Hello I have found a parameter in my request header, but I don't know what it is.
Here I give you a sample of my header and the X-MAC parameter that is at the end:
authority: carper-example-api.examplecarper.com
method: POST
path: /auth/login
:scheme: https
accept: */*
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9,es;q=0.8
content-length: 52
content-type: application/json
origin: https://play.example.com
referer: https://play.example.com/
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: same-site
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
x-mac: CEcEdtgZ+hlSIDk+dM/58munhvmsBvQNV6xjDfwRhZ44Q2Ten7H87xtqk0QjFb42f9OKeMDvaTzkJSs/asspMbpRielgAVSYpBJihWn4T0N7XrqTVhhbFhpnTCRBx5Niaetq9BeVS54AP8dO7VMMs1N1A99tbnlLtmk3rSzxeZU=
Did a little bit of research, it looks like it's a protocol for wireless sensor networks.
More can be found here, here and here
Related
Please help me to find an appropriate solution for Edge browser.
I found that Edge browser doesn't follow the Location header in case of HTTP 302 Found response both for GET and POST requests.
In short, the same code (see the explanation below):
works perfectly in FF/Chrome (all the headers are set for the initial call, the headers/cookies are set and sent for all redirected calls as well)
Edge browser ignores Location header / HTTP 302 response code (no redirect at all).
IE 11 browser ignores the header we set for the initial call (Content-Type) in the redirected call
page opened: https://example.com
async GET call made to https://some-service.io/login with custom headers set
Content-Type = application/json; charset=utf-8
X-Header = http://some-service.io/xxx-yyy-zzz
Note: different domains are used for the page and for the service
and with withCredentials enabled because of CORS, data attribute has an empty object (for axios call) or some dummy data (for javascript call) as we had an issue in Chrome/FF with headers for the redirected call:
Javascript version
function httpGetAsync(url, method, callback) {
var xmlHttp = new XMLHttpRequest();
xmlHttp.onreadystatechange = function ()
{
if (xmlHttp.readyState == XMLHttpRequest.DONE && xmlHttp.status == 200) {
console.log('DONE');
callback(xmlHttp.readyState + ':' + xmlHttp.status + ':' + xmlHttp.response);
return;
}
console.log(xmlHttp.readyState + ':' + xmlHttp.status + ':' + xmlHttp.response);
var headers = xmlHttp.getAllResponseHeaders();
console.log('headers: ' + headers.toString());
}
xmlHttp.open(method, url, true); // true for asynchronous
xmlHttp.withCredentials = true;
xmlHttp.setRequestHeader('Accept', 'application/json');
xmlHttp.setRequestHeader('Content-Type', 'application/json;charset=UTF-8');
xmlHttp.setRequestHeader('X-Header', 'https://some-service.io/xxx-yyy-zzz');
xmlHttp.send("foo=bar&lorem=ipsum");
}
httpGetAsync('https://some-service.io/login', 'GET', function (response) {
console.log(response);
});
AXIOS version
...
defaultHeaders['Content-Type'] = 'application/json;charset=UTF-8';
defaultHeaders['X-Header'] = 'https://some-service.io/xxx-yyy-zzz';
...
axios({
method: 'GET',
url: 'https://some-service.io/login',
withCredentials: true,
headers: defaultHeaders,
data: {}
}).then(response => {
...
