I'm facing a strange behaviour while working with a web-service.
Most of the URLs send me back a correct json response even if I work with urlencode().
So, for example, if I use http://mywebservice/?q=json_themes_abc%2F254 or http://mywebservice/?q=json_themes_abc/254, I'll get the same response.
But, only for one type of request, http://mywebservice/?q=json_demarches/2808 works and not http://mywebservice/?q=json_demarches%2F2808.
It happens only with ?q=json_demarches requests.
Does someone have a clue? Is the problem in my side or their? I read something about turning on “AllowEncodedSlashes” directive in their Apache but wouldn't be a general issue with all their URL if so?
Thanks in advance.
Related
I'm using onlyoffice to convert a file from docx to pdf (Documentation here : https://api.onlyoffice.com/editors/conversionapi).
I use curl to execute the example, and it works. I get the file url back, but the only issue is that when I try using this url (in a browser or downloading with file_get_contents), I have a 403 error.
There is nothing in the documentation that speak about the next steps post conversion, so I was wondering if someone could give me a hint. Is there an api method undocumented or something like that ?
Thanks
I get the file url back, but the only issue is that when I try using
this url
Please make sure that you use the link with all parameters. secure_link should also be included into the download link. If that doesn't help send us the link that you get.
The url in the xml back is sent back with html characters in it.
htmlspecialchars_decode on the url resolved my issue.
I am trying to pass some parameters after # in the url like http://developer.rohitkhatri.com/test.php#embed=sdkhfjshdkfhhjk, But I don't know how to access it, I tried many solution from the stackoverflow, here are some examples what I've tried:
$_SERVER['REQUEST_URI'] gives me /test.php
$_SERVER['QUERY_STRING'] gives empty string
$_SERVER['HTTP_REFERER'] gives empty string
also tried printing the whole $_SERVER array but I did not find anything useful.
Any help is appreciated.
Well, there's no way to achieve this, because the part you are trying to access using the php, never goes to the server, what you can do is, just grab the part using the javascript and send it the the server.
Like there can be a middle page, which will redirect to the final url, and while redirecting, It can grab the part after # and send it using ajax.
The browser doesn't send anything that comes after the hash(#) to the server because it is resolved within the browser. You can try by mentioned code.
$hash = '<script>document.write(document.location.hash)</script>';
echo $hash;
output :
//#embed=sdkhfjshdkfhhjk
I'm developing a Laravel Web Service.
When I try my POST routes with web forms, everything works fine, but when I try the same with a REST Client like Postman it doesn't get me the response that should.
It gives me status code 302, and redirects to "/". What's the problem?
This might be useful for other users that having the same problem cannot solve it with the accepted solution.
Make sure that the form fields names for instance <input type="text" name="document_name"> (document_name), match the names of the rules fields declared in the model.
public static $rules = ['document_name' => 'required|string'];
It doesn't throw any errors, nothing in the logs, it just redirects to the form, therefore the difficulty to find the problem.
When you try to POST request by Postman,you need to add _token field and it's value which is used to be protect XSS attack.See https://laravel.com/docs/5.2/routing#csrf-protection
When visiting the endpoint using Postman, set the Header
Accept: application/json
or Laravel would never know it's an API client and thus redirect with 302 message.
It's the mechanism for latest Laravel version since they provide api.php router beside web.php router.
Http status code 302 is used for redirection. It can be due to server side problem, Please check your laravel project's error log file or apache's error log file.
it looks like in postman you should point that the data you send is 'x-www-url-formurlencoded'
I have a problem with server and too upset and don't know what to do, never met such problem.
The index2.php file is ok and working, but when I add $_GET it doesn't find the file.
For example index2.php works, but index2.php&p=1 doesn't work or index2.php&t=2 or any &, doesn't work.
It says:
Not Found
The requested URL /index2.php&p=2 was not found on this server.
Additionally, a 404 Not Found error was encountered while trying to
use an ErrorDocument to handle the request.
Does anybody know what's going on?
try index2.php?p=1 i.e whenever you are using query string to pass parameters use ? mark and if you are passing more than one parameter then use & operator to pass multiple parameters.
I'm having issues with jquery's $.post function, and (what I think) the cross-domain security thing.
The weird part is that the page I'm trying to post to, is in the same directory as the page that sends the post.
This is the javascript code of 'latest.php', the file that makes the post request:
$.post("upload.php", { base64: fCanvas, description: description }, function(data){
// some things happen here
});
upload.php is a php script that uploads the content of the base64 variable to Tumblr.
The javascript console shows a 403 Forbidden error. I tried chmodding -777 'upload.php', but that didn't change anything.
Using $.get instead of $.post works, but is undesired due to security reasons, and the length limit of $get data (I'm sending a base64 encoded image).
EDIT: I changed one of the $.get requests on 'latest.php' to a $.post one, and it's working...
$.post("base64.php", { url: t_url },
function(data){
data = "data:image/gif;base64,"+data;
draw(data);
});
So, I'm completely clueless of what's going wrong.
403 Forbidden is a server-generated response and has nothing to do with the "Same Origin Policy". Can't really offer any help further than that, but it's going to be configuration related - not a cross-domain issue.
Edit: I was going to suggest that it was a lack of execute permissions, but you already did the 777 chmod, and you can hit it with a GET, which is kind of perplexing. For the sake of not being completely useless, here's a link that suggests you need to use 644 instead of 777.
Another suggestion: is mod_security enabled in your .htaccess (or other config)? It's known to be unfriendly towards form values that contain stuff like markup/urls or other potential XSS attempts.
Well. I got it working.
I tried sending a smaller (still base64-encoded) image to my upload.php script, and it did the job. It appears that jQuery's post function can't handle large (thats relative, it's just a 640x453 image) amounts of data.
I solved the problem by using a XMLHttpRequest() instead. It works like a charm.
If anybody knows the exact problem with jQuery's Ajax, please let me know, because I still don't know exactly why my data caused a HTTP Forbidden error.
hi the forbidden error it's because uses post method and in the server side CORS are not implemented to work with Client CORS
check mod_security with your hosting provider!
the most issues similar to this solved when whitelisted or disabled it!
Try using a absolute link (has worked for me).