I have a request that fails with the 500 status and a trivial body. See the Postman screenshot:
This same request in Chrome (latest) developer tools - the network tab:
and response:
How can I get the real response body and status?
Related
I'm in charge of a Microsoft .Net WebApi that authenticates requests based on credentials sent in the request headers. If the credentials are missing or incorrect, the API returns a 401 unauthorized message. The code to do this is pretty straight forward.
if (!ValidateCredentials(Request, this.ServiceName))
{
throw new HttpResponseException(HttpStatusCode.Unauthorized);
}
This works as expected when calling the API from code in other applications (JS, C#, etc).
I recently had a 3rd party developer contact me to make calls to our API who is not primarily a Windows/.Net developer. He wanted to start by calling an API method (which is an HTTP GET method) in a browser, to make sure he got the expected 401 error. He didn't get a 401 - he got no response at all.
I did some testing and found the following:
In Postman (without the appropriate headers), I get a 401 response and it indicates a secure connection.
In Chrome, I get a 401 but I also got a "your connection to the site is not secure" message even though I'm using HTTPS.
In Internet Explorer, I get a blank screen and a 401 in the developer tools, and it indicates a secure connection.
In Firefox, I get no response. Instead the developer tools shows the request as "Blocked" (listed in the "Transferred" column).
In Edge, the browser seems to stall out. I don't get any response, nothing even shows up as an outbound request in developer tools, and the refresh button stays perpetually as a cancel button.
Is there something wrong with how the API is responding to these requests or are they simply quirks of the respective browsers?
I'm looking for a way to view the CORS pre-flight OPTIONS request when I make a CORS request. I wanted to see the server's response headers to help me debug a CORS issue I'm experiencing, but I couldn't find a a way to do this in Chrome or Firefox, in the Network tab or console of either.
I also installed the HTTP Header Live addon, and it didn't help.
I'm using jQuery.get(url); to trigger my CORS request, where url is a URL at a different domain.
I'm using jQuery.get(url); to trigger my CORS request
This will trigger a simple request without a preflight OPTIONS request.
You haven't fulfilled any of the conditions required to trigger a preflight.
Since a preflight isn't being made, none show up in the developer tools.
I'm testing a REST service provided by a vendor and I'm using Postman client. Initially if I tried to make service call with necessary authorization headers, the client spits out a response (not from the service but Postman) where it says something similar to cannot get a response. But once I attempt the same GET request through Chrome, a username and password is prompted from the browser and once I provide that the JSON response is shown in browser screen.
Once that is done , when I attempt the same request or other request from Postman it works fine and gives me response JSON from service.
Could someone please help me understand what happens here, thanks.
I'm trying to find information about WHEN a HTTP request has been "launched" to the server. In my chrome web inspector, network tab, I have some info about the internal timing of the http session (time before first byte, queuing, response..), but nothing about when those session starts/ends.
Is there a way to get this info?
I am trying to load an asset (a font) from an s3 bucket. Fonts on Firefox and IE need to have Access-Control-Allow-Origin headers returned in the response. Unfortunately it seems that Chrome is not sending an "Origin" request header. Since it is not sending an Origin request header, S3's CORS policy is not returning the required Access-Control-Allow-Origin header.
Here is an example request screenshotted from the Chrome inspector panel:
Why is there no "Origin" Header in the Requset Headers?!
The page making this font request is at https://proximate.com and is hosted on Heroku.
Before making the GET request for the font, Chrome would have sent a preflight OPTIONS request for the font resource. It is in this preflight request that Chrome would have sent the Origin header. S3's CORS policy would have returned the required Access-Control-Allow-Origin header in response to this preflight OPTIONS request.
Thereafter, Chrome would have made the GET request for the font -- the request that you have shown in the screenshot. Chrome would not send the Origin header in this GET request now. And as the screenshot shows, the request was successful (Status Code 200 OK). Also note the Amazon headers (starting with x-amz-) and Server: AmazonS3 present in the response.
It does seem that your site https://proximate.com would have received the font from Amazon S3. Was that not the case?
For more details please see the links https://spring.io/understanding/CORS and https://docs.aws.amazon.com/AmazonS3/latest/dev/cors.html.
I had exactly this same issue and after hours of banging my head against the wall I found that something with Chrome's HTTP caching mechanism prevents the Origin header from being sent. This is a Chrome-specific issue as I could not reproduce it with Safari. You can check whether this is the case for you as well by toggling the "Disable Cache" option under the Network tab of Chrome developer tools.
To force your request to ignore the cache, use appropriate cache option (documentation). This is my final working code:
fetch(url, {
method: 'GET',
mode: 'cors',
cache: 'no-store', // for some reason Chrome's caching doesn't send Origin
})