Catch a Server Redirect's URL - javascript

I have a URL
ex. www.siteA.com/?UGLY_KEY_12312432342SSDFSD
It then redirects you to:
www.siteB.com/?ANOTHER_UGLY_KEY_ASDASDFS2342342
What i need is some way to catch the redirect URL of siteB
I've tried JQuery $.ajax
and I am swamped with
No 'Access-Control-Allow-Origin' header is present on the requested resource.
I am aware that CORS is the typical way to go, but it is impossible in my case.
Shouldn't this be easier security wise as it is a mere, GET?
$.ajax({
type: "GET",
url: "www.siteA.com/?UGLY_KEY_12312432342SSDFSD",
dataType: "json",
success: function (response, status, request) {
// data.redirect contains the string URL to redirect to
alert(response.redirectUrl);
}
}

I need to use a HttpWebRequest on the server side because of CORS Permission issues.
Here it is:
var httpWebRequest = (HttpWebRequest)WebRequest.Create("http://www...");
httpWebRequest.ContentType = "text/json";
httpWebRequest.Method = "GET";
httpWebRequest.AllowAutoRedirect = false;
httpWebRequest.Timeout = 10000;
httpWebRequest.Accept = "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8";
httpWebRequest.UserAgent = "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36";
var httpResponse = (HttpWebResponse)httpWebRequest.GetResponse();
string THEREDIRECTURL = httpResponse.GetResponseHeader("Location");

Related

What are the rules for standard protocols path?

I can't understand how the path resolution work in electron when you register a custom protocol as standard.
I have a basic custom protocol for app folder's files:
protocol.registerSchemesAsPrivileged([
{ scheme: 'app', privileges: {
standard: true,
secure: true,
supportFetchAPI: true,
corsEnabled: true,
bypassCSP: true
} }
])
app.on('ready', e=> {
protocol.registerFileProtocol('app',
(i,o)=> console.log(i.url)||
o({path: path.resolve(__dirname, i.url)})
)
let win = new BrowserWindow()
win.loadURL(`app://tabbed-window.html`)
}
<script type="module" src="utils/DOM.js"></script>
<link rel="import"
href="/components/Window.html" />
<link rel="stylesheet" type="text/css"
href="./components/Tab.css" />
<link rel="import"
href="../components/icon.html"
data-="themes/icons/app.svg"
data-fas="themes/icons/fa-solid.svg"
data-far="themes/icons/fa-regular.svg"
data-fab="themes/icons/fa-brands.svg" />
On the logs I have a leading slash after the main .html file so the nested ressources relatives path are wrong, getting the html file as a folder, whatever how each file is request (./ / even ../ don't avoid the .html/ folder !! )
{
method: 'GET',
url: 'app://tabbed-window.html/',
referrer: '',
headers: {
Accept: 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9'
}
}
{
method: 'GET',
url: 'app://tabbed-window.html/utils/DOM.js',
referrer: '',
headers: {
Origin: 'app://tabbed-window.html',
'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) termos/0.3.0 Chrome/80.0.3987.163 Electron/8.2.3 Safari/537.36',
'Sec-Fetch-Dest': 'script',
Accept: '*/*'
}
}
{
method: 'GET',
url: 'app://tabbed-window.html/components/Window.html',
referrer: '',
headers: {
Origin: 'app://tabbed-window.html',
'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) termos/0.3.0 Chrome/80.0.3987.163 Electron/8.2.3 Safari/537.36',
'Sec-Fetch-Dest': 'unknown',
Accept: '*/*'
}
}
{
method: 'GET',
url: 'app://tabbed-window.html/components/Tab.css',
referrer: '',
headers: {
'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) termos/0.3.0 Chrome/80.0.3987.163 Electron/8.2.3 Safari/537.36',
'Sec-Fetch-Dest': 'style',
Accept: 'text/css,*/*;q=0.1'
}
}
{
method: 'GET',
url: 'app://tabbed-window.html/components/icon.html',
referrer: '',
headers: {
Origin: 'app://tabbed-window.html',
'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) termos/0.3.0 Chrome/80.0.3987.163 Electron/8.2.3 Safari/537.36',
'Sec-Fetch-Dest': 'unknown',
Accept: '*/*'
}
}
The custom protocols in Electron have the same effect as the file:// protocol, wherein files are served from the local file system rather than the relative app path.
To sum up, when you use relative paths (../../), the URL is altered relative to your local filesystem, like so: file:///absolute/path/to/file. The absolute path uses the base href path (in case of angular).
The requests directed to your assets can be intercepted using intercept methods of the protocol api.
Proper URL Syntax is roughly scheme://host/path. So, you miss the host part. Use something like
win.loadURL(`app://localhost/tabbed-window.html`)
And strip the app://localhost/ prefix in the protocol handler.

