I have a simple node http server set up currently, I'm trying to build the server so that it only accepts post requests from certain domains. I'm trying to get the domain of the server that made a post request to my node server but can't quite figure it out.
In my test environment, I am making the post request from localhost:3000 to my node server which is running on localhost:9220. I have been examining the req object but can't seem to find localhost:3000 mentioned anywhere in it.
http.createServer(function (req, res) {
if(req.method == 'POST')
{
// Here is where I want to find the domain of the server
// making the request
{
}).listen(9220);
It's probably simple but I am having trouble
thanks for the help!
There is no way to do this reliably.
If you make a cross-origin Ajax request, a browser will add an Origin header to it. If you submit a form, a browser might add a Referer header to it.
Related
I am trying to integrate Yammer API in my Vue.JS project, for Http calls I am using Vue-Resource plugin. While making GET Http call to get posts from Yammer it gives me following error -
Response to preflight request doesn't pass access control check: No
'Access-Control-Allow-Origin' header is present on the requested
resource.
I tried postman tool and that gives successful response, but when I try to run the same thing in my Vue.JS project using Vue-Resource plugin it wont work.
The Vue.JS code snippet -
function(){
this.$http.get("https://www.yammer.com/api/v1/messages/my_feed.json").then((data)=>{
console.log(data);
});
In main.vue file i have -
Vue.http.interceptors.push((request, next) => {
request.headers.set('Authorization', 'Bearer my_yammer_token')
request.headers.set('Accept', '*/*')
next()
})
Then I tried the code snippets provided by Postman tool for jquery, that too not working.
jQuery code -
var settings = {
"url": "https://www.yammer.com/api/v1/messages/my_feed.json",
"method": "GET",
"timeout": 0,
"headers": {
"Authorization": "Bearer my_yammer_token",
"Cookie": "yamtrak_id=some_token; _session=some_token"
},
};
$.ajax(settings).done(function (response) {
console.log(response);
});
Though, I found similar questions but nothing worked for me.
I am working this to resolve from last 2 days but getting failed again and again. Please guide/help me.
A browser has higher security requirements than a request in PostMan. In a browser, you are only allowed to make XHR requests to your own current host (combination of domain + port) but not to other remote hosts. To nevertheless make a request to a remote host, you can use the browser built-in CORS. By using this, your browser makes a pre-flight request to the remote host to ask if the current page is allowed to request from that host. This is done via the Access-Control response headers. In your case, this header is probably missing or not allowing your page to access, which is why the request does not go through. Please read further into that topic.
However, in your case, using CORS probably won't be a solution for two reasons: To use CORS, the remote host must present a header which allows every requesting host (*) or your specific one. If you cannot set that setting anywhere on the remote host, it won't work. Second, it is not safe to place your authorization token into client-side JavaScript code. Everybody can just read your JS code and extract the authorization token. For that reason, you usually make the actual API call from the server-side and then pass the data to the client. You can use your own authentication/authorization against your server and then use the static authorization key on the server to request the data from the remote host. In that case, you'll never expose the authorization key to your user. Also, on the server-side, you do not have to deal with CORS as it works just like PostMan or curl as opposed to a browser.
The npm-request library allows me to construct HTTP requests using a nice JSON-style syntax, like this.
request.post(
{
url: 'https://my.own.service/api/route',
formData: {
firstName: 'John',
lastName: 'Smith'
}
},
(err, response, body) => {
console.log(body)
}
);
But for troubleshooting, I really need to see the HTTP message body of the request as it would appear on the wire. Ideally I'm looking for a raw bytes representation with a Node.js Buffer object. It seems easy to get this for the response, but not the request. I'm particularly interested in multipart/form-data.
I've looked through the documentation and GitHub issues and can't figure it out.
Simplest way to do this is to start a netcat server on any port:
$ nc -l -p 8080
and change the URL to localhost in your code:
https://localhost:8080/v1beta1/text:synthesize?key=API_KEY
Now, any requests made will print the entire, raw HTTP message sent to the localhost server.
