PicketLink at Service Provider Responding 302 in EAP 7.1 with SAML - picketlink

Runtime: JBOSS EAP 7.1, EAP in-build picketLink and Chrome.
JAR: <resource-root path="/jboss/eap/7.1/jboss-eap/modules/system/layers/base/org/picketlink/federation/main/picketlink-federation-2.5.5.SP8-redhat-1.jar"/>
We enabled SP Initiated Web SSO with IDP and we are able to get the SAML response from IDP. IDP posting the saml response in Base64 Encoded format. While Chrome posting the SAML Response to Service Provider, Service provider not able to read the SAML response.
Picketlink at Service provider end responding 302 HTTP status to browser while posting SAML response to Service Provider. Due to 302, Service provider HTTP redirect to the page, which is mentioned in the Location header. Due to redirect via GET, SAML response getting lost.
Chrome Browser Log while Posting to Server Provider::
Request:
Request URL: https://serviceProvider.com:8583/SECUI/jaxrs/Authentication
Request Method: POST
Status Code: 302 Found
Remote Address: 10.10.10.10:8583
Referrer Policy: no-referrer-when-downgrade
Response Header:
Access-Control-Allow-Origin: https://IdentyProvider.com
Cache-Control: max-age=0
Connection: Keep-Alive
Content-Length: 0
Date: Wed, 25 Mar 2020 05:49:06 GMT
Expires: 0
Keep-Alive: timeout=15, max=1500
Location: https://serviceProvider.com:8583/SECUI/UI/index.htm
Pragma: no-cache
Server: JBCS httpd
Strict-Transport-Security: max-age=63072000; includeSubdomains;
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Request Header:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cache-Control: max-age=0
Connection: keep-alive
Content-Length: 6627
Content-Type: application/x-www-form-urlencoded
Cookie: secure=vReGx1TlykEsdWTMHUr3Y7TGMcDVekUasOvNnbAt.CAT_ICM_HUB_SEC_01; amlbcookie=01; iPlanetDirectoryPro=pa8p9OjugxK8YgBtiTAmClm9-dc.*AAJTSQACMDUAAlNLABxKMXNTaU1mOWhteWEwK0FaWFhwaTBwTGFvbHM9AAR0eXBlAANDVFMAAlMxAAIwMQ..*
DNT: 1
Host: serviceProvider.com:8583
Origin: https://IdentyProvider.com:8443
Referer: https://IdentyProvider.com:8443/openam/SSOPOST/metaAlias/SSO/idp4?ReqID=ID_03fe131e-b20e-4955-8626-df21adfb4dfa&index=null&acsURL=https://serviceProvider.com:8583/SECUI/jaxrs/Authentication&spEntityID=https://serviceProvider.com:8583/SECUI/jaxrs/Authentication&binding=urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.122 Safari/537.36
SAMLResponse:
PHNhbWxwOlJlc3BvbnNlIHhtbG5zOnNhbWxwPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6
cHJvdG9jb2wiIElEPSJzMmIyYmZiOGZjOWEyMzI3MGU4OTgwMGExNTZhOTQ3ZWIxMGNkZTU2Zjgi
IEluUmVzcG9uc2VUbz0iSURfMDNmZTEzMWUtYjIwZS00OTU1LTg2MjYtZGYyMWFkZmI0ZGZhIiBW
ZXJzaW9uPSIyLjAiIElzc3VlSW5zdGFudD0iMjAyMC0wMy0yNVQwNTo0OTowNFoiIERlc3RpbmF0
aW9uPSJodHRwczovL2hrbHZhdWFwcDE3NS5oay5zdGFuZGFyZGNoYXJ0ZXJlZC5jb206ODU4My9T
RUNVSS9qYXhycy9BdXRoZW50aWNhdGlvbiI+PHNhbWw6SXNzdWVyIHhtbG5zOnNhbWw9InVybjpv
YXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iPlNTTy1JRFA8L3NhbWw6SXNzdWVyPjxz
Y
JBOSS LOG:
13:49:05,653 DEBUG [io.undertow.request] (default I/O-12) Matched prefix path /SECUI for path /SECUI/jaxrs/Authentication
13:49:05,655 DEBUG [io.undertow.request.security] (default task-70) Security constraints for request /SECUI/jaxrs/Authentication are [SingleConstraintMatch{emptyRoleSemantic=AUTHENTICATE, requiredRoles=[]}]
13:49:05,655 DEBUG [io.undertow.request.security] (default task-70) Authenticating required for request HttpServerExchange{ POST /SECUI/jaxrs/Authentication request {Cache-Control=[max-age=0], Accept-Encoding=[gzip, deflate, br], DNT=[1], Origin=[https://IdentyProvider.com:8443], Connection=[keep-alive], Sec-Fetch-Site=[same-site], Cookie=[secure=vReGx1TlykEsdWTMHUr3Y7TGMcDVekUasOvNnbAt.CAT_ICM_HUB_SEC_01; amlbcookie=01; iPlanetDirectoryPro=pa8p9OjugxK8YgBtiTAmClm9-dc.*AAJTSQACMDUAAlNLABxKMXNTaU1mOWhteWEwK0FaWFhwaTBwTGFvbHM9AAR0eXBlAANDVFMAAlMxAAIwMQ..*], Referer=[https://IdentyProvider.com:8443/openam/SSOPOST/metaAlias/SSO/idp4?ReqID=ID_03fe131e-b20e-4955-8626-df21adfb4dfa&index=null&acsURL=https://serviceProvider.com:8583/SECUI/jaxrs/Authentication&spEntityID=https://serviceProvider.com:8583/SECUI/jaxrs/Authentication&binding=urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST], Host=[serviceProvider.com:8583], Accept=[text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9], Accept-Language=[en-US,en;q=0.9], Sec-Fetch-Mode=[navigate], User-Agent=[Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.122 Safari/537.36], Sec-Fetch-Dest=[document], Content-Length=[6627], Content-Type=[application/x-www-form-urlencoded], Upgrade-Insecure-Requests=[1]} response {X-XSS-Protection=[1], X-Content-Type-Options=[nosniff], X-Frame-Options=[SAMEORIGIN]}}
13:49:05,655 DEBUG [io.undertow.request.security] (default task-70) Setting authentication required for exchange HttpServerExchange{ POST /SECUI/jaxrs/Authentication request {Cache-Control=[max-age=0], Accept-Encoding=[gzip, deflate, br], DNT=[1], Origin=[https://IdentyProvider.com:8443], Connection=[keep-alive], Sec-Fetch-Site=[same-site], Cookie=[secure=vReGx1TlykEsdWTMHUr3Y7TGMcDVekUasOvNnbAt.CAT_ICM_HUB_SEC_01; amlbcookie=01; iPlanetDirectoryPro=pa8p9OjugxK8YgBtiTAmClm9-dc.*AAJTSQACMDUAAlNLABxKMXNTaU1mOWhteWEwK0FaWFhwaTBwTGFvbHM9AAR0eXBlAANDVFMAAlMxAAIwMQ..*], Referer=[https://IdentyProvider.com:8443/openam/SSOPOST/metaAlias/SSO/idp4?ReqID=ID_03fe131e-b20e-4955-8626-df21adfb4dfa&index=null&acsURL=https://serviceProvider.com:8583/SECUI/jaxrs/Authentication&spEntityID=https://serviceProvider.com:8583/SECUI/jaxrs/Authentication&binding=urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST], Host=[serviceProvider.com:8583], Accept=[text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9], Accept-Language=[en-US,en;q=0.9], Sec-Fetch-Mode=[navigate], User-Agent=[Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.122 Safari/537.36], Sec-Fetch-Dest=[document], Content-Length=[6627], Content-Type=[application/x-www-form-urlencoded], Upgrade-Insecure-Requests=[1]} response {X-XSS-Protection=[1], X-Content-Type-Options=[nosniff], X-Frame-Options=[SAMEORIGIN]}}