HTTP/2 requests and headers starting with colon

Hello beloved SO community.
I have a problem that tortures me for months with no solution.
I am trying to make a request at an HTTP/2 endpoint that uses some headers that start with a colon. Example:
:method: "POST"
I have tried with python(hyper, requests), php(guzzle) and js(fetch).
I have managed, presumably, with js to achieve the required result but the CORS policy returns me an "opaque" result.
Any help will be great!
JS result presumbaly correct "opaque"
fetch("https://www.example.com/users/sign_in",
{
"credentials":"include",
"headers":{
"accept":"text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3",
"accept-language":"en-US,en;q=0.9,el;q=0.8",
"cache-control":"max-age=0",
"content-type":"application/x-www-form-urlencoded",
"accept-encoding": "gzip, deflate, br",
"content-length": 614,
"origin": "https://www.example.com",
"sec-fetch-mode": "navigate",
"sec-fetch-site": "same-origin",
"user-agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.87 Safari/537.36",
},
"referrer":"https://www.example.com/users/sign_in",
"referrerPolicy":"no-referrer-when-downgrade",
"redirect": "follow",
"body":"..."
"method":"POST",
"mode":"no-cors",
":authority": "www.example.com",
":method": "POST",
":path": "/users/sign_in",
":scheme": "https"
})
Python result 500 or 404
context = tls.init_context()
context.check_hostname = False
context.verify_mode = ssl.CERT_NONE
with HTTP20Connection('www.example.com', port=443, ssl_context=context) as c:
headers = {
":authority": "www.example.com",
":method": "GET",
":path": "/users/sign_in",
":scheme": "https",
"accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3",
"accept-encoding": "gzip, deflate, br",
"accept-language": "en-US,en;q=0.9,el;q=0.8",
"sec-fetch-mode": "navigate",
"sec-fetch-site": "none",
"sec-fetch-user": "?1",
"upgrade-insecure-requests": "1",
"user-agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36"
}
c.request('GET', 'www.example.com/users/sign_in', headers=headers)
PHP result 500 or curl error 55
$jar = new CookieJar;
$client = new Client([
// Base URI is used with relative requests
'cookies' => $jar,
'version' => 2.0,
'debug' => fopen('php://stderr', 'w'),
]);
$client->request('GET', 'https://www.example.com/users/sign_in');
$response = $client->request('POST', 'https://www.example.com/users/sign_in', [
'headers' => [
":authority"=> "www.example.com",
":method"=> "POST",
":path"=> "/users/sign_in",
":scheme"=> "https",
"accept"=> "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3",
"accept-encoding"=> "gzip, deflate, br",
"accept-language"=> "en-US,en;q=0.9,el;q=0.8",
"cache-control"=> "max-age=0",
"content-length"=> "616",
"content-type"=> "application/x-www-form-urlencoded",
"origin"=> "https://www.example.com",
"referer"=> "https://www.example.com/users/sign_in",
"sec-fetch-mode"=> "navigate",
"sec-fetch-site"=> "same-origin",
"sec-fetch-user"=> "?1",
"upgrade-insecure-requests"=> "1",
"user-agent"=> "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36"
],
'form_params' => [ ... ],
'version' => 2.0,
'allow_redirects' => true
]);
These are HTTP/2 pseudo-headers that apply to requests and responses within an HTTP/2 stream. HTTP/2 creates a single persistent connection from each distinct origin end-point to a server. That connection transmits multiple requests and responses to and from the end-point; these are parsed into "frames" and transmitted as "streams". HTTP/2 can interleave frames from multiple request and response streams simultaneously to get huge performance benefits. intro to http/2
Pseudo-headers apply to streams; a different set of headers apply to the connection itself. Four pseudo-headers are defined for requests: :method, :scheme, :authority, and :path. No others are allowed. These 4 must be included in every request header block and they must precede any other headers:
"All pseudo-header fields MUST appear in the header block before
regular header fields. Any request or response that contains a
pseudo-header field that appears in a header block after a regular
header field MUST be treated as malformed (Section 8.1.2.6)." http2 spec
I'm not familiar with how 'fetch' implements the headers, but in your code above you seem to have the pseudo-headers outside the header block, and they are placed at the end. Might be screwing up the fetch.

