I am trying to work out how to access content on this site: https://handbook.unimelb.edu.au/
I can manually conduct a search via the browser, and I am tracking the raw http request via HTTP live Headers, but having endless problems working out how the system is actually conducting search.
In particular, using the advanced search via: https://handbook.unimelb.edu.au/faces/htdocs/user/search/AdvancedSearch.jsp
Results in data similar to the following being sent:
POST /faces/htdocs/user/search/AdvancedSearch.jsp HTTP/1.1
AdvancedSearchForm%3Akeywords=&AdvancedSearchForm%3ACourseOrSubjectSelection=SUBJECT_ALL&AdvancedSearchForm%3AGraduateLevelSelection=POSTGRADUATE_ALL&AdvancedSearchForm%3AfacultyList=&AdvancedSearchForm%3AdepartmentList=&AdvancedSearchForm%3Alevel=ALL&AdvancedSearchForm%3Asemester=ALL&AdvancedSearchForm%3AallStudyAreas=t&oracle.adf.faces.FORM=AdvancedSearchForm&oracle.adf.faces.STATE_TOKEN=_id51018%3A_id51019&source=AdvancedSearchForm%3AsearchButton
The server immediately responds with "HTTP/1.1 302 Moved Temporarily" and redirects me to "Location: https://handbook.unimelb.edu.au/faces/htdocs/user/search/SearchResults.jsp"
Which actually displays the search results.
As far as I can tell, the search itself must be using a session to store the searched-for terms between the post and the subsequent get.
Is this normal JSF behaviour?
Is there a trick to accessing such a system?
Is this normal JSF behaviour?
This bahaviour is not "normal". This approach is however explainable for legacy JSF 1.x applications; it's because GET forms weren't natively supported by JSF 1.x. I would however consider this approach rather poor design and have recommended to use <managed-property> to inject GET request parameters. The webapp architect/developer has most likely not really thought it out very well. Note that since JSF 2.0, which is out for little over 3 years already, GET forms using plain HTML <form> are natively supported thanks to the new <f:viewParam> tag.
Is there a trick to accessing such a system?
Tell your HTTP client to maintain the session (read: the cookies) and auto-follow redirects. By default, JSF relies heavily on the session already as it stores the view state in there as well. This is in turn not related to the way how that webapp is designed.
See also:
How can i programmatically upload a file to a website? - related answer on how to properly programmatically submit a JSF based form.
Related
Regarding this question and also many documents have stated that sending a PUT request directly via form in browser is impossible due to security reason.
However, What I am seeing in Backbone is that it could still send a direct PUT request via browser without a workaround like adding a hidden form field.
And they're confusing to me. Is there anything that I'm missing here?
A form can only send a GET or a POST request, as set in the method attribute.
However, Backbone delegates its requests to jQuery.ajax by default (or whatever you want via Backbone.ajax) which itself wraps XMLHttpRequest, an object that can send PUT/DELETE/PATCH requests.
From https://developer.mozilla.org/en-US/docs/Web/API/XMLHttpRequest
XMLHttpRequest is a JavaScript object that was designed by Microsoft
and adopted by Mozilla, Apple, and Google. It's now being standardized
in the W3C. It provides an easy way to retrieve data from a URL
without having to do a full page refresh. A Web page can update just a
part of the page without disrupting what the user is doing.
XMLHttpRequest is used heavily in AJAX programming.
many documents have stated that sending a PUT request directly via browser is impossible due to security reason
Citation please.
Backbone sends a PUT just like it sends any other request, with jQuery,
Backbone.ajax({
type: 'PUT'
...
});
It is just some server side langauges,like PHP, that have problems with receiving a PUT request.
The hidden form field is used when posting from a <form>. Backbone uses javascript.
So I have a webpage, ("http://data.terapeak.com/verify/") and I don't see any & tags in the URL so I am unaware how to post data to this. I need to do this via HTTPRequest rather than browser control. I am creating a double threaded batch searching program. I have already successfully made this using a single browser control but that wont allow for multi-threading, atleast with my current knowledge due to the fact that even when creating a new frmBrw that already exists it needs for me to set the threat apartment to single. If i set it to single, I am unable to have it send the data the the excel sheet I need both threads to access. I hope this is clear... The basic question is how can I log into this form via HTTP request.
This isn't going to be easy to answer without further details however I suspect you'll need to provide the variables via a HTTP POST request.
Can you successfully login to this page in your browser? If so, run a proxy tool such as fiddler and check the HTTP headers it makes to the server. You should see the form variables being passed over. You then need to mimic this in code.
How to: Send Data Using the WebRequest Class
Hope this gets you started
I want to be able to send a simple http post from my firefox extension to my ASP.NET application. From the client side, I have used XMLHTTPRequest by sending the post with the url: http://localhost:15227 which is the url on my ASP.NET app.
What do I need to do to receive a remote request from ASP.NET please?
thanks
This page from Apple has a pretty good example of how to send/receive data using a raw XmlHttpReqeust object (as opposed to a JavaScript library).