13:49:05,655 DEBUG [io.undertow.request.security] (default task-70) Attempting to authenticate HttpServerExchange{ POST /SECUI/jaxrs/Authentication request {Cache-Control=[max-age=0], Accept-Encoding=[gzip, deflate, br], DNT=[1], Origin=[https://IdentyProvider.com:8443], Connection=[keep-alive], Sec-Fetch-Site=[same-site], Cookie=[secure=vReGx1TlykEsdWTMHUr3Y7TGMcDVekUasOvNnbAt.CAT_ICM_HUB_SEC_01; amlbcookie=01; iPlanetDirectoryPro=pa8p9OjugxK8YgBtiTAmClm9-dc.*AAJTSQACMDUAAlNLABxKMXNTaU1mOWhteWEwK0FaWFhwaTBwTGFvbHM9AAR0eXBlAANDVFMAAlMxAAIwMQ..*], Referer=[https://IdentyProvider.com:8443/openam/SSOPOST/metaAlias/SSO/idp4?ReqID=ID_03fe131e-b20e-4955-8626-df21adfb4dfa&index=null&acsURL=https://serviceProvider.com:8583/SECUI/jaxrs/Authentication&spEntityID=https://serviceProvider.com:8583/SECUI/jaxrs/Authentication&binding=urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST], Host=[serviceProvider.com:8583], Accept=[text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9], Accept-Language=[en-US,en;q=0.9], Sec-Fetch-Mode=[navigate], User-Agent=[Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.122 Safari/537.36], Sec-Fetch-Dest=[document], Content-Length=[6627], Content-Type=[application/x-www-form-urlencoded], Upgrade-Insecure-Requests=[1]} response {Expires=[0], Cache-Control=[no-cache, no-store, must-revalidate], X-XSS-Protection=[1], X-Content-Type-Options=[nosniff], Pragma=[no-cache], X-Frame-Options=[SAMEORIGIN]}}, authentication required: true
13:49:05,655 DEBUG [io.undertow.request.security] (default task-70) Authentication outcome was NOT_ATTEMPTED with method io.undertow.security.impl.CachedAuthenticatedSessionMechanism#1cb334c2 for HttpServerExchange{ POST /SECUI/jaxrs/Authentication request {Cache-Control=[max-age=0], Accept-Encoding=[gzip, deflate, br], DNT=[1], Origin=[https://IdentyProvider.com:8443], Connection=[keep-alive], Sec-Fetch-Site=[same-site], Cookie=[secure=vReGx1TlykEsdWTMHUr3Y7TGMcDVekUasOvNnbAt.CAT_ICM_HUB_SEC_01; amlbcookie=01; iPlanetDirectoryPro=pa8p9OjugxK8YgBtiTAmClm9-dc.*AAJTSQACMDUAAlNLABxKMXNTaU1mOWhteWEwK0FaWFhwaTBwTGFvbHM9AAR0eXBlAANDVFMAAlMxAAIwMQ..*], Referer=[https://IdentyProvider.com:8443/openam/SSOPOST/metaAlias/SSO/idp4?ReqID=ID_03fe131e-b20e-4955-8626-df21adfb4dfa&index=null&acsURL=https://serviceProvider.com:8583/SECUI/jaxrs/Authentication&spEntityID=https://serviceProvider.com:8583/SECUI/jaxrs/Authentication&binding=urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST], Host=[serviceProvider.com:8583], Accept=[text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9], Accept-Language=[en-US,en;q=0.9], Sec-Fetch-Mode=[navigate], User-Agent=[Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.122 Safari/537.36], Sec-Fetch-Dest=[document], Content-Length=[6627], Content-Type=[application/x-www-form-urlencoded], Upgrade-Insecure-Requests=[1]} response {Expires=[0], Cache-Control=[no-cache, no-store, must-revalidate], X-XSS-Protection=[1], X-Content-Type-Options=[nosniff], Pragma=[no-cache], X-Frame-Options=[SAMEORIGIN]}}
13:49:06,381 DEBUG [org.jboss.modcluster] (UndertowEventHandlerAdapter - 1) MODCLUSTER000009: Sending STATUS for default-server
13:49:06,382 DEBUG [io.undertow.request] (default I/O-2) Received CPING, sending CPONG
13:49:06,700 DEBUG [io.undertow.request.security] (default task-70) Authenticated as 1575777, roles []
13:49:06,701 DEBUG [io.undertow.request.security] (default task-70) Authentication outcome was AUTHENTICATED with method org.picketlink.identity.federation.bindings.wildfly.sp.SPFormAuthenticationMechanism#b6af5cf for HttpServerExchange{ POST /SECUI/jaxrs/Authentication request {Cache-Control=[max-age=0], Accept-Encoding=[gzip, deflate, br], DNT=[1], Origin=[https://IdentyProvider.com:8443], Connection=[keep-alive], Sec-Fetch-Site=[same-site], Cookie=[secure=vReGx1TlykEsdWTMHUr3Y7TGMcDVekUasOvNnbAt.CAT_ICM_HUB_SEC_01; amlbcookie=01; iPlanetDirectoryPro=pa8p9OjugxK8YgBtiTAmClm9-dc.*AAJTSQACMDUAAlNLABxKMXNTaU1mOWhteWEwK0FaWFhwaTBwTGFvbHM9AAR0eXBlAANDVFMAAlMxAAIwMQ..*], Referer=[https://IdentyProvider.com:8443/openam/SSOPOST/metaAlias/SSO/idp4?ReqID=ID_03fe131e-b20e-4955-8626-df21adfb4dfa&index=null&acsURL=https://serviceProvider.com:8583/SECUI/jaxrs/Authentication&spEntityID=https://serviceProvider.com:8583/SECUI/jaxrs/Authentication&binding=urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST], Host=[serviceProvider.com:8583], Accept=[text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9], Accept-Language=[en-US,en;q=0.9], Sec-Fetch-Mode=[navigate], User-Agent=[Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.122 Safari/537.36], Sec-Fetch-Dest=[document], Content-Length=[6627], Content-Type=[application/x-www-form-urlencoded], Upgrade-Insecure-Requests=[1]} response {Expires=[0], Cache-Control=[no-cache, no-store, must-revalidate], X-XSS-Protection=[1], Pragma=[no-cache], X-Frame-Options=[SAMEORIGIN], Location=[https://serviceProvider.com:8583/SECUI/UI/index.htm], Date=[Wed, 25 Mar 2020 05:49:06 GMT], X-Content-Type-Options=[nosniff], Content-Length=[0]}}
13:49:06,701 DEBUG [io.undertow.request.security] (default task-70) Authentication result was AUTHENTICATED for HttpServerExchange{ POST /SECUI/jaxrs/Authentication request {Cache-Control=[max-age=0], Accept-Encoding=[gzip, deflate, br], DNT=[1], Origin=[https://IdentyProvider.com:8443], Connection=[keep-alive], Sec-Fetch-Site=[same-site], Cookie=[secure=vReGx1TlykEsdWTMHUr3Y7TGMcDVekUasOvNnbAt.CAT_ICM_HUB_SEC_01; amlbcookie=01; iPlanetDirectoryPro=pa8p9OjugxK8YgBtiTAmClm9-dc.*AAJTSQACMDUAAlNLABxKMXNTaU1mOWhteWEwK0FaWFhwaTBwTGFvbHM9AAR0eXBlAANDVFMAAlMxAAIwMQ..*], Referer=[https://IdentyProvider.com:8443/openam/SSOPOST/metaAlias/SSO/idp4?ReqID=ID_03fe131e-b20e-4955-8626-df21adfb4dfa&index=null&acsURL=https://serviceProvider.com:8583/SECUI/jaxrs/Authentication&spEntityID=https://serviceProvider.com:8583/SECUI/jaxrs/Authentication&binding=urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST], Host=[serviceProvider.com:8583], Accept=[text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9], Accept-Language=[en-US,en;q=0.9], Sec-Fetch-Mode=[navigate], User-Agent=[Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.122 Safari/537.36], Sec-Fetch-Dest=[document], Content-Length=[6627], Content-Type=[application/x-www-form-urlencoded], Upgrade-Insecure-Requests=[1]} response {Expires=[0], Cache-Control=[no-cache, no-store, must-revalidate], X-XSS-Protection=[1], Pragma=[no-cache], X-Frame-Options=[SAMEORIGIN], Location=[https://serviceProvider.com:8583/SECUI/UI/index.htm], Date=[Wed, 25 Mar 2020 05:49:06 GMT], X-Content-Type-Options=[nosniff], Content-Length=[0]}}