angular state change after ng-file-upload success without any error or any reason

I am trying to upload a file to the server , I do that successfully but after success, angular or browser or I don't know how just redirect me back to my initial state in angular js
the success callback hit and I have no error
ng-fileupload version 3.2.5.
here is my function in the controller :
$scope.uploadIssueAttachment = function (files, issue) {
if (files && files.length) {
for (var i = 0; i < files.length; i++) {
var file = files[i];
$upload.upload({
url: '/Handlers/UploadHandler.ashx?des=HelpDesk'
, method: 'POST'
, file: file
, }).progress(function (evt) {}).then(function (data) {
var _fileName = data.headers('fileName');
var _originalFileName = data.headers('orgName');
var _type = data.headers('format');
$scope.newIssueAttachments.push({
fileName: _originalFileName
, temporaryName: _fileName
, fileType: _type
});
}).catch(function (error) {
console.log(error);
});
}
}
};
and here is my html markup
<span ng-file-select ng-file-change="uploadIssueAttachment($files,newIssue)" class="file-input btn btn-sm btn-file" >
the function hit and I upload a file, browser response with 200 status
Request URL:http://localhost:3080/Handlers/UploadHandler.ashx?des=HelpDesk
Request Method:POST
Status Code:200 OK
Remote Address:[::1]:3080
Referrer Policy:no-referrer-when-downgrade
Response Headers
view source
Cache-Control:private
Content-Length:0
Date:Mon, 17 Jul 2017 10:33:56 GMT
fileName:ea8c8799-0f48-49f4-a33c-dca0726af929.png
format:image/png
name:ea8c8799-0f48-49f4-a33c-dca0726af929.png
orgname:avator.png
Server:Microsoft-IIS/10.0
X-AspNet-Version:4.0.30319
X-Powered-By:ASP.NET
X-SourceFiles:=?UTF-8?B?RDpcU291cmNlXFdvcmtzcGFjZXNcUE1PLkFDQVxEZXZcQk1TXFJheWthbS5Ccm9rZXJzLldlYi5NVkNcSGFuZGxlcnNcVXBsb2FkSGFuZGxlci5hc2h4?=
Request Headers
view source
Accept:application/json, text/plain, */*
Accept-Encoding:gzip, deflate, br
Accept-Language:en-US,en;q=0.8
Connection:keep-alive
Content-Length:16544
Content-Type:multipart/form-data; boundary=----WebKitFormBoundarylgAXmkMLtLGhRRU4
Cookie:ASP.NET_SessionId=ska22gomunzfvxqv1wwihbmh; .ASPXAUTH=A8E3E65AECDBB20189E01D261B3580E6997A7763615AD085A0E92F5F44B2D7DFA2C0E39BA47876EAE614EF06C56E692B71982D9035F84075C466E63632653E3E7CC03F042B850200EFBC2867E8A0F7EA3F8A7989AAB68E267891CB819AB9024D04DB430D6B8D8E692D64652CA2645681
Host:localhost:3080
Origin:http://localhost:3080
Referer:http://localhost:3080/admin/
User-Agent:Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.115 Safari/537.36
Query String Parameters
view source
view URL encoded
des:HelpDesk
Request Payload
------WebKitFormBoundarylgAXmkMLtLGhRRU4
Content-Disposition: form-data; name="file"; filename="avator.png"
Content-Type: image/png
------WebKitFormBoundarylgAXmkMLtLGhRRU4--
and then with no error I just get redirected to my start page, I don't know how to track the event that changed state.
the interesting thing are when I heat breakpoint in dev console and I wait just for few minute, then there is no state change and everything goes well.
near to pull my hair.
any suggestion?
You havent wrote which version you are using but I think this structure will help you .Its always good to use then...catch in angular success is now deprecated.
You can see it here
upload Structure(with then...catch)
$upload.upload({
url: '<YOUR URL>'
file: <file>
}).progress(function (evt) {
// progress = parseFloat(evt.loaded / evt.total)*100;
}).then(function(result) {
//handle successful result
}).catch(function(errorCallback){
//you can see error here
});
Let me know if it wont work.
Edited
$rootScope.$on('$stateChangeStart',
function(event, toState, toParams, fromState, fromParams) {
console.log(toState); //put break point over here try to debug
console.log(fromState);
});

