I'm sending this header in the responses:
Reporting-Endpoints: default="https://example.com/error-reports"
Then, I tested doing the following on page loads:
document.domain = "example.com";
On the error-reports endpoint, I have the following code:
log_to_file(var_dump_return($_REQUEST));
log_to_file(var_dump_return(file_get_contents('php://input')));
(log_to_file and var_dump_return are custom functions that are very well tested in the past. In the code above, I'm basically logging the $_REQUEST and php://input to a file)
And what's being logged is:
array(0) {
}
string(0) ""
Is there any way I can see the exact HTTP request that Google Chrome invokes to this endpoint?
I'm not understanding how to see the payload of these requests.
Related
I am writing a PHP REST API and trying to redirect a POST request to the GET of the new resource, but when I change the location with header() it stays on the post request. In this isolated example, it goes into a redirect loop both on my live deployment and locally on my PHP built-in web server.
<?php
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
http_response_code(303);
header("HTTP/1.1 303 See Other");
header("Location: {$_SERVER['REQUEST_URI']}", true, 303);
exit();
}
if ($_SERVER['REQUEST_METHOD'] === 'GET') {
echo "Hello World!";
}
When I make a request from Postman, I get the following:
Error: Exceeded maxRedirects. Probably stuck in a redirect loop
I expect "Hello World!" to be echoed to the browser, and I only get this expected output when I run the built-in web server directly on my file: php -S localhost:8000 api/test.php
Shouldn't the request method change to GET when I add and replace a location header?
The issue was the Postman client I was using. I needed to switch off Follow original HTTP Method in order for the request to do the default behavior of switching from POST to GET. And indeed, it works in the browser from the Network tab of the Developer tools.
I am trying to list files from google drive folder.
If I use jquery I can successfully get my results:
var url = "https://www.googleapis.com/drive/v3/files?q='" + FOLDER_ID + "'+in+parents&key=" + API_KEY;
$.ajax({
url: url,
dataType: "jsonp"
}).done(function(response) {
//I get my results successfully
});
However I would like to get this results with php, but when I run this:
$url = 'https://www.googleapis.com/drive/v3/files?q='.$FOLDER_ID.'+in+parents&key='.$API_KEY;
$content = file_get_contents($url);
$response = json_decode($content, true);
echo json_encode($response);
exit;
I get an error:
file_get_contents(...): failed to open stream: HTTP request failed! HTTP/1.0 403 Forbidden
If I run this in browser:
https://www.googleapis.com/drive/v3/files?q={FOLDER_ID}+in+parents&key={API_KEY}
I get:
The request did not specify any referer. Please ensure that the client is sending referer or use the API Console to remove the referer restrictions.
I have set up referrers for my website and localhost in google developers console.
Can someone explain me what is the difference between jquery and php call and why does php call fails?
It's either the headers or the cookies.
When you conduct the request using jQuery, the user agent, IP and extra headers of the user are sent to Google, as well as the user's cookies (which allow the user to stay logged in). When you do it using PHP this data is missing because you, the server, becomes the one who sends the data, not the user, nor the user's browser.
It might be that Google blocks requests with invalid user-agents as a first line of defense, or that you need to be logged in.
Try conducting the same jQuery AJAX request while you're logged out. If it didn't work, you know your problem.
Otherwise, you need to alter the headers. Take a look at this: PHP file_get_contents() and setting request headers. Of course, you'll need to do some trial-and-error to figure out which missing header allows the request to go through.
Regarding the referrer, jQuery works because the referrer header is set as the page you're currently on. When you go to the page directly there's no referrer header. PHP requests made using file_get_contents have no referrer because it doesn't make much sense for them to have any.
When I do a GET request for a url on my laravel web app, I do the following in my controller to retrieve a custom header:
Request::header('customheader');
This value is always blank, though the header is clearly visible in Chrome Developer Tools in the Request Headers
While troubleshooting I tried using a standard header: Connection
Looking at the request headers, I expected the following:
Request::header('Connection') == "keep-alive"
What is super weird is that this instead returned "close" aka, the value of Connection in the Response Headers. This explains why my custom header is showing up empty (it is not in the response, but the request).
So what gives? The Laravel docs clearly state that this is the way to retreive REQUEST headers.
http://laravel.com/docs/4.2/requests#request-information
Any soltuions to get what I want?
edit: $_SERVER["HTTP_HEADER_NAME"] as proposed in https://stackoverflow.com/a/541450/1800023 gives me the same results. The values are those from the RESPONSE headers.