13:49:07,014 DEBUG [io.undertow.request] (default I/O-12) Received CPING, sending CPONG
13:49:07,014 DEBUG [io.undertow.request] (default I/O-12) Matched prefix path /SECUI for path /SECUI/UI/index.htm
13:49:07,015 DEBUG [io.undertow.request.security] (default task-71) Security constraints for request /SECUI/UI/index.htm are [SingleConstraintMatch{emptyRoleSemantic=AUTHENTICATE, requiredRoles=[]}]
13:49:07,015 DEBUG [io.undertow.request.security] (default task-71) Authenticating required for request HttpServerExchange{ GET /SECUI/UI/index.htm request {Accept=[text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9], Accept-Language=[en-US,en;q=0.9], Cache-Control=[max-age=0], Sec-Fetch-Mode=[navigate], Accept-Encoding=[gzip, deflate, br], DNT=[1], User-Agent=[Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.122 Safari/537.36], Sec-Fetch-Dest=[document], Connection=[keep-alive], Sec-Fetch-Site=[same-site], Cookie=[secure=vReGx1TlykEsdWTMHUr3Y7TGMcDVekUasOvNnbAt.CAT_ICM_HUB_SEC_01; amlbcookie=01; iPlanetDirectoryPro=pa8p9OjugxK8YgBtiTAmClm9-dc.*AAJTSQACMDUAAlNLABxKMXNTaU1mOWhteWEwK0FaWFhwaTBwTGFvbHM9AAR0eXBlAANDVFMAAlMxAAIwMQ..*], Referer=[https://IdentyProvider.com:8443/openam/SSOPOST/metaAlias/SSO/idp4?ReqID=ID_03fe131e-b20e-4955-8626-df21adfb4dfa&index=null&acsURL=https://serviceProvider.com:8583/SECUI/jaxrs/Authentication&spEntityID=https://serviceProvider.com:8583/SECUI/jaxrs/Authentication&binding=urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST], Upgrade-Insecure-Requests=[1], Host=[serviceProvider.com:8583]} response {X-XSS-Protection=[1], X-Content-Type-Options=[nosniff], X-Frame-Options=[SAMEORIGIN]}}
13:49:07,015 DEBUG [io.undertow.request.security] (default task-71) Setting authentication required for exchange HttpServerExchange{ GET /SECUI/UI/index.htm request {Accept=[text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9], Accept-Language=[en-US,en;q=0.9], Cache-Control=[max-age=0], Sec-Fetch-Mode=[navigate], Accept-Encoding=[gzip, deflate, br], DNT=[1], User-Agent=[Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.122 Safari/537.36], Sec-Fetch-Dest=[document], Connection=[keep-alive], Sec-Fetch-Site=[same-site], Cookie=[secure=vReGx1TlykEsdWTMHUr3Y7TGMcDVekUasOvNnbAt.CAT_ICM_HUB_SEC_01; amlbcookie=01; iPlanetDirectoryPro=pa8p9OjugxK8YgBtiTAmClm9-dc.*AAJTSQACMDUAAlNLABxKMXNTaU1mOWhteWEwK0FaWFhwaTBwTGFvbHM9AAR0eXBlAANDVFMAAlMxAAIwMQ..*], Referer=[https://IdentyProvider.com:8443/openam/SSOPOST/metaAlias/SSO/idp4?ReqID=ID_03fe131e-b20e-4955-8626-df21adfb4dfa&index=null&acsURL=https://serviceProvider.com:8583/SECUI/jaxrs/Authentication&spEntityID=https://serviceProvider.com:8583/SECUI/jaxrs/Authentication&binding=urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST], Upgrade-Insecure-Requests=[1], Host=[serviceProvider.com:8583]} response {X-XSS-Protection=[1], X-Content-Type-Options=[nosniff], X-Frame-Options=[SAMEORIGIN]}}
13:49:07,015 DEBUG [io.undertow.request.security] (default task-71) Attempting to authenticate HttpServerExchange{ GET /SECUI/UI/index.htm request {Accept=[text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9], Accept-Language=[en-US,en;q=0.9], Cache-Control=[max-age=0], Sec-Fetch-Mode=[navigate], Accept-Encoding=[gzip, deflate, br], DNT=[1], User-Agent=[Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.122 Safari/537.36], Sec-Fetch-Dest=[document], Connection=[keep-alive], Sec-Fetch-Site=[same-site], Cookie=[secure=vReGx1TlykEsdWTMHUr3Y7TGMcDVekUasOvNnbAt.CAT_ICM_HUB_SEC_01; amlbcookie=01; iPlanetDirectoryPro=pa8p9OjugxK8YgBtiTAmClm9-dc.*AAJTSQACMDUAAlNLABxKMXNTaU1mOWhteWEwK0FaWFhwaTBwTGFvbHM9AAR0eXBlAANDVFMAAlMxAAIwMQ..*], Referer=[https://IdentyProvider.com:8443/openam/SSOPOST/metaAlias/SSO/idp4?ReqID=ID_03fe131e-b20e-4955-8626-df21adfb4dfa&index=null&acsURL=https://serviceProvider.com:8583/SECUI/jaxrs/Authentication&spEntityID=https://serviceProvider.com:8583/SECUI/jaxrs/Authentication&binding=urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST], Upgrade-Insecure-Requests=[1], Host=[serviceProvider.com:8583]} response {Expires=[0], Cache-Control=[no-cache, no-store, must-revalidate], X-XSS-Protection=[1], X-Content-Type-Options=[nosniff], Pragma=[no-cache], X-Frame-Options=[SAMEORIGIN]}}, authentication required: true
13:49:07,015 DEBUG [io.undertow.request.security] (default task-71) Authentication outcome was NOT_ATTEMPTED with method io.undertow.security.impl.CachedAuthenticatedSessionMechanism#1cb334c2 for HttpServerExchange{ GET /SECUI/UI/index.htm request {Accept=[text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9], Accept-Language=[en-US,en;q=0.9], Cache-Control=[max-age=0], Sec-Fetch-Mode=[navigate], Accept-Encoding=[gzip, deflate, br], DNT=[1], User-Agent=[Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.122 Safari/537.36], Sec-Fetch-Dest=[document], Connection=[keep-alive], Sec-Fetch-Site=[same-site], Cookie=[secure=vReGx1TlykEsdWTMHUr3Y7TGMcDVekUasOvNnbAt.CAT_ICM_HUB_SEC_01; amlbcookie=01; iPlanetDirectoryPro=pa8p9OjugxK8YgBtiTAmClm9-dc.*AAJTSQACMDUAAlNLABxKMXNTaU1mOWhteWEwK0FaWFhwaTBwTGFvbHM9AAR0eXBlAANDVFMAAlMxAAIwMQ..*], Referer=[https://IdentyProvider.com:8443/openam/SSOPOST/metaAlias/SSO/idp4?ReqID=ID_03fe131e-b20e-4955-8626-df21adfb4dfa&index=null&acsURL=https://serviceProvider.com:8583/SECUI/jaxrs/Authentication&spEntityID=https://serviceProvider.com:8583/SECUI/jaxrs/Authentication&binding=urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST], Upgrade-Insecure-Requests=[1], Host=[serviceProvider.com:8583]} response {Expires=[0], Cache-Control=[no-cache, no-store, must-revalidate], X-XSS-Protection=[1], X-Content-Type-Options=[nosniff], Pragma=[no-cache], X-Frame-Options=[SAMEORIGIN]}}