FormData doesn't get passed back to MVC Controller

I am trying to upload images and couple of form elements to a MVC Controller. The problem here isn't the model not being populated, because it works with application/x-www-form-urlencoded but seems to have trouble with multipart/form-data. The core of the problem is, that Request.Form is not being populated...
Converting Form to FormData:
function frmValuesAsFormData(submittedForm) {
return new FormData(submittedForm);
}
AJAX Function (asFormData is passed in as True in this case and method is POST and dataType is JSON):
function executeAJAX(method, url, data, asFormData, silent, callbackFunc, receiveFunc, dataType, targetDiv, appendToExistingContent, uid) {
var cType = "application/x-www-form-urlencoded";
var processData = true;
if (asFormData) {
cType = "multipart/form-data";
processData = false;
}
$.ajax({
method: method,
url: url,
data: data,
contentType: cType,
cache: false,
dataType: dataType,
processData: processData,
success: function (d, t, j) {
// Do something with result from controller...
}
});
}
POST Headers (From FireBug)
Accept application/json, text/javascript, /; q=0.01
Accept-Encoding gzip, deflate Accept-Language en-GB,en;q=0.5
Content-Length 936 Content-Type multipart/form-data Cookie
ASP.NET_SessionId=mzppxvimv03qb0smtyrgdw3z Host localhost:64727
Referer http://localhost:64727/Home/Contact User-Agent Mozilla/5.0
(Windows NT 10.0; Win64; x64; rv:50.0) Gecko/20100101 Firefox/50.0
X-Requested-With XMLHttpRequest
POST Example (From FireBug):
-----------------------------26439188689323 Content-Disposition: form-data; name="imageFiles"; filename="WWKDK33.jpg" Content-Type:
image/jpeg
PNG ��� IHDR��"��"����xÕj��7IDATxÚíÚKÂ
ÐÞÿÒz�B3~Þ,Õb|nHàøÈ!B"D"D!B$!B"D"D!B$
!B"Dcdtå]µ
B"D!BÔKtb_xv-!B"Dunð+¯uÔ"D!BÑS*ï"B"D!B(Õl
B"D!B
ô¢ïü·½ä~"D!B¢URi,ÖÕ"D!BQ/Q:ò[*E"D!B¨a¼ÙôWÿéf"D!B¢]
HæL~eD!B"DöÍ_ÉòGGkA"D!BèD±}Çõò4
!B"DZôÀ½rª�"D!B¢eD¡¡y¡éøk!B
"D!ZGÔ;¯49ÛD!B"D"cöÊ#fåQ^D!B"D®I4_à|Ci#J!B"DÝ(s°
"D!B¢{7 £ÌÁ"D!B"D½DgBæant¿"D!BÑÖý¤ôm
"D!B"D"D!B$!B"A"D!D!B"A"D!ß|ÜYÆ
®«����IEND®B`
-----------------------------26439188689323 Content-Disposition: form-data; name="uploaderMode"
tournament
-----------------------------26439188689323--
Anyone any clues as to why it doesn't work? Thanks!
The issue is because when you send a FormData object in the request you have to set contentType to false so that no content-type header is sent. Try this:
if (asFormData) {
cType = false;
processData = false;
}
Also note that you could remove the need to send the asFormData property to your function entirely by just checking the type of the data property:
if (data.constructor == FormData) {
cType = false;
processData = false;
}