You can get the value of the response from the responseText property once you know the response came back successfully. Specifically take a look at where the processReqChange function is defined, your code will go in there (or your equivalent of that function).
If you want to explore JavaScript frameworks, take a look at how much less code you need if you use jQuery get (for example).
Selenium (RC) is being used to test an ASP.NET 1.1 site.
When we make a request via Selenium RC (which in turn automates the request via a configured browser - in this case Firefox) the http verb is "HEAD". We have several form action methods that have separate GET and POST methods decorated with AcceptVerbs(HttpVerbs.Get) or HttpVerbs.Post respectively. These methods are returning a 404 and logging a "a public action method could not be found" error message.
Questions:
When writing separate Get/Post action methods what is the best practice for handling the Head verb? Should we always decorate with an AcceptVerbs(HttpVerbs.Get | HttpVerbs.Head)?
Why is the HEAD verb being generated when Selenium RC is automating the browser in lieu of an If-Modified-Since header?
We've also seen log entries from (non-mainstream) crawlers that are using the HEAD verb. We created robots.txt entries to stop these crawlers from indexing the site, but now we're wondering what the best practice from an SEO perspective is as well. Is it important to respond to HEAD for crawlers? Are there mainstream crawlers that use it? Does it impact SEO rank?
Yes, I think that whenever you are restricting your requests to be GET only, you should always allow HEAD on them as well - in fact, I do think it should be built into the MVC framework (next thing on my todo list: raise the issue in MVC bug tracker that [HttpGet] attribute should somehow support HEAD verb)
I would like to know an answer to this too. In the meantime, there is a suggested workaround - pass 'true' as a second param to Selenium's open().
I don't think it impacts SERP ranking per se, however I can see how crawlers would not request the full page if HEAD gives a 404. According to the HTTP spec (RFC2616), "The HEAD method is identical to GET except that the server MUST NOT return a message-body in the response", so, if you are doing things right - it shouldn't be a problem to allow the method and avoid getting unlisted.
I am not gettng the RESTful thing. Yes, I know how to send a GET request to my app from my browser. It's through URL linking.
<a href="/user/someone">
And can also send POST requests through form method.
<form method="post">
Beside that I know browsers sometimes send HEAD command to figure out page status, but on which the end user has no control.
Then what are those DELETE and PUT commands I am reading of? How do you send, for example a DELETE command from your browser to your RESTful application?
The HTML 4.01 specification describes only GET and POST as valid values for the method attribute. So in HTML there is no way of describing other methods than this by now.
But the HTML 5 specification (currently just a working draft) does name PUT and DELETE as valid values.
Taking a look into the XMLHttpRequest object specification (currently just a working draft too) used for asynchronous requests in JavaScript (AJAX), it supports the PUT and DELETE methods too, but doesn’t say anything about the actual support by current browsers.
To simulate PUT and DELETE, frameworks like Rails instead build forms like this:
<form action="/users/1/delete" method="post">
<input type="hidden" name="_method" value="delete" />
<input type="submit" value="Delete user 1" />
</form>
This is actually a POST form, but using the hidden _method input to tell the server which method was really intended. You could implement this support on any other web framework as well.
#C Moran is right: if you want to be truly RESTful, a browser isn't an ideal client, due in part to the lack HTTP methods beyond GET and POST. However, if you really want to do it from a browser, you can use AJAX to send PUTs and DELETEs, e.g. YUI's Connection Manager allows you specify any of the following HTTP methods:
GET
POST
HEAD
PUT
DELETE
I've heard that DELETE and PUT is not fully supported in all browsers (I didn't check it). Rails is doing workaround - it is sending POST with a hidden field containing real method. So it really uses only GET and POST and on server it reads this hidden field and reacts on it.
A POST doesn't have to be through a form. The best way to learn about this, and also GET, PUT and DELETE is to use a ReST client to make your HTTP requests and see the responses. I recommend you download the nifty little python client from http://restclient.org/
A browser is (as of now) not your best tool to use while you are acquainting yourself with ReST. A client like the one above will allow you to "see" your HTTP requests and responses.
Flash based applications (or Flex) can work on lower levels, like open sockets. They can also do PUT/DELETE (though Flex in particular is known to have problems with http headers.
So I guess I'm saying it depends on your client technology. In particular, you could embed a small flash object that would do the communication for you if your browser doesn't support it (or you don't want to implement cross-browser support).
DELETE and PUT are HTTP verbs, say REST commands that shall delete or update an object on the server.
Using them in the browser can be done in different ways. You can't send them through HTML, but you can send an JavaScript Ajax request, if you want to use them programmatically.
If you only want to explore the API or test some calls, and you want to do this from the browser, you can use browser plugins like RESTED for firefox.
For manual and automatic testing you can use Postman as a full featured API test environment.
On Windows, you can use the PowerShell script httprepl to send different HTTP RESTful API usages.