Server responds with HTTP 302, with Set-Cookie and Location: https://some-service.io/login/auth headers in the response, we need to send original headers and the cookies set with the redirected call to https://some-service.io/login/auth
For the redirected call to https://some-service.io/login/auth server responds with HTTP 200,
json-object returned in case if Content-Type is set in request headers:
Chrome/FF works perfectly, follow the redirects, the headers from the initial call are available for the redirected call as well, HTTP 200 returned with the valid json-object
Edge browser doesn't follow Location header value at all
IE 11 browser follow the redirect url from Location header but without Headers set in the initial call (added just for comparison)
RAW HTTP
Edge
-- OPTIONS (preflight)
OPTIONS https://some-service.io/login HTTP/1.1
Origin: https://example.com
Referer: https://example.com?uuid=38db98a3-f6f0-11e9-b2be-6814011b702b
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.18362
Access-Control-Request-Headers: content-type,database,dictionarydomain,language,site,x-referer-epay
Access-Control-Request-Method: GET
Accept: */*
Accept-Language: en-US,en;q=0.8,cs;q=0.6,ru;q=0.4,uk;q=0.2
Accept-Encoding: gzip, deflate, br
Host: some-service.io
Content-Length: 0
DNT: 1
Connection: Keep-Alive
Cache-Control: no-cache
-- GET Request
GET https://some-service.io/login HTTP/1.1
Origin: https://example.com
Referer: https://example.com?uuid=38db98a3-f6f0-11e9-b2be-6814011b702b
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.18362
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.8,cs;q=0.6,ru;q=0.4,uk;q=0.2
Content-Type: application/json;charset=UTF-8
X-Header: https://some-service.io/xxx-yyy-zzz
Accept-Encoding: gzip, deflate, br
Host: some-service.io
DNT: 1
Connection: Keep-Alive
-- GET Response
HTTP/1.1 302 Found
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://example.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Date: Tue, 10 Dec 2019 12:26:08 GMT
Expires: 0
Location: https://some-service.io/login/auth
Pragma: no-cache
Set-Cookie: JSESSIONID=CC10DD73C968C42C5A007D27342BF0B5; Path=/; Secure
Set-Cookie: __VCAP_ID__=32ee654d-2947-49e4-4909-9bc7; Path=/; HttpOnly; Secure
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-Vcap-Request-Id: ef27c9ae-fa5b-45b6-5c6a-9537b159e533
X-Xss-Protection: 1; mode=block
Content-Length: 0
Connection: keep-alive
-- GET Request for redirected call (https://some-service.io/login/auth, missing)
Chrome
-- OPTIONS (preflight)
OPTIONS https://some-service.io/login HTTP/1.1
Host: some-service.io
Connection: keep-alive
Access-Control-Request-Method: GET
Origin: https://example.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36
Access-Control-Request-Headers: content-type,database,dictionarydomain,language,site,x-referer-epay
Accept: */*
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Referer: https://example.com?uuid=38db98a3-f6f0-11e9-b2be-6814011b702b
Accept-Encoding: gzip, deflate, br
Accept-Language: en,ru-RU;q=0.9,ru;q=0.8,en-US;q=0.7,en-GB;q=0.6
-- GET Request
GET https://some-service.io/login HTTP/1.1
Host: some-service.io
Connection: keep-alive
Origin: https://example.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36
Content-Type: application/json;charset=UTF-8
Accept: application/json, text/plain, */*
X-Header: https://some-service.io/xxx-yyy-zzz
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Referer: https://example.com?uuid=38db98a3-f6f0-11e9-b2be-6814011b702b
Accept-Encoding: gzip, deflate, br
Accept-Language: en,ru-RU;q=0.9,ru;q=0.8,en-US;q=0.7,en-GB;q=0.6
Cookie: JSESSIONID=998B805DAF1BBA4C76AB930702C49131; __VCAP_ID__=a3ed6e06-6e23-43ad-469a-e848
-- GET Response
HTTP/1.1 302 Found
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://example.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Date: Tue, 10 Dec 2019 10:33:02 GMT
Expires: 0
Location: https://some-service.io/login/auth
Pragma: no-cache
Set-Cookie: __VCAP_ID__=32ee654d-2947-49e4-4909-9bc7; Path=/; HttpOnly
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-Vcap-Request-Id: e207bdaa-20a6-48a1-7f97-b0688d2f1f98
X-Xss-Protection: 1; mode=block
Content-Length: 0
Connection: keep-alive
-- GET Request for redirected call (https://some-service.io/login/auth)
GET https://some-service.io/login/auth HTTP/1.1
Host: some-service.io
Connection: keep-alive
Origin: https://example.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36
Content-Type: application/json;charset=UTF-8
Accept: application/json, text/plain, */*
Database: master
X-Header: https://some-service.io/xxx-yyy-zzz
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Referer: https://example.com?uuid=38db98a3-f6f0-11e9-b2be-6814011b702b
Accept-Encoding: gzip, deflate, br
Accept-Language: en,ru-RU;q=0.9,ru;q=0.8,en-US;q=0.7,en-GB;q=0.6
Cookie: JSESSIONID=998B805DAF1BBA4C76AB930702C49131; __VCAP_ID__=32ee654d-2947-49e4-4909-9bc7
-- GET Response
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://example.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Content-Type: application/json;charset=UTF-8
Date: Tue, 10 Dec 2019 10:35:35 GMT
Expires: 0
Pragma: no-cache
Set-Cookie: __VCAP_ID__=a3ed6e06-6e23-43ad-469a-e848; Path=/; HttpOnly
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-Vcap-Request-Id: ad084e82-1038-4953-5f40-cfcf4f4c10d3
X-Xss-Protection: 1; mode=block
Content-Length: 16
Connection: keep-alive
{"some-value":0}
Notes
the main difference between Edge and Chrome - these two headers
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Edge/18.18362
Chrome/78.0.3904.108
In order to mitigate CORS implementation differences for different browsers, I decided to move CORS requests from FE side to BE side.
