Universal Analytics Measurement Protocol respond 200 OK, but no events appers - http

I am sending events from Winform application to Universal Analytics via Measurement protocol and I use fiddler to inspect the request and response. Everything seems to be OK, but no events appears in Universal Analytics.
My app request:
POST http://www.google-analytics.com/collect HTTP/1.1
Host: www.google-analytics.com
Content-Length: 112
Expect: 100-continue
v=1
&tid=UA-44974825-1
&cid=1aba0888-732f-4690-9a91-d906c94a4a23
&t=exception
&exd=NullReferenceException
&exf=1
Server response:
HTTP/1.1 200 OK
Pragma: no-cache
Expires: Mon, 07 Aug 1995 23:30:00 GMT
Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Access-Control-Allow-Origin: *
Last-Modified: Sun, 17 May 1998 03:00:00 GMT
X-Content-Type-Options: nosniff
Content-Type: image/gif
Date: Fri, 18 Oct 2013 13:54:39 GMT
Server: Golfe2
Content-Length: 35
Alternate-Protocol: 80:quic
GIF89a�����������,�������D�;

Your request is missing the app name parameter, &an, which is required for sending data to app profiles in Google Analytics via the Measurement Protocol.
The requirements for sending app data to Google Analytics via the Measurement Protocol are documented here:
https://developers.google.com/analytics/devguides/collection/protocol/v1/devguide#apptracking
The GA endpoint will always return 200, even if the request is missing required parameters.

I discovered another reason why no data is being collected: I hadn't upgraded my property to Universal Analytics, yet! Doh!

The root problem here is that you are not formatting your request properly. You need to format your POST body like any other application/x-www-form-urlencoded encoded POST body, all on one line:
v=1&tid=UA-44974825-1&cid=1aba0888-732f-4690-9a91-d906c94a4a23&t=exception&exd=NullReferenceException&exf=1

For anyone who lands here looking for solution to something similar, check this tool: Hit builder to validate the payload data.
I was facing the same issue this tool helped.
(Not sure if this debug tool was available then when this question was posted)

Related

Safari Caching GET request even with disabled cache

I have set all headers that I know of to disable caching (even disabling ETAG) on my server, yet Safari still occasionally (about 50% times) caches my requests.
Workflow
I am implementing oauth 1, so:
Browser makes GET /api/user request
Server returns 405
Browser redirects to 3rd party website to authenticate
Browser is redirected to api/callback which stores some info into cookie.
Browser is redirected back to original route.
Browser makes GET /api/user request which should be successful, however it gets 405 served from disk cache instead.
Request summary from Safari Network Inspector
Summary
URL: http://localhost:3000/api/user
Status: 405 Method Not Allowed
Source: Disk Cache
Request
No request, served from the disk cache.
Response
Transfer-Encoding: Identity
Content-Type: application/json; charset=utf-8
Pragma: no-cache
Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0
Vary: Cookie, Accept-Encoding
Date: Wed, 23 Jan 2019 11:34:23 GMT
Content-Encoding: gzip
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Connection: close
x-powered-by: Express
Conclusion
I have no idea what's wrong and I will greatly appreciate any help. My
Safari version is 12.0.2. I wasn't able to replicate this issue with Chrome.
Use Vary: *. This magically solved my problem.
This answer helped me: https://stackoverflow.com/a/2068353/1364158
Alternatively, you can really force browser to load a new version of request by including some meaningless random query arg in your url, e.g. /api/user?ts=18284

Cookie created on server not stored on client

Given this server response:
HTTP/1.1 200 OK
Date: Fri, 23 Mar 2018 12:17:57 GMT
Access-Control-Allow-Origin: http://localhost:8888
Vary: Origin
Access-Control-Allow-Credentials: true
Set-Cookie: key=value;Version=1
Content-Type: application/json
Content-Length: 276
I thought this cookie (key=value) would be stored on client side and I would be able to view it from Chrome DevTools. However I don't see any cookie there. And the cookie is not included on the further requests made after the requested shown above. So I guess it's not stored.
To store the cookies is not the default behavior of the browser?
I've tried setting the cookie property httpOnly to true with the same results.
How can force the browser to store the cookie without using JS and including it on further requests without any JS interaction?

