In Angular.js Is it possible to implement a wrapper that will execute whenever a AJAX post request is made and gets a 401 HTTP response?
My web app makes dozens of RESTful requests to the server. If their login session expires the server returns a HTTP 401 response. Now, that doesn't trigger the 'fail' function of the post request (annoyingly). But even if it did, I don't want to now edit dozens of RESTful requests functions and have them check if the error response == 401 then refresh the page (to force the user to re-login).
I just want to implement a POST wrapper that will affect all current and future requests. Is this possible?
Related
My website uses Forms authentication. If I make ajax calls to my web service and the user's authentication has expired, I would expect the error routine in my ajax call to be called. However in MS Edge I see a console log of:
HTTP401: DENIED - The requested resource requires user authentication
(XHR) POST - http://mywebserviceurl
I then see the success routine in my ajax call triggered with a responseText of the whole of the html for my website home page.
Is this expected behaviour or have I misinterpreted what is going on?
I am trying to get round this by checking whether the user is logged in before I make the ajax call but this feels like it should be unnecessary.
Say I send a request to www.a.com and it returns 302 and redirect to location www.a.com/net/test.do,since it is an API, I would like to parse the response from this request, any way to do this?
Actually, what you can't do (in the browser) is get the 302 response. The second one is the only one you'd get. That behaviour is on purpose, as stated in the Fetch API spec:
Redirects (a response whose status or internal response’s (if any) status is a redirect status) are not exposed to APIs. Exposing redirects might leak information not otherwise available through a cross-site scripting attack.
In node.js, you can stop following redirects whenever you like.
I've a JS (Angular) client that makes a PUT request (REST API) to server and server sends back a large payload that I'm not using in the client currently.
Is there a way to just fire the request and ignore any response that comes back? The main need here is to avoid the data cost incurred by receiving that payload. I've looked at closing the connection once the request is fired, but am not sure if that's the best way to handle this.
If able, I think the only way to change this would be to change the api endpoint to not include a payload from the put request.
I'm assuming you are using angular's http class and using Observables. But even if you aren't, your angular client is going to need to read the response status sent back from the server to determine whether or not the put request was successful or not. In order to read the status, you'll need to response, and unfortunately the full response sent from the server.
You could close the connection right after the request, but as I've mentioned you'll have no way of knowing whether or not the request was successful.
To ignore the request just don't do anything if the request is successful.
If you don't want the request to exist at all then do it on the backend.
I am trying to access Adyen test API that requires basic authentication credentials. https://docs.adyen.com/developers/ecommerce-integration
My credentials work when accessing the API page through browser.
But I get an 401 Unauthorized response when trying to access the API with XMLHttpRequest POST request.
Javascript Code
var url = "https://pal-test.adyen.com/pal/servlet/Payment/v25/authorise";
var username = "ws#Company.CompanyName";
var password = "J}5fJ6+?e6&lh/Zb0>r5y2W5t";
var base64Credentials = btoa(username+":"+password);
var xhttp = new XMLHttpRequest();
xhttp.open("POST", url, true);
xhttp.setRequestHeader("content-type", "application/json");
xhttp.setRequestHeader("Authorization", "Basic " + base64Credentials);
var requestParams = XXXXXXXX;
xhttp.send(requestParams);
Result
That screenshot shows “Request Method: OPTIONS”, which indicates the details displayed are for a CORS preflight OPTIONS request automatically made by your browser—not for your POST.
Your browser doesn’t (and can’t) send the Authorization header when it makes that OPTIONS request, and that causes the preflight to fail, so the browser never moves on to trying your POST.
As long as https://pal-test.adyen.com/pal/servlet/Payment/v25/authorise requires authentication for OPTIONS requests, there’s no way you can make a successful POST to it.
The reason is because what’s happening here is this:
Your code tells your browser it wants to send a request with the Authorization header.
Your browser says, OK, requests with the Authorization header require me to do a CORS preflight OPTIONS to make sure the server allows requests with that header.
Your browser sends the OPTIONS request to the server without the Authorization header—because the whole purpose of the OPTIONS check is to see if it’s OK to send that.
That server sees the OPTIONS request but instead of responding to it in a way that indicates it allows Authorization in requests, it rejects it with a 401 since it lacks that header.
Your browser expects a 200 or 204 response for the CORS preflight but instead gets that 401 response. So your browser stops right there and never tries the POST request from your code.
The PAL is a Payment Authorisation API. You never want to call it from a browser. You only want to expose your username and password to send in payments in your backend code.
In Client-side encryption, the encryption is done in the browser. You then send the encrypted data to your own server. On your server you then create a payment authorization request (of which the encrypted data is one of the elements, along side payment amount, etc).
If you would be able to manage to make this run from your browser, your end solution will allow your shoppers to change amounts, currency's, payment meta data etc from the JavaScript layer. This should never be the case.
The authorization is for that reason part of the "Server side" integration part of documentation: https://docs.adyen.com/developers/ecommerce-integration?ecommerce=ecommerce-integration#serverside
Depending on your server side landscape the CURL implementation in your favorite language differs, but most of the time are easy to find.
Kind regards,
Arnoud
I make an http.post request from Angular to an api from backend.After post i make a redirect to another page.Redirect doesn't work..I want to make redirect from backend.Does anyone another method to redirect?
How do you expect a redirect to work in the context of an ajax request??
The server is responding a 3XX response in the context of your ajax request, so your application has the burden of how to handle that response.
Your application can handle the redirect by assigning window.location if a redirect is applicable.