Small transparent proxy has been implemented to serve requests from FE to BE and call Service from BE using RestClient (or HttpClient) component which works perfectly with CORS and redirected calls in comparison with direct calls from FE to Service.
I am setting up a server on ESP8266 WiFi module. Basic operation is, you request a URL. ESP serves that page. It has a form. You fill it in and click submit, and the browser sends POST request by AJAX. I am not using jQuery, just js. From Chrome dev-tools, it looks like all is well.
But on the ESP Server side, I noticed I am missing post data once in a while. After digging deep, I found this issue.
Ideal result from Chrome on my windows: And this works correctly. Post data comes in as expected.
+IPD,0,507:POST /wifi.htm HTTP/1.1
Host: 192.168.4.1
Connection: keep-alive
Content-Length: 63
Origin: http://192.168.4.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.143 Safari/537.36
Content-Type: text/plain;charset=UTF-8
Accept: */*
Referer: http://192.168.4.1/wifi.htm
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.8
AlexaToolbar-ALX_NS_PH: AlexaToolbar/alx-4.0
ethOrWiFi=1&ewln=1&dhcp=1&ssid=Esensors&key=tgfgfdgfdtrd&auth=4
But on my Mac Chrome, I see the following result.
+IPD,0,472:POST /wifi.htm HTTP/1.1
Host: 192.168.4.1
Connection: keep-alive
Content-Length: 63
Origin: http://192.168.4.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.143 Safari/537.36
Content-Type: text/plain;charset=UTF-8
Accept: */*
DNT: 1
Referer: http://192.168.4.1/wifi.htm
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.8,ml;q=0.6
AlexaToolbar-ALX_NS_PH: AlexaToolbar/alx-4.0
+IPD,0,63:ethOrWiFi=1&ewln=1&dhcp=1&ssid=Esensors&key=asdfasdfasdf&auth=4
And I can repeat this. The only different in each case is I am using Chrome on Windows as opposed to Chrome on Mac. To double check, I downloaded Chrome canary version and tried. The first request worked fine. From second request onwards, it shows this problem. Why is this happening? Any ideas? May be my laptop has issues? :)
Here are Chrome dev-tools info from Chrome on Mac (the one with the problem)
**Request Headers:**
POST /wifi.htm HTTP/1.1
Host: 192.168.4.1
Connection: keep-alive
Content-Length: 61
Origin: http://192.168.4.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.143 Safari/537.36
Content-Type: text/plain;charset=UTF-8
Accept: */*
DNT: 1
Referer: http://192.168.4.1/wifi.htm
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.8,ml;q=0.6
AlexaToolbar-ALX_NS_PH: AlexaToolbar/alx-4.0
**Request Payload**
ethOrWiFi=1&ewln=1&dhcp=1&ssid=Esensors&key=asdfasdfoi&auth=4
+IPD is the AT command that says data was received from the network. +IPD,0,63: is saying to receive 63 bytes from connection 0. That matches with your Content-Length header. Notice that it also appears at the beginning of the header portion of the request.
Your WiFi library on the ESP side is throwing that in. Here and on line 281 is the source code where it might be happening. There are a couple variables that affect whether or not the +IPD is added, maybe you have set or inadvertently changed one.
I want to make a post request using HttpClient or XMLHTTP similar to this.
POST http://www.indianrail.gov.in/cgi_bin/inet_trnnum_cgi.cgiHTTP/1.1
Host: www.indianrail.gov.in
Connection: keep-alive
Content-Length: 39
Cache-Control: max-age=0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Origin: http://www.indianrail.gov.in
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.101 Safari/537.36
Content-Type: application/x-www-form-urlencoded
Referer: http://www.indianrail.gov.in/train_Schedule.html
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.8
lccp_trnname=19329&getIt=Please+Wait...
Have seen the code sample of httpclient, but I didn't understand much from that.Typically facing the problem in setting the headers.Below is what I have tried.Also, want to know how to send the string( lccp_trnname=19329&getIt=Please+Wait...) to the server.
httpClient = new Windows.Web.Http.HttpClient();
httpClient.defaultRequestHeaders.host(new Windows.Networking.HostName("www.indianrail.gov.in"));
httpClient.defaultRequestHeaders.connection("keep-alive");
httpClient.defaultRequestHeaders.accept("text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8");
httpClient.defaultRequestHeaders.userAgent.parseAdd("Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0)");
httpClient.defaultRequestHeaders.referer("http://www.indianrail.gov.in/train_Schedule.html");
httpClient.defaultRequestHeaders.acceptEncoding("gzip, deflate");
httpClient.defaultRequestHeaders.acceptLanguage("en-US,en;q=0.8");
I am having a curious behaviour when it comes to XHR on a Windows phone (8.1, a Lumia 925).