Obviously, you won't be able to see the response, but the entire raw request data will be available for you to inspect in the terminal you have netcat running
I figured out how to dump the HTTP message body with Request. In both cases, I'm just copying the same approach that request uses internally.
Multipart Form Uploads
req._form.pipe(process.stdout);
URL-encoded Forms
console.log(req.body);
You could try #jfriend00 suggestion an use a network sniffer like wireshark but as you're fetching an https URL this might not be the easiest route as it requires some setup to intercept TLS connections.
So maybe it would be enough turning on debug mode for the request module itself, you can do that by simply setting require('request').debug = true. As a third option you could go with the dedicated debug module for request here which allows you to view request and response headers and bodies.
I can think of a number of ways to see the bytes of the request:
Turn on debugging in the request module. There are multiple ways to do that documented here including setting NODE_DEBUG=request or require('request').debug = true or using the request-debug module.
Use a network sniffer to see what's actually being sent over the socket, independent of your node.js code.
Create your own dummy http server that does nothing but log the exact incoming request and send your same request to that dummy server so it can log it for you.
Create or use a proxy (like nginx) that can dump the exact incoming request before forwarding it on to its final destination and send the request to the proxy.
Step through the sending of the request in the debugger to see exactly what it is writing to the socket (this may be time consuming, particularly with async callbacks, but will eventually work).
you could use a nodejs server capable of logging the raw request/response string , then direct your request to that server
i gave an example using both http and https server - no dependencies
nodejs getting raw https request and response
A software that i'm using(https://camlytics.com/) sends a request to a webhook whenever a particular event occurs, now i want to process that request but the problem is that the request is sent with the following headers as empty
content-length
content-type
Due to this reason my node code completely ignores the request. I have verified that the request is actually being sent via creating a webhook # webhook.site.
I fail to understand if webhook.site can show and process that request, why cant node do it? the code easily processes all other get requests.
Would appreciate if someone could either
help me process the request as in make it accessible via the code
if somone with experience on camlytics help me configure it in such a way that i can configure the headers of the request.
I have tried this on serverless azure function which is supposed to trigger for all HTTP requests but event that doesnt trigger, neither does it trigger on my local NODE server.
This is the request details that webhook.site shows me
Camlytics webhooks seem to work OK if you add Content-Type application/json to the Headers properties box for the HTTP Response node.
I'm trying to set up a site to access CORS-enabled data on my server. My server has an access-control-allow-origin header of www.mysite.com, while the request is coming from a source with an origin header of www.mysite.com:444. The request is a GET request that's trying to fetch some data from my server, which has been set up to serve data to a portion of my app running in an iframe elsewhere on the site.
This request is getting blocked, unfortunately. How can I successfully make this request? Is there a way for me to take the port number off of my origin header, or do I need to modify the access-control-allow-origin header on my server? (And if that's the case, how should I go about doing so?)
You can't edit that header on the client side, that would defeat the point of this security header.
Why not just allow www.mysite.com:444 fully on the server ?
All you need is this on the server:
Access-Control-Allow-Origin: http://www.example.com:444
What I need to do is simple node.js http echo server. However, servers that I found on node website and on some other places either don't work how I would like or I don't understand how they work.
I used this simple echo server and on my client side (written in java) I don't get the results I would want to.
var http = require('http');
http.createServer(function(request,response){
response.writeHead(200);
request.pipe(response);
}).listen(8080);
I would like my server to make a response consisting of response header and response body where I would have the whole http request that my client sent and got back. Client side is measuring time from sending a request and getting a whole response back. Client is also writing a response body to a file.
When I try using something like
response.write(request.url);
I get the request.url in the response body and it works but I would like to have the whole http request inside.
Any help would be appreciated.
use:
response.write(JSON.stringify(request.headers))
Add response.end() when done:
http.createServer(function(request,response){
response.writeHead(200)
request.pipe(response)
response.end()
}).listen(8080)
well you are trying to pipe the request to the response which doesn't make sense and doesn't work. I'd advice you to use the connect or express module. Then you can do this; response.status(200).send("Very Awesome").end().