13:49:07,015 DEBUG [io.undertow.request.security] (default task-71) Authenticated as 1575777, roles []
13:49:07,016 DEBUG [io.undertow.request.security] (default task-71) Authentication outcome was AUTHENTICATED with method org.picketlink.identity.federation.bindings.wildfly.sp.SPFormAuthenticationMechanism#b6af5cf for HttpServerExchange{ GET /SECUI/UI/index.htm request {Accept=[text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9], Accept-Language=[en-US,en;q=0.9], Cache-Control=[max-age=0], Sec-Fetch-Mode=[navigate], Accept-Encoding=[gzip, deflate, br], DNT=[1], User-Agent=[Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.122 Safari/537.36], Sec-Fetch-Dest=[document], Connection=[keep-alive], Sec-Fetch-Site=[same-site], Cookie=[secure=vReGx1TlykEsdWTMHUr3Y7TGMcDVekUasOvNnbAt.CAT_ICM_HUB_SEC_01; amlbcookie=01; iPlanetDirectoryPro=pa8p9OjugxK8YgBtiTAmClm9-dc.*AAJTSQACMDUAAlNLABxKMXNTaU1mOWhteWEwK0FaWFhwaTBwTGFvbHM9AAR0eXBlAANDVFMAAlMxAAIwMQ..*], Referer=[https://IdentyProvider.com:8443/openam/SSOPOST/metaAlias/SSO/idp4?ReqID=ID_03fe131e-b20e-4955-8626-df21adfb4dfa&index=null&acsURL=https://serviceProvider.com:8583/SECUI/jaxrs/Authentication&spEntityID=https://serviceProvider.com:8583/SECUI/jaxrs/Authentication&binding=urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST], Upgrade-Insecure-Requests=[1], Host=[serviceProvider.com:8583]} response {Expires=[0], Cache-Control=[no-cache, no-store, must-revalidate], X-XSS-Protection=[1], X-Content-Type-Options=[nosniff], Pragma=[no-cache], X-Frame-Options=[SAMEORIGIN]}}
13:49:07,016 DEBUG [io.undertow.request.security] (default task-71) Authentication result was AUTHENTICATED for HttpServerExchange{ GET /SECUI/UI/index.htm request {Accept=[text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9], Accept-Language=[en-US,en;q=0.9], Cache-Control=[max-age=0], Sec-Fetch-Mode=[navigate], Accept-Encoding=[gzip, deflate, br], DNT=[1], User-Agent=[Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.122 Safari/537.36], Sec-Fetch-Dest=[document], Connection=[keep-alive], Sec-Fetch-Site=[same-site], Cookie=[secure=vReGx1TlykEsdWTMHUr3Y7TGMcDVekUasOvNnbAt.CAT_ICM_HUB_SEC_01; amlbcookie=01; iPlanetDirectoryPro=pa8p9OjugxK8YgBtiTAmClm9-dc.*AAJTSQACMDUAAlNLABxKMXNTaU1mOWhteWEwK0FaWFhwaTBwTGFvbHM9AAR0eXBlAANDVFMAAlMxAAIwMQ..*], Referer=[https://IdentyProvider.com:8443/openam/SSOPOST/metaAlias/SSO/idp4?ReqID=ID_03fe131e-b20e-4955-8626-df21adfb4dfa&index=null&acsURL=https://serviceProvider.com:8583/SECUI/jaxrs/Authentication&spEntityID=https://serviceProvider.com:8583/SECUI/jaxrs/Authentication&binding=urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST], Upgrade-Insecure-Requests=[1], Host=[serviceProvider.com:8583]} response {Expires=[0], Cache-Control=[no-cache, no-store, must-revalidate], X-XSS-Protection=[1], X-Content-Type-Options=[nosniff], Pragma=[no-cache], X-Frame-Options=[SAMEORIGIN]}}
13:49:07,223 DEBUG [io.undertow.request] (default I/O-12) Received CPING, sending CPONG
HTTP Log:
10.128.117.63 - - [25/Mar/2020:13:58:40 +0800] "POST /SECUI/jaxrs/Authentication HTTP/1.1" 302 -
==> ssl_request_log.2020-03-25 <==
[25/Mar/2020:13:58:40 +0800] 10.128.117.63 TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 "POST /SECUI/jaxrs/Authentication HTTP/1.1" -
==> ssl_access_log.2020-03-25 <==
10.128.117.63 - - [25/Mar/2020:13:58:40 +0800] "GET /SECUI/UI/index.htm HTTP/1.1" 200 7342
==> ssl_request_log.2020-03-25 <==
[25/Mar/2020:13:58:40 +0800] 10.128.117.63 TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 "GET /SECUI/UI/index.htm HTTP/1.1" 7342
PiketLink.xml
<PicketLink xmlns="urn:picketlink:identity-federation:config:2.1">
<PicketLinkSP xmlns="urn:picketlink:identity-federation:config:2.1" LogOutPage="/customLogout.jsp" SupportsSignatures="true" BindingType="POST">
<IdentityURL>https://IdentyProvider.com:8443/openam/SSOPOST/metaAlias/SSO/idp4</IdentityURL>
<!-- <ServiceURL>https://serviceProvider.com:8583/SECUI/UI/index.htm</ServiceURL> -->
<ServiceURL>https://serviceProvider.com:8583/SECUI/jaxrs/Authentication</ServiceURL>
<KeyProvider ClassName="org.picketlink.identity.federation.core.impl.KeyStoreKeyManager">
<Auth Key="KeyStoreURL" Value="/jboss/eap/7.1/instances/CAT_ICM_HUB_SEC_01/MFA.jks" />
<Auth Key="KeyStorePass" Value="changeit" />
<Auth Key="SigningKeyPass" Value="changeit" />
<Auth Key="SigningKeyAlias" Value="serviceProvider.com" />
<ValidatingAlias Key="serviceProvider.com" Value="serviceProvider.com" />
<ValidatingAlias Key="IdentyProvider.com" Value="IdentyProvider.com" />
</KeyProvider>
</PicketLinkSP>
<Handlers xmlns="urn:picketlink:identity-federation:handler:config:2.1">
<Handler class="org.picketlink.identity.federation.web.handlers.saml2.SAML2LogOutHandler" />
<!-- <Handler class="org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2HandlerResponse"/> -->
<!-- <Handler class="org.picketlink.identity.federation.web.handlers.saml2.SAML2AttributeHandler "/> -->
<Handler class="org.picketlink.identity.federation.web.handlers.saml2.SAML2AuthenticationHandler" >
<!-- <Option Key="ASSERTION_CONSUMER_URL" Value="https://serviceProvider.com:8583/SECUI/UI/index.htm"/> -->
</Handler>
<Handler class="org.picketlink.identity.federation.web.handlers.saml2.RolesGenerationHandler" />
<Handler class="org.picketlink.identity.federation.web.handlers.saml2.SAML2SignatureGenerationHandler" />
<!-- <Handler class="org.picketlink.identity.federation.web.handlers.saml2.SAML2SignatureValidationHandler" /> -->
</Handlers>
</PicketLink>

Related

Chrome "access-Control-Allow-Origin" header for origin error (CORS)

I have the following setup:
Webserver 1 https://localhost:8888
Webserver 2 https://localhost:9005
Webserver 3 https://localhost:9006
I open https://localhost:8888 from a Web browser and enter the following JS code.