IBM Security Appscan returns MongoDB NoSQL Injection on SignalR connection

I have created a signalR site that displays collected server data from our intranet. Everything works accordingly without issue.
There are no user inputs on the page. It's essentially a dashboard.
I have googled, searched IBM's site directly and asked in jabbR... but no results for why this might occur. I understand the critical message about injection... but there is no user input to inject, it's SignalR's connection establishment.
Any ideas? Possible false-positive?
IBM Security Appscan reports back:
HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Transfer-Encoding: chunked
Content-Type: application/json; charset=UTF-8
Expires: -1
Server: Microsoft-IIS/8.5
X-Content-Type-Options: nosniff
X-AspNet-Version: 4.0.30319
Persistent-Auth: true
X-Powered-By: ASP.NET
Date: Thu, 21 Apr 2016 20:18:46 GMT
{
"Url": "/signalr",
"ConnectionToken": "0l6V6C/DRJsZ3dOFpL+UO+hpOt5NtkBiGLREN9L5no6/hD1a6ZYTdQJRX8bWG0nJfM+4aRRHvfoeTD9b2tjEf84aX+/ANWsnBe8QKupoTkguzE2P3G3zifuEH2lDMOlr7fCiQYbBUvi20Mb4bLlngw==",
"ConnectionId": "fce58409-d505-4534-a318-01b90e333c57",
"KeepAliveTimeout": 20.0,
"DisconnectTimeout": 30.0,
"ConnectionTimeout": 110.0,
...
AppScan sent three requests: Error, True, and False. All three responses were different from one another, which insinuates that the MongoDB injection succeeded.
Try to retest the particular vulnerability using appscan itself. Most of the times appscan show false positive results in terms of blindSQL injection and MongoDB NoSQL Injection.
If you are using appscan standard: right click on the particular vulnerability and hit retest.

How to solve "Chunked body did not terminate properly with 0-sized chunk."?

I have an RSS feed. When I browse to the feed with Fiddler Web Debugger open, Fiddler throws this error at me:
Chunked body did not terminate properly with 0-sized chunk.
The response from the server that triggered the error looks like this:
HTTP/1.1 200 OK
Date: Tue, 22 Jan 2013 21:00:49 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/xml; charset=utf-8
Content-Length: 30985
<rss version="2.0">
<channel>
... etc
The owner of the RSS is reporting problems when trying to submit the site to RSS aggregators.
I tried to validate the rss here: http://validator.w3.org/appc/. The response was this:
IncompleteRead(30985 bytes read) (IncompleteRead; misconfigured server?)
However, if I browse to the rss and copy past the code into this validator: http://validator.w3.org/appc/#validate_by_input, then everything validates correctly.
How do I correct this? This is a C# ASP.NET webforms project running on .NET 3.5 in IIS6.
Update
It appears that I was using Fiddler incorrectly. After unchcking the Decode option, here is the server response:
HTTP/1.1 200 OK
Date: Tue, 22 Jan 2013 21:22:03 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Transfer-Encoding: chunked
Cache-Control: private
Content-Type: text/xml; charset=utf-8
7909
<rss version="2.0">
<channel>
... etc
The data you posted above is not what the server sent. The response from the server contained a HTTP Header Transfer-Encoding: chunked but your data was not properly in the HTTP-chunked encoding format.
Please update your question with the actual data, as captured by Fiddler, making sure the Decode option in Fiddler's toolbar is NOT checked.
(As to the root cause of the problem, did you mistakenly call Response.Close()? See this article for an explanation of why that's the incorrect way to complete a HTTP response.)

HTTP caching in WCF Web API seems inconsistent across browsers

I'm implementing a simple REST service with the WCF Web API and attempt to set HTTP headers in order to cache responses.
For a simple GET like this
http://localhost:49302/my/2
the response headers look like this:
Server: ASP.NET Development Server/10.0.0.0
Date: Tue, 24 Jan 2012 18:18:44 GMT
X-AspNet-Version: 4.0.30319
Content-Length: 233
Cache-Control: max-age=120
Vary: Accept
Expires: Tue, 24 Jan 2012 18:20:44 GMT
Last-Modified: Tue, 24 Jan 2012 18:18:15 GMT
Content-Type: application/xml; charset=utf-8
The intent is that the client should cache the resource for two minutes.
However, using the WCF Web API Test Client, the behavior is inconsistent across various browsers:
In Firefox (9.0.1) the request is cached, and first after two minutes is a new version of the resource displayed. This behavior is as expected.
In Chrome (16.0.912.77 m) the cache headers aren't respected at all. A new version of the resource is being fetched for every GET request. This behavior is not expected (by me, at least).
In Internet Explorer (9) the behavior is the same as in Chrome.
Why doesn't Chrome and IE respect the cache headers?
Is it a bug in the WCF Web API Test Client?
Caching is hard to get right. The fact that a browser may ignore cache directives certainly doesn't help.
According to this document IE never cached any request with a Vary header containing anything but Accept-Encoding and User-Agent
If I test this with a 15 seconds cache period and I just set the MaxAge and MustRevalidate it seems to work fine with IE9, FireFox and Chrome.
Web API HttpResponseMessage:
result = new HttpResponseMessage<Book>(book);
result.Headers.CacheControl = new CacheControlHeaderValue();
result.Headers.CacheControl.MaxAge = TimeSpan.FromSeconds(15);
result.Headers.CacheControl.MustRevalidate = true;
return result;
Response headers:
HTTP/1.1 200 OK
Server: ASP.NET Development Server/10.0.0.0
Date: Wed, 25 Jan 2012 09:13:32 GMT
X-AspNet-Version: 4.0.30319
Content-Length: 98
Cache-Control: must-revalidate, max-age=15
Content-Type: application/json; charset=utf-8
Connection: Close
I am not sure the MustRevalidate is really required but it is recommended to use it. See the specs here.
Test to replace localhost with "real domain" so the WCF Test Client or Chrome/IE doesnt have any special tricks for localhost.

Resources