetch metadata headers (Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site and Sec-Fetch-User). These headers are meant to inform the server about the context in which the request has been sent. Based on this extra information, the server is then able to determine if the request looks legitimate, or simply deny it. They exist to help HTTP servers mitigate certain types of attacks, and are not related to CORS.
For example the good old <img src="https://mybank.com/giveMoney?amount=9999999&to=evil#attacker.com"> attack could be detected on server side because the Sec-Fetch-Dest would be set to "image" (this is just a simple example, implying that the server exposes endpoints with the GET method with unsafe cookies for money operations which is obviously not the case in real life).
As a conclusion, fetch metadata headers are not designed to replace preflight requests, but rather to coexist with them since they fulfill different needs. And the 400 error has likely nothing to do with these, but rather with the request that does not comply with the endpoint specification.
You are missing a dot on your spread operator, this is the correct syntax:
{ ...data }
Note the three dots before “data”.
Please see the use of spread operators with objects here:
https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Operators/Spread_syntax
so I understand that this is not valid
Contract dsl =
Contract.make {
description "should return correct expected response"
request {
method GET()
url value(consumer(regex('/v2/abc/user/[0-9]{9,18}')),producer(regex("/abc/v2/user/[0-9]{9,18}")))
}
}
response {
body([
id : $(consumer(regex('.*'))),
])
status 200
}
}
The API gateway between the two sides producer and consumer transforms producer url to consumer. Does the spring cloud contract allow for such cases where API gateway changes the URL to look what is expected by the consumer?
When I try to do this the error is pretty clear
You can't have a regular expression for the request on the server side
It makes no sense to have a regex on the producer side. That's because in the tests we need to send a concrete request to a concrete url. We can't find the url unless you tell us how it looks like.
I have proprietary http based API to test from JMeter. Unfortunately some of the endpoints of the API are expecting http DELETE method with a request body (I know its questionable API design to use DELETE with request body, but I have no ability to change that API and need to test it).
How can I test it from JMeter? It seems that standard HttpRequest sampler silently ignores my body payload without any warnings. (When I try it in POSTMAN its sending a request body for DELETE method)
I did find an old JMeter plugin called HTTP Raw Request that somewhat helps but still doesn't auto-calculate "Content-Length:" http header for my body payload...so I have to do it manually for every test case - which is a pain for dynamically generated data payloads.
So my question still remains: How can I test HTTP DELETE with request body from JMeter?
Here is the screenshot:
NOTE1: Starting from jMeter ver. 3.1 (see bugzilla #60358) it was fixed for Http GET request to be able to send body in the request...but DELETE was not added.
NOTE2: See bugzilla #61443 for the DELETE request with body.
NOTE3: I'm using client implementation called "Java".
As per reference docs:
http://jmeter.apache.org/usermanual/component_reference.html#HTTP_Request
There are 2 implementations for http request sampler. The non default one called "Java" has this issue with not passing DELETE request body.
Luckily the default implementation called "HttpClient4" that correctly passes request payload for DELETE operation as per JMeter data entry screen.
To change implementations for http request sampler you have to go to "advanced" tab of the HTTP Request Sampler and select client implementation "HttpClient4" instead of "Java". Here is the screenshot:
After that when executed it correctly sends request payload for DELETE operation. Here is the screenshot:
The flow is SAP NWAS 7/Java AS ---> Apigee On Premise--->Apigee OnCloud -----> Backend. and back.
Backend is posting a response of appx 17 MB back. I have streaming enabled both on cloud and on premise Apigee. But the sap NWAS client states that only partial response is received .
When we invoke from POSTMAN however, we are getting complete response.
Please suggest where the problem can be?
Since Postman works fine for you, it seems like it might be a problem on the client side. So, it's possible that the client requires more info on the response in order to be able to display the content e.g. Content-Type header. Another way to troubleshoot this issue is to send a cURL command to the resource in Apigee and store it in the filesystem to validate that not only Postman can parse the response. e.g.
curl http://yourresourcehere/images/12344 > img12344.png
I'm attempting to have BizTalk broker the communication to a WCF service that maps some of its data within the response message's header and not the body portion. After researching, the solution was to write the header data to the OutboundCustomHeaders message context property and then the BizTalk WCF adapter will inject it into the outgoing message. This worked perfectly until I enabled message level security using a certificate. In this case, the header still gets included within the response message but AFTER the message is encrypted. This causes the receiving client to throw a MessageSecurityException with the message 'required message part was not encrypted."
Is there a way to configure BizTalk to write the OutboundCustomHeaders before encryption occurs or another way to inject my header in the response?
I'm not sure how much it helps or complicates the answer, but the receive location in BizTalk is using the ws2007HttpRelayBinding to create an Azure endpoint for the client connections.
The solution for this problem was found by creating a custom behavior that adds the required header to the channel protection requirements and attaching it to the ws2007HttpRelayBinding.
I used the following link as a reference to my solution: WCF custom messages security