(async () => {
const endpointId = '1d60eb5195725648';
const continueUrl = 'https://localhost:9006/'
const signinUrl = new URL('https://localhost:9005/_login');
signinUrl.searchParams.set('continue', continueUrl);
signinUrl.searchParams.set('endpoint', endpointId);
const response = await fetch(signinUrl.toString(), {
credentials: 'include',
headers: {
'Authorization': `Bearer ${gapi.auth.getToken().access_token}`,
},
});
})();
I'm getting this error in my Chrome Browser Version 102.0.5005.115
Access to fetch at 'https://localhost:9006/?TOKEN=0<Truncated>c&endpoint=1d60eb5195725648' (redirected from 'https://localhost:9005/_login?continue=https%3A%2F%2Flocalhost%3A9006%2F&endpoint=1d60eb5195725648') from origin 'https://localhost:8888' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: The 'Access-Control-Allow-Origin' header has a value 'https://localhost:8888' that is not equal to the supplied origin. Have the server send the header with a valid value, or, if an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
Looks like Origin field is correct according to the info in Headers. What am I missing?
(I truncated Token to improve readability)
Requests:
Request URL: https://localhost:9005/_login?continue=https%3A%2F%2Flocalhost%3A9006%2F&endpoint=1d60eb5195725648
Request Method: OPTIONS
Status Code: 200 OK
Remote Address: [::1]:9005
Referrer Policy: origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Authorization
Access-Control-Allow-Headers: Proxy-Authorization
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: https://localhost:8888
Content-Length: 0
Date: Sun, 12 Jun 2022 02:47:09 GMT
--
Accept: */*
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9,es;q=0.8
Access-Control-Request-Headers: authorization
Access-Control-Request-Method: GET
Cache-Control: no-cache
Connection: keep-alive
Host: localhost:9005
Origin: https://localhost:8888
Pragma: no-cache
Referer: https://localhost:8888/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.0.0 Safari/537.36
Request URL: https://localhost:9005/_login?continue=https%3A%2F%2Flocalhost%3A9006%2F&endpoint=1d60eb5195725648
Request Method: GET
Status Code: 302 Found
Remote Address: [::1]:9005
Referrer Policy: origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://localhost:8888
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Content-Length: 360
Content-Type: text/html; charset=utf-8
Date: Sun, 12 Jun 2022 02:47:09 GMT
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Location: https://localhost:9006/?TOKEN=00cfdab4e480656ed7d71b3e58df42fe5422d85d33118a5af5fb7cc66f2d81330b46740ccbca4927ecfe841e751f0de72fdf53c4eb7d66b7c5ab857e33c6beaa270950fe0c49047fd5260db3120731d0abbfe3be1a0d316db4b0754610c81e2b070cea24e46e0e5ef76937c65832ef7c315b452b846e87f59be3124478cee49045162c&endpoint=1d60eb5195725648
Pragma: no-cache
Accept: */*
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9,es;q=0.8
Authorization: Bearer ya29.a0ARrdaM8mfOksOCl6l4O13z5PQv1cUVgKDKWgbo_rNXDL_Fw_-aedVVJdAFOSYByUjEy1WYrAKoik0KHx_c69aCXZcuAXbYedYkZRtDb5Y3Bz98eqjrOBjT0XrWspWdGNqRvsq_L_rDERdnsUFDFKCNiFCHV4sg
Cache-Control: no-cache
Connection: keep-alive
Cookie: _ga=GA1.1.1057744305.1654277711; _gid=GA1.1.1514740287.1654641546; _gat=1
Host: localhost:9005
Origin: https://localhost:8888
Pragma: no-cache
Referer: https://localhost:8888/
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="102", "Google Chrome";v="102"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "macOS"
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.0.0 Safari/537.36
Request URL: https://localhost:9006/?TOKEN=00cfdab4e480656ed7d71b3e58df42fe5422d85d33118a5af5fb7cc66f2d81330b46740ccbca4927ecfe841e751f0de72fdf53c4eb7d66b7c5ab857e33c6beaa270950fe0c49047fd5260db3120731d0abbfe3be1a0d316db4b0754610c81e2b070cea24e46e0e5ef76937c65832ef7c315b452b846e87f59be3124478cee49045162c&endpoint=1d60eb5195725648
Referrer Policy: origin
Provisional headers are shown
Learn more
Referer: https://localhost:8888/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.0.0 Safari/537.36

Chrome refuses to cache http response

I set max-age in Cache-Control header, but every time when I reload the webpage, it just goes out and fetches the resource again, following is an example request and response headers:
Request Headers
:authority: mydomain.com
:method: GET
:path: /.well-known/openid-configuration
:scheme: https
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
accept-encoding: gzip, deflate, br
accept-language: en
cache-control: max-age=0 // I have no idea why this is sent in request by chrome
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="98", "Google Chrome";v="98"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
sec-fetch-dest: document
sec-fetch-mode: navigate
sec-fetch-site: none
sec-fetch-user: ?1
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.102 Safari/537.36
Response Headers
access-control-allow-credentials: true
cache-control: public, s-maxage=2678400, max-age=14400, immutable
cf-cache-status: DYNAMIC
cf-ray: 6e7465234fc16c30-SIN
content-encoding: br
content-type: application/json; charset=utf-8
date: Sat, 05 Mar 2022 16:58:12 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dSVocqHdnD4mopGV2L7pD08hRF3MZbpmBAsNHWm2eBznl15JNgOU7bkNcBn4qgoszBpGpGoCBPSbgCLWq796dv0jta9Ajlwq0BCEyW55h3Q2NO7mfQuz8cABZLAgWam4"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Origin, Accept-Encoding

How to pass Request Headers into requests.get(url, headers = headers) in proper format?

