I'm using AWS API Gateway and passing the requests as HTTP Proxy to my nginx/php-fpm server.
on my server i print all the headers that arrived from the HTTP POST request.
on AWS:
added "Location" header under "Method Request" HTTP Request Headers
mapped "Location" header under "Integration Request" HTTP Headers:
Name: Location
Mapped from: method.request.header.Location
i'm using postman to send the POST request with additional headers but the header is not forwarded...any idea?
Can you see in the logs for the request (either in the console on the 'Test' page, or in CloudWatch Logs on the deployed API) if the headers are being sent to the endpoint? There should be verbose logs in the 'Test' page that tell you exactly what is being sent to/from the endpoint.
And is it all headers for you or just 'Location'?
Related
I just made an api with Laravel, and front with ReactJS, but I'm wondering how can I use payment getway in this project, I want to use this getway
What I tried:
$zarinpal = new Zarinpal('XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX');
$zarinpal->isZarinGate(); // active zarinGate mode
$results = $zarinpal->request(
"example.com/testVerify.php",
1000,
'testing',
'me#example.com',
'09000000000',
);
if (isset($results['Authority'])) {
file_put_contents('Authority', $results['Authority']);
$zarinpal->redirect();
}
It successfully get $results['Authority']) but it won't redirect to getway, clearly because I am using laravel as api, right? so how can I do this while I using api?
It give me this error:
Access to XMLHttpRequest at 'http://localhost:8000/api/deposit/agent'
from origin 'http://localhost:3000' has been blocked by CORS policy:
No 'Access-Control-Allow-Origin' header is present on the requested
resource.
POST http://localhost:8000/api/deposit/agent net::ERR_FAILED
But I don't have CORS issue on api request, it just give me this error on this action
It is not the problem of Payment Gate Way. Just the cross-origin header problem.
Cross-Origin Resource Sharing (CORS) is a mechanism that uses additional HTTP headers to tell browsers to give a web application running at one origin, access to selected resources from a different origin. A web application executes a cross-origin HTTP request when it requests a resource that has a different origin (domain, protocol, or port) from its own.
An example of a cross-origin request: the front-end JavaScript code served from https://domain-a.com uses XMLHttpRequest to make a request for https://domain-b.com/data.json.
For security reasons, browsers restrict cross-origin HTTP requests initiated from scripts. For example, XMLHttpRequest and the Fetch API follow the same-origin policy. This means that a web application using those APIs can only request resources from the same origin the application was loaded from unless the response from other origins includes the right CORS headers.
You can still send the header from a PHP script. It's a case of adding the following to your PHP scripts:
<?php
header("Access-Control-Allow-Origin: *");
?>
I am Currently Working on SSO Project. Like Google, we have accounts.domain.com as SSO Server. And we have three applications hosted on three different servers(application1.com,application2.com,,application3.com,).
Whenever the user wants to log in from those three applications then the user will be redirected to the SSO Server. If the login credential supplied by the user is correct means the SSO Server generates a JWT access token. Now the Generated token have to be attached to the user requested application response header and then the user will be redirected to the requested application along with the "Authorization: Bearer $token".
I am currently facing problem in attaching the generated token to the response header. I am currently using Slim 3 framework along with lcobucci/jwt for JWT token.
My Code :
$username = "Test";
$newResponse = $response->withHeader('Authorization' , "Bearer $token");
return $newResponse->withRedirect("http://application1.com/$username", 301);
When I debug the Response header in accounts.domain.com the Authorization header seems to be set. But on another end (application1.com) not receiving the Authorization Header.
Screenshots
Initial Request from application1.com
SSO Domain Redirect to grab the Cookie
Validate the Session by the Grabbed Cookie and attach the Auth Header attached
Authentication Success but no Authorization Headers Received
My Doubt is whether the problem is because of server configuration(apache2) in .htaccess file (or) my implementation itself is wrong.
Guide me to fix this error.
Environment Details :
Server : Apache 2
Framework : Slim 3
JWT : lcobucci/jwt package
A redirection in the HTTP protocol doesn't support adding any headers to the target location. It's basically just a header in itself and only allows for a URL.
It looks something like this:
HTTP/1.1 307 Temporary Redirect
Location: http://application1.com
When you are adding your Authorization header you are only sending that header back to the client:
HTTP/1.1 307 Temporary Redirect
Location: http://application1.com
Authorization: ...
When you are sending a response redirect and also set some header like Authorization, the browser will not forward this header to the site it is now redirecting to. If you are absolutely bent on passing some parameter to the site the browser will redirect to, you will have to pass that parameter as an URL query parameter.
I'm building an api that receives incoming webhooks from external parties. Post requests to my application lack a body in some cases. In my logs I see the incoming request with the following header:
Accept: */*
Content-Length:
Content-Type: application/json
As you can see the content-length is empty.
I cannot reproduce the problem. What I've tried thus far:
The request payload is only missing coming from a specific third party. If however, I provide this third party with a different callback url like request bin, the payload is not missing.
Connected this party source to our test environment. Which has exactly the same configuration (checked the entire php.ini) and the same version of our software. On our test server, requests are received with payload.
When sending post requests with Postman to our production environment, webhooks are received with payload.
Both test and production are https. I've tried sending http requests to our production server to see what happens, and I get an error as expected and no received headers in our logs.
Checked the php post_max_size, which is on 24M.
When creating a callback.php file in my public folder, and have the third party send it's webhooks to this destination, I am able to write the results to a log with the following code, which includes a payload. If I to output php://input later on in my Laravel application, it doesn't work:
$postdata = file_get_contents("php://input");
$file = fopen("webhook.log","w");
echo fwrite($file,$postdata);
fclose($file);
Both servers are running on the same php version (php7), and I am at a loss as to what to try next.
Found it! The problem was a port 80 to 443 redirect in a vhost configuration. I earlier dismissed redirects - which seem to be a common source of missing payloads in post requests - as possible cause; I had made a test script which succesfully received payloads on this very same server.
However, I had placed this test script in the servers public folder, which was not subject to the same redirects as was the root of my application. After removing the redirect, payloads where received as expected.
I am trying to upload a file using an (jquery) AJAX request but it fails and the response sent is
Request Rejected
The requested URL was rejected. Please consult with your administrator.
Your support ID is: xxxxxxxxxxxxxxx and provide steps to replicate the issue
I've tried to visit the URL using browser and that works fine.
Is there anything related with the AJAX request or is it entirely a server side issue? How can I solve this?
Your message is being generated by a Big IP ASM
When an Illegal HTTP status violation occurs, the BIG-IP ASM sends an HTTP blocking response page that includes the OWS Server header.
So the problem is not on your side, it's on the web server side.
When origin in request header is null, server doesn't allow request. read about CORS at http://en.wikipedia.org/wiki/Cross-origin_resource_sharing Cross Domain request can be allowed from php server as
header("Access-Control-Allow-Origin:*");
and enable all methods for request.
header("Access-Control-Allow-Methods: POST, GET, OPTIONS");
I have to integrate a 3rd party system into my PHP app. I'm using cURL. The documentation says I have to send a soap envelope to the server, but in their example I found the following HTTP header as a correct request:
POST /CLI/ HTTP/1.1
Host: example.com
What's that CLI in the header? How can I send such a request from PHP?
Thanks for your help.
It's just the resource being requested,
GET /index.php
POST /index.php
IN your case: POST http://example.com/CLI/
http://en.wikipedia.org/wiki/Hypertext_Transfer_Protocol