I am using the following cURL request to localhost which runs fine:
curl -u admin:e4d4face52f2e3dc22b43b2145ed7c58ce66e26b384d73592c -d "{\"jsonrpc\": \"2.0\", \"method\": \"feed.list\", \"id\": 1}" http://localhost/minifluxR/jsonrpc.php
But when I send the same request using Postman instead of cURL, I am getting:
{"jsonrpc":"2.0","id":null,"error":{"code":-32700,"message":"Parse error"}}
In Postman I used a GET request and sent the following as headers:
url:http://localhost/minifluxR/jsonrpc.php
username:admin
api_token:e4d4face52f2e3dc22b43b2145ed7c58ce66e26b384d73592c
method: feed.list
The following is the PHP function I am trying to trigger:
$server = new Server;
$server->authentication(array(
\Model\Config\get('username') => \Model\Config\get('api_token')
));
// Get all feeds
$server->register('feed.list', function () {
return Model\Feed\get_all();
});
Please help me to correct these errors.
When using cURL, the -u option (or --user) is used to supply the credentials for HTTP Basic authentication. This sets the Authorization header to contain the necessary data to authenticate with the server.
These steps apply to Postman's packaged app. For steps for the legacy app, view this of revision this answer.
To use HTTP Basic authentication as you were in your cURL command, click the Authorization tab and enter your credentials. Clicking Update Request will add the necessary Authorization header for you.
To submit the JSON data in the same way that you did with cURL, use a POST request, select raw under the Body tab, and enter your data like so:
To debug this I used Fiddler - a free web debugging proxy.
I used cURL's --proxy option to make it send its requests through Fiddler like so:
curl \
--proxy http://localhost:8888 \
-u foo:bar \
-d "{\"jsonrpc\": \"2.0\", \"method\": \"feed.list\", \"id\": 1}" \
http://localhost
Now that the request goes through Fiddler, I can select it from the session list, and use the "raw" inspector to see the raw request:
This shows me that the cURL is making a POST request with HTTP Basic authentication and application/x-www-form-urlencoded content. This type of data normally consists of keys and values, such as foo=bar&hoge=fuga. However, this cURL request is submitting a key without a value. A call to var_dump($_POST) will yield the following:
With a = at the end of the data (like so: {"jsonrpc": "2.0", "method": "feed.list", "id": 1}=) the var_dump will yield the following:
However, it seems that JsonRPC will use file_get_contents('php://input') in your case. This returns the data that was submitted with the request, including a =, if the data ends with it. Because it will try to parse the input data as a JSON string, it will fail if the string ends with a =, because that would be invalid JSON.
Using the FoxyProxy extension for Chrome, I created a proxy configuration for Fiddler (127.0.0.1:8888), which allowed me to easily debug the data being sent by Postman's POST request. Using x-www-form-urlencoded with a key of foo with no value, the data sent was actually foo=, which would result in your JSON string being invalid.
However, using "raw" input will allow for the specified data to be sent without a = being added to the end of it, thus ensuring the data is valid JSON.
Curl is using HTTP Basic authentication by default. Your headers set in Postman are something different. Try using Basic Auth in Postman. It is in top panel, you fill in username and password and authorization header will be generated.
I'm writing a very basic Facebook app, but I'm encountering an issue with cross-domain AJAX requests (using jQuery).
I've written a proxy page to make requests to the graph via cURL that I'm calling via AJAX. I can visit the page in the browser and see it has the correct output, but requesting the page via always causes jQuery to fire the error handler callback.
So I have two files:
Proxy, which does the cURL request
<?php
//Do some cURL requests, manipulate some data
//return it as JSON
print json_encode($data);
?>
The facebook canvas, which contains this AJAX call
$.getJSON("http://myDomain.com/proxy.php?get=stuff",
function(JSON)
{
alert("success");
})
.error(function(err)
{
alert("err");
});
Inspecting the call with Firebug shows it returns with HTTP code 200 OK, but the error handler is always fired, and no content is returned. This happens whether I set Content-Type: application/json or not.
I have written JSON-returning APIs in PHP before using AJAX and never had this trouble.
What could be causing the request to always trigger the error handler?
Recently I experienced the same issue and my problem was the fact that there was a domain difference between the webpage and the API, due to the SSL.
The web page got a HTTP address (http://myDomain.com) and the content I was requesting with JQuery was on the same domain but HTTPS protocol (https://myDomain.com). The browser (Chrome in this case) considered that the domains were differents (the first one with HTTP, the second one with HTTPS), just because of the protocol, and because the request response type was "application/json", the browser did not allowed it.
Basically, the request worked fine, but your browser did not allowed the response content.
I had to add a "Access-Control-Allow-Origin" header to make it work. If you're in the same case, have a look there: https://developer.mozilla.org/en/http_access_control.
I hope that'll help you, I got a headache myself.