I'm trying to invoke the below URL:
https://api.linkedin.com/v1/people/~:(id,first-name,last-name,industry,skills)?oauth2_access_token=blabla
When I make the call directly from the browser it works fine, but if I call it using cfhttp request I got 404 Not Found error.
The issue is most likely related to url encoding, kindly advise how send the request using cfhttp or another method without being enforced to be urlencoded
The problem is that the cfhttp enforce encoding of the URL. I found a function on the below blog that can be used to replace the cfhttp
http://coldfusion9.blogspot.gr/2012/03/custom-cfhttp-tag.html?showComment=1366715001465#c172925816683016138
Related
I have my e-commerce website and dealing with a 3rd party payment vendor integration. I send them a URL and they're returning a POST request to it. The problem is I'm receiving 403-bad or Missing CSRF Token error.
The incoming request is as follows:
Request URL:https://mavi.local:9002/checkout/callback/secure3d?CSRFToken=425cc3ee-df74-482a-955b-c7836abff410&responseCode=0000&token=D7ED3EBA21864253AD7AA33AABB492C7FA90DDEBD7AD448D1210EF85814E077505BC8E58E1F29AC2153E600678E6545A2D87FAACF516AC3249F7D8572EA767835C89F1E370C01532F0DCCABF8ACCC7F215AE838E9B917204F1C362140E6F5E87
Request Method:POST
Status Code:403 Forbidden
Remote Address:127.0.0.1:9002
Referrer Policy:no-referrer-when-downgrade
And the initiator is:
test.masterpassturkiye.com/RedirectServer/MMIUIMasterPass_V2/s3d/bank/success?RRN=500007047967:7
I'm trying to add this url as allowed Cross Origin request in my Spring configuration.
I have tried 2 options.
Updating csrf.allowed.url.patterns setting in project.properties as follows:
csrf.allowed.url.patterns=/.*callback|.masterpass|[^/]+(/[^?])+(sop/response)$,/[^/]+(/[^?])+(merchant_callback)$,/[^/]+(/[^?])+(hop/response)$,/[^/]+(/[^?])+(language)$,/[^/]+(/[^?])+(currency)$
This regex mathces with the url but not the whole URL, I think it might be a problem, yet I'm not sure.
Inserted below item into my spring-mvc-config.xml
<util:list id="csrfAllowedUrlPatternsList" value-type="java.lang.String" >
<value>.*masterpass</value>
</util:list>
I adopted this solution from this blog post
Yet the problem with the 403 error still continues. What might be the possible problem with my configurations? Any help or idea will be great help.
I believe that your value in spring-mvc-config.xml is wrong.
Please try with /checkout/callback/secure3d since this is the Hybris URL which handles the POST request and which should not ask for a CSRF token.
To make everything more clear, your spring-mvc-config.xml should contain this:
<util:list id="csrfAllowedUrlPatternsList" value-type="java.lang.String" >
<value>/checkout/callback/secure3d</value>
</util:list>
I believe that this is valid for the csrf.allowed.url.patterns as well.
The regex should apply to the call back URL (i.e /checkout/callback/secure3d) instead of the initiator.
I am trying to call a php website through API, which gives the below Error 403.
Kindly check my code below. If anyone has a solution kindly help me.
I guess your request is true, but the website detects that an application tries to get to website and blocks the request to stop scrapping website.
If you want to pass the server filter, I think you should check a request to this website from a browser and then add the browser headers to your request so the server assume it as a browser and will accept it.
I have written a WCF service to return JSON on REST requests. Works great with a browser hitting it. But when my JavaScript hits it, the first request is an OPTIONS request for the url with "Access-Control-Request-Method: GET".
I think I need to handle CORS as documented here. However the suggested code won't compile and the suggested web.config is illegal in places.
What do I need to do so the service will respond appropriately when asked if a GET can be requested on a url?
You may have to enable it in IIS as well: http://encosia.com/using-cors-to-access-asp-net-services-across-domains/
I'm having a problem getting any response from urlfetch.Transport.RoundTrip in GAE Go. When I browse a page that makes the call in a browser, the call is executed as intended. When the same function is called from a POST request made by poclbm Bitcoin miner, I can't get a response.
The call is made by this package I made at line 77.
Is it possible, that in Google App Engine one can request data from other web pages under a HTTP GET, but not POST, or is there something else that can be causing this problem?
You can do POST request from App Engine using http.Client.Post, just make sure you create the http client with urlfetch.Client function.
Is there any way to determine if a POST endpoint exists without actually sending a POST request?
For GET endpoints, it's not problem to check for 404s, but I'd like to check POST endpoints without triggering whatever action resides on the remote url.
Sending an OPTIONS request may work
It may not be implemented widely but the standard way to do this is via the OPTIONS verb.
WARNING: This should be idempotent but a non-compliant server may do very bad things
OPTIONS
Returns the HTTP methods that the server supports for specified URL. This can be used to check the functionality of a web server by requesting '*' instead of a specific resource.
More information here
This is not possible by definition.
The URL that you're posting to could be run by anything, and there is no requirement that the server behave consistently.
The best you could do is to send a GET and see what happens; however, this will result in both false positives and false negatives.
You could send a HEAD request, if the server you are calling support it - the response will typically be way smaller than a GET.
Does endpoint = script? It was a little confusing.
I would first point out, why would you be POSTing somewhere if it doesn't exist? It seems a little silly?
Anyway, if there is really some element of uncertainty with your POST URL, you can use cURL, then set the header option in the cURL response. I would suggest that if you do this that you save all validated POSTs if its likely that the POST url would be used again.
You can send your entire POST at the same time as doing the CURL then check to see if its errored out.
I think you probably answered this question yourself in your tags of your question with cURL.