Below are the request headers I copied from chrome. How do I pass these values to response = requests.get(url, headers = headers) so that I don't get any error. Should all the keys and values be made strings by enclosing within '' ?
:authority: portal.grab.com
:method: POST
:path: /foodweb/v2/search
:scheme: https
accept: application/json, text/plain, /
accept-encoding: gzip, deflate, br
accept-language: en
content-length: 87
content-type: application/json;charset=UTF-8
origin: https://food.grab.com
referer: https://food.grab.com/
sec-ch-ua: "Google Chrome";v="95", "Chromium";v="95", ";Not A Brand";v="99"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "macOS"
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: same-site
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
x-country-code: PH
x-gfc-country: PH
x-grab-web-app-version: ~k5VPZk5KBtLKJOP7fLbR
x-recaptcha-token: 03AGdBq24a8dFVYhN75ZFSZR6MSzf8anLJEc-c6xCFkUYi87f5FQLlYV8NeHspOYwqJYS1ypTDvpPVU4FG6NbvkwbwHgHCxAOaiHi8sLtnraXL78xszl-HgySw_yBGCadmL4I9TmnDL8HITA4ug4FZ-tITOWIE9AI1L2OWAgFJC25r663aHtF16pJGLJovE4D1IVm2NziSUhWNdlv9aSxym4s1dGhM9YTu0w2FNCfiHqLURKs-sk4GLQ-O1Xv2xuTRuvBiDxXZYisKKt0nnoMpov5CPmwzFVaQGFXVk5xLz05bsbsdN7gf4DcoGD8i1yM3vbNMld-gqgDJ6DhLX3IY6NxJ_2QdH-dQctu4OCB9oPUursOAFs6ph8Xqf_kL3XQLzdO2qRMhU9wVlmAocV8lm8DTF0Urxp1JkRY6X7SeKDeQsX0KX2vO3ZFFjfYb19Gqpts5CQCGJO5j

There is an example how to format headers in Python requests documentation: Custom Headers so in your case it should looks like this:
headers = {
'accept': 'application/json, text/plain, /',
'accept-encoding': 'gzip, deflate, br',
'accept-language': 'en',
'content-length': '87',
'content-type': 'application/json;charset=UTF-8',
'origin': 'https://food.grab.com',
'referer': 'https://food.grab.com/',
'sec-ch-ua': '"Google Chrome";v="95", "Chromium";v="95", ";Not A Brand";v="99"',
'sec-ch-ua-mobile': '?0',
'sec-ch-ua-platform': '"macOS"',
'sec-fetch-dest': 'empty',
'sec-fetch-mode': 'cors',
'sec-fetch-site': 'same-site',
'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36',
'x-country-code': 'PH',
'x-gfc-country': 'PH',
'x-grab-web-app-version': '~k5VPZk5KBtLKJOP7fLbR',
'x-recaptcha-token': '03AGdBq24a8dFVYhN75ZFSZR6MSzf8anLJEc-c6xCFkUYi87f5FQLlYV8NeHspOYwqJYS1ypTDvpPVU4FG6NbvkwbwHgHCxAOaiHi8sLtnraXL78xszl-HgySw_yBGCadmL4I9TmnDL8HITA4ug4FZ-tITOWIE9AI1L2OWAgFJC25r663aHtF16pJGLJovE4D1IVm2NziSUhWNdlv9aSxym4s1dGhM9YTu0w2FNCfiHqLURKs-sk4GLQ-O1Xv2xuTRuvBiDxXZYisKKt0nnoMpov5CPmwzFVaQGFXVk5xLz05bsbsdN7gf4DcoGD8i1yM3vbNMld-gqgDJ6DhLX3IY6NxJ_2QdH-dQctu4OCB9oPUursOAFs6ph8Xqf_kL3XQLzdO2qRMhU9wVlmAocV8lm8DTF0Urxp1JkRY6X7SeKDeQsX0KX2vO3ZFFjfYb19Gqpts5CQCGJO5j'
}

ReactJS fetch post API 405 issue

I am using swagger to post APi which works fine, but when I post it from react jsm that cause 405 issue.
Fiddler appears the RAW information for swagger as following:
POST http://localhost:7100/api/test/submit?guid=17327026-4348-4ce9-aceb-5774c3a724bf HTTP/1.1
Host: localhost:7100
Connection: keep-alive
Content-Length: 14
Origin: http://localhost:7100
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.78 Safari/537.36
Content-Type: application/json
Accept: */*
Referer: http://localhost:7100/swagger/ui/index
Accept-Encoding: gzip, deflate, br
Accept-Language: en,en-US;q=0.8,zh;q=0.6,zh-CN;q=0.4
Cookie: ASP.NET_SessionId=yzdydpdimqvgpvejykzjqqqb; .ASPXAUTH=dWLGc_XQvl3qTNrEJXsRyk3w-tXBSFeXKC0bIUDzLDLFJi5kbSAt_hcJXQs0-pfz7uVm-VJ27ZGAbN8eErCNV-Wozn3D1ZbHD7ONNN5VCMjT_Joyz_1aIcTZLR401s0TtC4Br1sRlerv0zX4F4xnDLhrIm5YKkGfZj2aZzDgc-KjNPVWY1SEC6k2XqPq54vo9_HUvudihHGlneNx1n2JlodvFxAeYudKnUSBRWpp2rRAx94uF7KmmP5BQoTmBTTq1qKSv98YiPToicePFR32d9yk1Uw1qcFrnkKD2zKOCuJByNgCLN_eC5dOmdLKfPCekciEJ16KfeYg8XeApIf13vCrtGOy-L2EXibWuEjUjKCrUy8sfYTGNZbxDffTg9gNOn7-nfyR5hKLYDM0CxfmENV7S0ExTSFyGhsR5aqqB3oXq3A_i8ENabgGMy_tFyor06S7_vrUUcDlS2hFgsxWzgMrRUdVIlohHK2-slPdbhwuUKIZXKKiSQijwH0RskwF-l8RyVe_0VCcCVipk4MXtncDvrubmEW09LWeOycyc0wc1BmMHL9AATpBHA6WBNLEaMGS9-x-RhFC5YNJW1KtetmlXiaKmiX9L-2wWhVRgjlhmfjtRPjxlVvW1GxyeKC-JOlSPnY6DInNM-qa2dcZjdaoffdnLBvzKTHkJNwzUSZw8fN-Vz6SVmURMtpEQAKmxloNvw
"test working"
for post from react as following:
OPTIONS http://localhost:7100/api/test/submit?guid=17327026-4348-4CE9-ACEB-5774C3A724BF HTTP/1.1
Host: localhost:7100
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Access-Control-Request-Method: POST
Origin: http://localhost:3000
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.78 Safari/537.36
Access-Control-Request-Headers: content-type
Accept: */*
Referer: http://localhost:3000/?testId=17327026-4348-4ce9-aceb-5774c3a724bf
Accept-Encoding: gzip, deflate, br
Accept-Language: en,en-US;q=0.8,zh;q=0.6,zh-CN;q=0.4
I believe something wrong in following fetch post function, is there any chance to fix it, then the RAW information can be same as first one.
onFormSubmit(Result) {
fetch("http://localhost:7100/api/test/submit?guid=" + "17327026-4348-4CE9-ACEB-5774C3A724BF",
{
method: 'POST',
// headers: {'Content-Type':'application/x-www-form-urlencoded'},
headers: {'Content-Type':'application/json'},
// contentType: 'application/json; charset=utf-8',
// body: JSON.stringify(result)
body: "test working"
})
.then((response) => {
console.log(response.ok ? 'success' : 'error');
})
.catch(function (error) {
console.log('catch error');
});
}

This is a CORS Issue You need to allow requests comming from http://localhost:3000 in you server.

