How to add request headers to window.open in javascript? - javascript

In my application I need to open a pdf in a new window. I'm making a window.open call for that. Mine is an MVC application. The url for the window.open contains my controller name and action method so that it will hit the respective action method.
But due to some reason, when I run with http request, I'm able to open the pdf, which means my controller call returns 200. But in the case of https, my controller throws a 302. Is there any solution for this?
One more thing which I found out is, when I compose the https request in Fiddler by adding some request headers to it, my controller returns 200. But I'm not able to add the request headers in window.open. Is there any way to do this?
I cannot go for a server side coding here. I have to complete it in the js itself.

Related

do a post request in between puppeteer

I have following use case:
launch browser -> newPage()
open website (www.mypage.com) to get default cookies
execute a POST request with query parameters (www.mypage.com/special-informations) to get special cookies
open required page (www.mypage.com/something)
How can I execute this POST request and go on with my normal GET request?

CORS issue while trying to redirect from POST method to frontend page with GET request

I would like to redirect from POST method to frontend page with HTTP status code 303.
Expected result is that browser after making POST request redirects to page specified in Location header.
Currently I am getting CORS failed error message and browser does not redirect to frontend page.
A redirect does not mean "Load this URL in the browser window". It means "You can get whatever you asked for here".
When you make an Ajax request using JavaScript, the response is provided to JavaScript.
If the response is a redirect, then the browser follows it automatically and provides the response to the redirect to JavaScript.
The URL you redirect to needs permission from CORS in order for the JavaScript to read the response.
Do not attempt to mix web services and regular page navigation
If you want to submit some data and load a new page: Use a form submission.
If you want to submit some data and handle the response with JS: Use Ajax.

axios.post Fails in App, Works in URL

I'm following a React-Redux tutorial. My axios.post() is failing when running the app, but if I use that same URL and paste it into the browser's address textbox it works. Why would that happen?
Here is the call in my app:
const request = axios.post(`${ROOT_URL}/posts/${id}${API_KEY}`);
Here is the error, as shown in F12 in Chrome:
POST http://reduxblog.herokuapp.com/api/posts/120342?key=bob884 404
(Not Found)
Why would that fail when it's a good URL? If you click it, you'll see the response in the browser:
{"id":120342,"title":"SOLID","categories":"OOP","content":"SOLID is an
acronym..."}
When you click the link, the browser sends a GET request to the server.
A POST endpoint might not be available from the server side at that specific URL address.
Whenever the server is unable to find a URL with a specified method (GET / POST), it returns a 404 - Not found error. In this case, it doesn't find any POST method defined for that address.
You should consider changing the method to a GET request, if that's what you desire.

Calling API url parameters issue

I have a cms, where am using laravel as web api, angularjs for requests.
I have an iframe where I call to services with a direct link and put it usig trusted src function.
The main problem is, I can not use a normal http post request and hide parameters, because using http request will return data, not file, and the report api returns in headers, an html file, pdf ... etc) so when i get result to the success of my http request, it won't download pdf file, it will show special chars
in the i frame am calling the api like this :
"localhost/api/getreportService/"+$scope.brandid+"&"+$scope.customerid"
but that's cannot be secure, is there any way to hide the request here from users?
ok, I found a solution, I called the api via http post request then I used $sce tustAsHtml for the response, with a ng-bind-html in my template and the result is good now, the report is showing in the div,
Now all is safe, the user needs a token to access the report, and that's impossible without a login.

Safari turns Simple Cors Request into Preflight after 302 redirect

I found out that following issue occurs on safari via Javascript, jQuery Ajax:
I make a cors simple request using GET
Server responses with 302
Safari follows redirect but uses OPTIONS instead of GET as method, so it does a preflight request
I would expect that step 3 would also invoke a simple request using GET, which is exactly how it is done in Chrome and Firefox.
The problem is that the server who responses to the request after step 3 can not handle requests with method OPTIONS and therefor fails with status "Method Not Allowed".
Since i have no influence on the server side, i need to force either to not follow the redirect automatically and do it manually instead or somehow tell safari not to switch to OPTIONS.
Is there any way to do one of those options?

Categories