I'm using a javascript library to perform some XHR requests (the Tin Can JS library), and it performs a PUT to an external URL setting some headers.
If I run the very same code as a web page on IE11, the request sends these headers:
Accept: */*, referer: http://169.254.80.80:8080/dest/
Authorization: Basic YTQwMTlhY2VlZTAyNTNmYjE4N2Q1ZTEwN2FiMWZhYWU5MmE5ZTk4YjozMWQ3OWZkMWI0NzU1OGMyNDdiMTlmNTVlN2VhZTgzNzNiNTk5NDBl, referer: http://169.254.80.80:8080/dest/
X-Experience-API-Version: 1.0.1, referer: http://169.254.80.80:8080/dest/
Content-Type: application/json, referer: http://169.254.80.80:8080/dest/
Referer: http://169.254.80.80:8080/dest/, referer: http://169.254.80.80:8080/dest/
Accept-Language: en-GB, referer: http://169.254.80.80:8080/dest/
Origin: http://169.254.80.80:8080, referer: http://169.254.80.80:8080/dest/
Accept-Encoding: gzip, deflate, referer: http://169.254.80.80:8080/dest/
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; rv:11.0) like Gecko, referer: http://169.254.80.80:8080/dest/
Host: testsrv.greenteam.it, referer: http://169.254.80.80:8080/dest/
Content-Length: 568, referer: http://169.254.80.80:8080/dest/
DNT: 1, referer: http://169.254.80.80:8080/dest/
Connection: Keep-Alive, referer: http://169.254.80.80:8080/dest/
Cache-Control: no-cache, referer: http://169.254.80.80:8080/dest/
If I run it on the Windows Phone, wrapped by Cordova, these are the headers:
Connection: Keep-Alive
Content-Length: 568
Reverse-Via: SRVGATEWAY
Content-Type: application/json
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows Phone 8.0; Trident/6.0; IEMobile/10.0; ARM; Touch; NOKIA; Lumia 925)
Host: testsrv.greenteam.it
Accept: */*
X-Experience-API-Version: 1.0.1
Accept-Language: en-US,en;q=0.8,it-IT;q=0.5,it;q=0.3
UA-CPU: ARM
Cache-Control: no-cache
What is notably missing is the Authorization header. I checked by console.log, and the appropriate xhr.setRequestHeader are performed even on the windows phone, but it seems like the header is thrown away or ignored.
I can't find what the cause of this may be, or a workaround.
I have an application posting to an asp.net MVC webservice via Ajax.
This seems to work like a champ in all browsers except IE 9. What could be causing this?
The javascript
console.log(data);
$.ajax
({
type: 'POST',
url: '//localhost:65201/User/CreateAsynch',
data: data,
cache: false,
success: function (response) {
// Do stuff
},
error: function (xhr, msg) {
// Do stuff
}});
The Controller
This is what happens when I post in IE vs other browsers (Chrome, in this example)
See how some of the values are populating?
Then there's IE9
Here's what the requests look like (from fiddler)
Chrome
POST http://localhost:65201/User/CreateAsynch HTTP/1.1
Host: localhost:65201
Connection: keep-alive
Content-Length: 184
Accept: */*
Origin: http://localhost:56076
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.93 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Referer: http://localhost:56076/retail/registrationform/index.html
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.8
Username=drew.j.wyatt%40gmail.com&FirstName=Drew&LastName=Wyatt&Email=drew.j.wyatt%40gmail.com&RawPassword=boom&RawConfirmPassword=boom&CountryCode=USA&UserTypeID=2&RegisterForStore=31
IE9
POST http://localhost:65201/User/CreateAsynch HTTP/1.1
Accept: */*
Origin: http://localhost:56076
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: localhost:65201
Content-Length: 184
DNT: 1
Connection: Keep-Alive
Pragma: no-cache
Username=drew.j.wyatt%40gmail.com&FirstName=Drew&LastName=Wyatt&Email=drew.j.wyatt%40gmail.com&RawPassword=boom&RawConfirmPassword=boom&CountryCode=USA&UserTypeID=2&RegisterForStore=31
What am I missing?