How to call secure ssl REST web API in html javascript code - javascript

I am developing an cross platform html5 javascript application. In that I have to fetch data from secure ssl enable web api. I am getting problem while calling this web api from server by sending response "access forbidden" when I disable the SSL on server it works fine. So to resolve this I have to add client certificate while requesting/communicating with these API's. I have used both jquery.ajax and xmlhttmRequest to fetch data from server in Javascript but it gives error for web api where SSL implemented. Please let me know to resolve this. Thanks.

Related

Will my website fetch API without CORS error when it is hosted on my web server?

I am fetching an API via JavaScript on my localhost. This leads to me having the CORS error:
No 'Access-Control-Allow-Origin' header is present on the requested resource.
Will this still occur when my site is hosted on a my web server, or is it just an issue when I'm hosting via localhost?
If the request is to an external API (not your own site), then the error will continue to occur if the request is made from the client-side.
If the request is to an API on your own site, the error will no longer be present, because browsers allow you to make direct requests to endpoints on the same domain without restrictions.
Even if the API isn't your own, hosting your site on a server can help with these issues because you'll have the option of having your server relay the request to the external API. Clients can't make a request to the external API directly, but they can make a request to an endpoint on your site - and you can set up an endpoint to then make a request to the external API, and relay the response back to the client.
So instead of
client -> external API -> client (doesn't work)
having a server allows you to
client -> your server -> external API -> your server -> client (works)

Angular and Spring rest api communication over https

I have frontend written in angular and backend written in Spring. I bought hosting and there I installed tomcat where im deploying my production backend. Im deploying frontend under domain folder on my hosting service.
Spring has jks certificate. I added this jks certificate to connectors in server.xml.
Angular has let's encrypt certificate which was generated for my domain "spotmapa.pl".
Now i have this situation:
On desktop google chrome my domain seems "not secure" and when this website makes api calls for backend it does it correct.
But in for example firefox my domain seems secure and has padlock but api calls to backend not working from there.
My api calls to backend from postman works properly, but doesnt work from secured by lets encrypt website.
I dont get any errros in logs.
I have two questions:
Should i have the same certificate for backend and frontend?
Why does unsecured origins make api calls right, but secured website https://spotmapa.pl no?
Frontend with lets encrypt was calling api secured by selfsigned certificate. This caused problem. I did lets encrypt for the backend too and it works correctly.

Node.js REST API deploy to cloud server

I have developed a Node.js REST API. When I upload it to cloud server then the API is accessible by HTTP but not by HTTPS. When sending requests to my website the API shows an error called (failed). I use Apache on my server. So now what can I do now for making live this API?

Why XMPP client using strophe.js still working with out including flXHR.js?

I am using ejabberd as XMPP server,one of our project need to have a xmpp web client,for that i am referring Professional "XMPP Programming with JavaScript and jQuery" by jake moffitt i was going through chapter 3 hello world application ,here in order to make xmpp web client using strophe i have to include creating java script file such as strophe.js,flXHR.js,and strophe.flxhr.js
i have gone through example many time but failed to connect with the server,
when i checked bosh connection using localhost:5280/http-bind it is working fine!!!!!
with try and error when i try to connect with xmpp server with removing flXHR.js ,it magically got connected to xmpp server!!!!!
FLxhr.js is used for making cross domain call as per book" Flash has a strict security policy, but unlike JavaScript, it allows cross-domain
requests to be sent to domains that permit such requests."
If i bypass above FLxhr.js i have to use a proxies
i am using apache tomcat as web-app server ,i haven't setup any proxies and not included FLxhr.js file in my html page ,but still xmpp client is able to communicate with server!!
Can some one please explains me what is the reason behind this??
thanks in advance!!
It's likely that your XMPP server has CORS enabled, I know Openfire now supports this. With CORS, strophe.js is able to make a cross origin request without needing the workaround provided by flash(FLxhr.js), and also works without any server side redirects.
Cross-Origin Resource Sharing
Cross Domain AJAX for XMPP HTTP-Binding Made Easy
CORS Browser Support
If you want to quickly check to see if your XMPP server has CORS enabled, you should be able to locate a crossdomain.xml file hosted on the root of your server.
Example:
I connect Strophe to my XMPP server using the address http://192.168.0.26:7070/http-bind/.
Since I have CORS enabled, I can browse to http://192.168.0.26:7070/crossdomain.xml and the server will return an XML file.

Use JavaScript to call a SOAP web service that requires authentication

Can I call a SOAP web service from JavaScript? The SOAP web service in question is a member of the Exchange Web Services platform. I have found the Exchange Web Services OSX Widget but that uses Curl to do the actual SOAP call. So I am wondering if there is a limitation in the JavaScript abilities to interface with SOAP using authentication.
Javascript isn't very good at web services because of the same origin policy which means you're only allowed to request resources from the same domain as the page you call from.
You could work around this by setting up a proxy on your server to hand the request off to elsewhere. The problem with this is you'd have to build the SOAP message yourself as I very much doubt anyone has ever bothered to write a js SOAP library due to the afore mentioned limitations.
Instead, I would pick your favourite server side SOAP library and expose an interface to be called via AJAX.

Categories