Chrome & CORS with 302 redirects and withCredentials=true

I am having trouble with Chromium-based browsers and CORS requests that
include 302 redirects. More specifically, I am having trouble with Chromium
versions 34-42 inclusive; 43 and later works, and it seems 33 and earlier
versions worked as well (I didn't test too far past 33, 28 worked).
My XHR request uses withCredentials=true, so Access-Control-Allow-Origin="*"
is not allowed; the server must reply with an Access-Control-Allow-Origin
header that echoes the incoming request's Origin header.
After receiving the first 302, Chromium 43 and later sends "Origin: null" as
part of the redirected request, and accepts 'Access-Control-Allow-Origin: null"
in response (as does Firefox).
The Chromium series of 34-42 all send the host name as Origin for all requests,
and several issues from this time indicate that CORS redirects were only
supported with Access-Control-Allow-Origin set to "*", and that "the original
XHR must not have allow-credentials set to true", example:
https://code.google.com/p/chromium/issues/detail?id=154967
I am hoping this is a misconception, and there is something as an app
developer I can do on the client and/or server to coerce those versions to
not cancel the redirect, or failing that, ideas for a workaround.
Version 33 & earlier sent the entire host name for every request, and the full
roundtrip works.
One possibility for a workaround I have been experimenting with stems from the
fact that, I actually do not need withCredentials=true for the cross-domain
request, I only need it for the redirect back to the origin host to exchange
cookie-based authentication for an access_token, but I could not find a way to
get the client to send a cookie when following the 302 to itself unless it was
also sent with the original cross-domain request.
To illustrate, here are excerpts from a chrome://net-internals/#events log for
a successful request using Chrome 43:
[img src]
HTTP_TRANSACTION_SEND_REQUEST_HEADERS
--> GET /media/uploads/bucket/a746a337-5c20-46a6-a1fc-701e772970fd-bWFpbi1uLW4tMC0wLTAtNDUwLTQ0NQ%3D%3D.jpg?timestamp=1437075435614 HTTP/1.1
Host: media-qa.example.com
Origin: https://qa-app.example.com
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
Referer: https://qa-app.example.com/media/photos/
Cookie: [1568 bytes were stripped]
HTTP_TRANSACTION_READ_RESPONSE_HEADERS
--> HTTP/1.1 302 FOUND
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-HTTP-Method-Override, Content-Type, X-Requested-With
Access-Control-Allow-Origin: https://qa-app.example.com
Content-Type: text/html; charset=utf-8
Location: https://qa-app.example.com/oauth/authorize/?request_uri=https%3A//media-qa.example.com/media/uploads/bucket/a746a337-5c20-46a6-a1fc-701e772970fd-bWFpbi1uLW4tMC0wLTAtNDUwLTQ0NQ%3D%3D.jpg%3Ftimestamp%3D1437075435614
[get cross-domain access token]
HTTP_TRANSACTION_SEND_REQUEST_HEADERS
--> GET /oauth/authorize/?request_uri=https%3A//media-qa.example.com/media/uploads/bucket/a746a337-5c20-46a6-a1fc-701e772970fd-bWFpbi1uLW4tMC0wLTAtNDUwLTQ0NQ%3D%3D.jpg%3Ftimestamp%3D1437075435614 HTTP/1.1
Host: qa-app.example.com
Origin: null
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
Referer: https://qa-app.example.com/media/photos/
Cookie: [1762 bytes were stripped]
HTTP_TRANSACTION_READ_RESPONSE_HEADERS
--> HTTP/1.1 302 FOUND
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Content-Type, X-HTTP-Method-Override, X-Requested-With
Access-Control-Allow-Origin: null
Content-Type: text/html; charset=utf-8
Location: https://media-qa.example.com/media/uploads/bucket/a746a337-5c20-46a6-a1fc-701e772970fd-bWFpbi1uLW4tMC0wLTAtNDUwLTQ0NQ==.jpg?timestamp=1437075435614&access_token=L221i4rC5R8NY2AbP4lIxo7apr6HlIHttKroKkQi3tzUSaL7NE7aoBcLUI432Mast8b/NH7ksFfRhsCOhK7P86Lc4C9GlkRn%2Bze/UBJeG8gbRVlnxdjdzBFfp9kAbYR9onDM9b1bUdRaV1q19it8OL3aBzThrmng1E%2BMmT%2BVyK0qXLqQ6yA/tHfrgyC9XwFbKqW6BQSpLOyVOPHZZ4t3dgzimTD9HJCbLUUjZt7nf7iCAOBcaR9CiUH8vlcP4wkOmXk3AoDslYu6IUZtRHrSs7OplBtTXgmzBlSaum%2BccFzdNu5TuH%2BQkmp2QQHErwRJkUNN9S5ZcRzlXdUGg8%2B698Wh5zYFVa%2B/pEfykkf%2BAuqKjbVicGq%2BgxCYOCuqe4YJU/GPMHsBC6gvVYFmtkDaG4za1N4fvbmBb9u%2BHHZNdW0kvj55N9QgJ86lHZjddvfEivET0TVTo1u0u6Wp/TM4EMXLtMK3urBpEAMWBT9PlE8%3D
[url redirection service adds cloudfront signature]
HTTP_TRANSACTION_SEND_REQUEST_HEADERS
--> GET /media/uploads/bucket/a746a337-5c20-46a6-a1fc-701e772970fd-bWFpbi1uLW4tMC0wLTAtNDUwLTQ0NQ==.jpg?timestamp=1437075435614&access_token=L221i4rC5R8NY2AbP4lIxo7apr6HlIHttKroKkQi3tzUSaL7NE7aoBcLUI432Mast8b/NH7ksFfRhsCOhK7P86Lc4C9GlkRn%2Bze/UBJeG8gbRVlnxdjdzBFfp9kAbYR9onDM9b1bUdRaV1q19it8OL3aBzThrmng1E%2BMmT%2BVyK0qXLqQ6yA/tHfrgyC9XwFbKqW6BQSpLOyVOPHZZ4t3dgzimTD9HJCbLUUjZt7nf7iCAOBcaR9CiUH8vlcP4wkOmXk3AoDslYu6IUZtRHrSs7OplBtTXgmzBlSaum%2BccFzdNu5TuH%2BQkmp2QQHErwRJkUNN9S5ZcRzlXdUGg8%2B698Wh5zYFVa%2B/pEfykkf%2BAuqKjbVicGq%2BgxCYOCuqe4YJU/GPMHsBC6gvVYFmtkDaG4za1N4fvbmBb9u%2BHHZNdW0kvj55N9QgJ86lHZjddvfEivET0TVTo1u0u6Wp/TM4EMXLtMK3urBpEAMWBT9PlE8%3D HTTP/1.1
