I've noticed in Chrome's dev tools, when you make a request to a url that ends up returning you a 301 redirect the following happens:
The original request (a POST in this example) is written to the Network tab
The server returns a 301 redirect to a different URL
The original request details in the Network tab are overwritten with the redirect request, which is a GET request to the redirect URL
You can see the original request briefly before it is overwritten by the redirect. Is there anyway to preserve the original request details in the Network tab?
Update:
Here's a video of the behavior.
You'll see when I hit the "Connect" button a new entry is added to the list of requests (to "/acl?apiKey=[whatever]"). When the server returns a redirect (to "/redirect?code=[whatever]") that requests overwrites the original request in devtools, making it impossible to see the details of that original request.
Related
I developed a contact form for my site and it is working and redirects to another url inside my domain when it is sent (for example lets say domain.com/sent). The thing is, if someone by chance decides to access the url domain.com/sent directly, it can be accessed like if he had submitted the form and was redirected there. I also have configured a 404 error custom page for any other page outside the existing ones, is there any way of disabling the domain.com/sent external access and redirecting to the error 404 page and keeping the sent page only for the users who really submitted the form?
Have the response to the POST request to the form handler set a cookie.
Have the handler for /sent test for that cookie and:
If it is set:
Delete the cookie
Display the sent page
If it not send:
Do something different such as displaying an error or redirecting
I can reproduce the issue by following these steps with a website I host:
Click a link to the website from any external site
Submit an AJAX form that returns a Set-Cookie header with the SameSite=Strict attribute
At this point I can confirm that the cookie is set by looking in chrome://settings
Reload the page
On step 3, the cookie is not sent with the request. The devtools network tab shows
The cookie was blocked because it had the "SameSite=Strict" attribute and the request was made from a different site. This includes top-level navigation requests initiated by other sites.
Is this the correct behavior for SameSite=Strict cookies? I understand why the cookie would not be sent with the initial request in step 1 (since it originated from a different site), but I expected that an explicit reload triggered by a user would be considered a same-site request.
As part of email signup process, I send a url in an email. The client should click it, my server applications sends a 303 response redirecting the client to the home page and the browser should open the home page. But this isn't happening. I am unable to debug whether this is a browser issue or web-server issue.
in this pic, you could see that on clicking the url, a request GET is sent and 303 is received
Here, I don't see any request going out (I see request headers but I am not convinced that the request was sent). In the timing tab, it looks as if the request is stalled
It seems the issue was the way I was redirecting. In of redirecting using absolute path Redirect("http://localhost:9000/home"), I wasn't using http i.e. Redirect("localhost:9000/home") which made the path relative. The initial request was http://localhost:9000/ws/users/signup/ and the new request after redirect became http://localhost:9000/ws/users/signup/localhost:9000/home which probably messed up something in the browser.
I'm trying to create a http POST request using POSTMAN to this URL:
http://www.mfinante.ro/agentinume.html?pagina=domenii
on the codFiscalForm from HTML.
I set the input name=Oracle and judet=BUCURESTI and I'm receveing a piece of HTML, where I don't have the information I need (a HTML table form).
What I am doing wrong?
The reason of missing HTML table data in HTTP response is: The POST /numeCod.html request (action of codFiscalForm) is protected by TS*** Cookies. In POST /numeCod.html request, if TS*** Cookies, such as TS018732dc, TS5d0550f8_27 etc. are missing or incorrect, the request would be rejected by server.
When is TS*** Cookies retrieved/updated?
TS*** Cookies are retrieved or updated when you open webpage /agentinume.html?pagina=domenii. Please note all HTTP responses when open /agentinume.html?pagina=domenii will set/update TS*** Cookie, including responses of .js, .png files request.
When the result page is opened after submitting form, the TS*** Cookies are updated again.
How to confirm TS*** Cookies are critical for retrieving data?
On webpage, before click button VIZUALIZARE, you can open browser debug tool, such as Chrome DevTools, and delete one TS*** Cookie in panel Application - Cookies. After that, click button VIZUALIZARE will lead to an HTML page without table data.
Why Postman does not work even when TS*** Cookies are defined in headers?
Because TS*** Cookies keep changing, it is very difficult (if not impossible) to get the latest valid TS*** Cookies programmatically.
I am trying to build a front end application which will an input text box.
When a user enters an URL in the text field(ex www.google.com, wwww.facebook.com, www.linked.com, etc..), the web app should tell the user whether if the provided address has a re-direction?
Can it be done from ajax?
You can send a GET request to the URL and see what it returns.
Every HTTP response will come with a status code.
You can see the full list of HTTP status codes here: https://en.wikipedia.org/wiki/List_of_HTTP_status_codes
A 301 means the URL has a permanent redirect and a 302 means there is a temporary redirect.