Angularjs Rest endpoint with username password

I am trying to write a Single Page App (SPA) based on AngularJS. The app should connect to a webserver that provides a RestFul services, but each end point requires username and password along with other parameters. Since I am a beginner in this area, before moving towards the actual development, I tried PostMan/Advanced Rest Client chrome extensions to verify the basic connections. A sample request preview :
POST /servicesNS/admin/search/search/jobs/export HTTP/1.1
Host: localhost:8089
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
search=search+error+|+table+host&output_data=xml&username=admin&password=unity3d
This is actually equivalent to the cURL command:
curl -k -u admin:unity3d --data-urlencode search="search error | table host" -d "output_mode=xml" https://localhost:8089/servicesNS/admin/search/search/jobs/result
After getting successful results in above mentioned ways, I am now looking for equivalent way of doing it in AngularJS.
var app = angular.module('TabsApp', []);
app.controller('TabsCtrl', function ($scope, $http)
{
login = function () {
$scope.userName ="admin";
$scope.password ="unity3d"
$http({
method :"POST",
url:"https://localhost:8089/servicesNS/admin/search/search/jobs/export",
data: { "username" : "admin" , "password": "unity3d", "search" : "search error"},
headers: {'Content-Type': 'application/x-www-form-urlencoded'}
}).success(function (data, status, headers, config) {
console.log('status',status);
console.log('data',status);
console.log('headers',status);
});
}
});
This gives me error 401 Unauthorized, the headers of the response:
> Remote Address:127.0.0.1:8089 Request
> URL:https://localhost:8089/servicesNS/admin/search/search/jobs/export
> Request Method:POST Status Code:401 Unauthorized Request Headersview
> source Accept:application/json, text/plain, */* Accept-Encoding:gzip,
> deflate Accept-Language:en-US,en;q=0.8 Connection:keep-alive
> Content-Length:65 Content-Type:application/x-www-form-urlencoded
> Host:localhost:8089 Origin:http://localhost:63342
> Referer:http://localhost:63342/UI/UI1.html User-Agent:Mozilla/5.0
> (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)
> Chrome/39.0.2171.71 Safari/537.36 Form Dataview sourceview URL encoded
> {"username":"admin","password":"unity3d","search":"search error"}:
> Response Headersview source Access-Control-Allow-Credentials:true
> Access-Control-Allow-Headers:Authorization
> Access-Control-Allow-Methods:GET,POST,PUT,DELETE,HEAD,OPTIONS
> Access-Control-Allow-Origin:* Cache-Control:private
> Connection:Keep-Alive Content-Length:130 Content-Type:text/xml;
> charset=UTF-8 Date:Sat, 29 Nov 2014 19:53:59 GMT Server:Splunkd
> Vary:Cookie, Authorization WWW-Authenticate:Basic realm="/splunk"
> X-Content-Type-Options:nosniff X-Frame-Options:SAMEORIGIN
And the output is :
<?xml version="1.0" encoding="UTF-8"?> <response> <messages>
<msg type="ERROR">Unauthorized</msg> </messages> </response>
Any idea what is going wrong?
If you are sending response in the format of 'application/x-www-form-urlencoded' the actual data format should be the same.
What you are sending currently is a JSON object. You would need to use $http tranformer to tranform the request: Something in line of
transformRequest: function (data) {
var postData = [];
for (var prop in data)
postData.push(encodeURIComponent(prop) + "=" + encodeURIComponent(data[prop]));
return postData.join("&");
},
See a working fiddle here http://jsfiddle.net/cmyworld/doLhmgL6/

Categories