Host: media-qa.example.com
Origin: null
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
Referer: https://qa-app.example.com/media/photos/
Cookie: [1568 bytes were stripped]
HTTP_TRANSACTION_READ_RESPONSE_HEADERS
--> HTTP/1.1 302 FOUND
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-HTTP-Method-Override, Content-Type, X-Requested-With
Access-Control-Allow-Origin: null
Content-Type: text/html; charset=utf-8
Location: https://gbbrsh.cloudfront.net/media/uploads/bucket/a746a337-5c20-46a6-a1fc-701e772970fd-bWFpbi1uLW4tMC0wLTAtNDUwLTQ0NQ==.jpg?Expires=1437075499&Signature=RpCVix5lcF5~Arah0WxhSoB3SN7ZfxXIwnaL8EOdlslIz5c9Ycic1wF~sjwTnWD5fxS~SBhexIz37oqjHjED3MTPiXAmuPjO1mQ-V8ACc8N-geWBIvMQRw9kCjCRmtquSs7TynaFqopv0BpQKH2G1xVdfoDaOZZWso7pXnpR50c2NdyDD-WMZNLKJ657Dj4-wCL8ZJdUPOgiXsfcxM1AZGy5P034SCL8JB8ZyEh1bUDszLkQa8lIpsy08mt9t8ZjFcR2i6bqBZNZOquT3jbOEy8VprL4lmtyOmVJaNTaBevZC6rQ6CM~jd~Ya2FockK5bNGYxM043OU71NExS0lHTg__&Key-Pair-Id=APKAJNUAAHKHVOSPPXTQ
Set-Cookie: [349 bytes were stripped]
[finally, get cloudfront image]
HTTP_TRANSACTION_SEND_REQUEST_HEADERS
--> GET /media/uploads/bucket/a746a337-5c20-46a6-a1fc-701e772970fd-bWFpbi1uLW4tMC0wLTAtNDUwLTQ0NQ==.jpg?Expires=1437075499&Signature=RpCVix5lcF5~Arah0WxhSoB3SN7ZfxXIwnaL8EOdlslIz5c9Ycic1wF~sjwTnWD5fxS~SBhexIz37oqjHjED3MTPiXAmuPjO1mQ-V8ACc8N-geWBIvMQRw9kCjCRmtquSs7TynaFqopv0BpQKH2G1xVdfoDaOZZWso7pXnpR50c2NdyDD-WMZNLKJ657Dj4-wCL8ZJdUPOgiXsfcxM1AZGy5P034SCL8JB8ZyEh1bUDszLkQa8lIpsy08mt9t8ZjFcR2i6bqBZNZOquT3jbOEy8VprL4lmtyOmVJaNTaBevZC6rQ6CM~jd~Ya2FockK5bNGYxM043OU71NExS0lHTg__&Key-Pair-Id=APKAJNUAAHKHVOSPPXTQ HTTP/1.1
Host: gbbrsh.cloudfront.net
Origin: null
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
Referer: https://qa-app.example.com/media/photos/
HTTP_TRANSACTION_READ_RESPONSE_HEADERS
--> HTTP/1.1 200 OK
Content-Length: 48776
Access-Control-Allow-Origin: null
Access-Control-Allow-Methods: GET
Access-Control-Max-Age: 3000
Access-Control-Allow-Credentials: true
Vary: Origin
And here is an unsuccessful log using version 42, note that all the redirects
using 43 above sent "Origin: null", but 42 sends the host name (which the
server replies with), and the client cancels the request:
HTTP_TRANSACTION_SEND_REQUEST_HEADERS
--> GET /media/uploads/bucket/a746a337-5c20-46a6-a1fc-701e772970fd-bWFpbi1uLW4tMC0wLTAtNDUwLTQ0NQ%3D%3D.jpg?timestamp=1437074740624 HTTP/1.1
Host: media-qa.example.com
Origin: https://qa-app.example.com
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Safari/537.36
Referer: https://qa-app.example.com/media/photos/
Cookie: [1571 bytes were stripped]
HTTP_TRANSACTION_READ_RESPONSE_HEADERS
--> HTTP/1.1 302 FOUND
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-HTTP-Method-Override, Content-Type, X-Requested-With
Access-Control-Allow-Origin: https://qa-app.example.com
Location: https://qa-app.example.com/oauth/authorize/?request_uri=https%3A//media-qa.example.com/media/uploads/bucket/a746a337-5c20-46a6-a1fc-701e772970fd-bWFpbi1uLW4tMC0wLTAtNDUwLTQ0NQ%3D%3D.jpg%3Ftimestamp%3D1437074740624
HTTP_TRANSACTION_SEND_REQUEST_HEADERS
--> GET /oauth/authorize/?request_uri=https%3A//media-qa.example.com/media/uploads/bucket/a746a337-5c20-46a6-a1fc-701e772970fd-bWFpbi1uLW4tMC0wLTAtNDUwLTQ0NQ%3D%3D.jpg%3Ftimestamp%3D1437074740624 HTTP/1.1
Host: qa-app.example.com
Origin: https://qa-app.example.com
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Safari/537.36
Referer: https://qa-app.example.com/media/photos/
Cookie: [1769 bytes were stripped]
HTTP_TRANSACTION_READ_RESPONSE_HEADERS
--> HTTP/1.1 302 FOUND
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Content-Type, X-HTTP-Method-Override, X-Requested-With
Access-Control-Allow-Origin: https://qa-app.example.com
Location: https://media-qa.example.com/media/uploads/bucket/a746a337-5c20-46a6-a1fc-701e772970fd-bWFpbi1uLW4tMC0wLTAtNDUwLTQ0NQ==.jpg?timestamp=1437074740624&access_token=JbXemck/weq2TjoVtgwuXDZB1GgmBqlDix3z5WfsWFlf2aZVmCud99wtAU%2BBErVxm6Lk1MRP1ubM/bf59URPs9uXMLYC%2Bnk6lAYQRUBhO3UmBnZk967W/5f9/1YnfRHQe1Y9fGRSkddQJdzdOwkMAvYSCw%2BN1ofkrb4tYKz9OWja1WRuim82Mt5uzdb5eXVLUnlCCgqt9LjN6yDHPm7UjMwQMG8V0kFPIkL4ZGb/5WfXXa2NJY1Qq3GbFGFQID49vw/XDP6B9q9kRIL4D/NuLUocRUvw5iHZciqygpnJl1GaRcVr%2B5%2BBbKBw3c0Gou4X/ojiewnds2pYPPxNGKploy88l4GcjpGw%2BXmDiP4wUgCojhRporBjp2y87AnaY1k6BSI1j9xHxiSnjXT7pMsyXpBfMYCoAwV/w1Fh1E/Tu1ygXJhaOHAx%2B19BxOIYPWFJVw3djggbkN1jRo%2Bde%2BolGjfEXtFarwfx4nyCeNyYAd0%3D
Vary: Accept-Encoding
URL_REQUEST_DELEGATE [dt=0]
+URL_REQUEST_DELEGATE [dt=3]
DELEGATE_INFO [dt=3]
--> delegate_info = "AsyncResourceHandler"
-URL_REQUEST_DELEGATE
CANCELLED
As I mentioned, if you go back to version 33, it works even though the client
was sending the host name in the Origin header for all requests:
HTTP_TRANSACTION_SEND_REQUEST_HEADERS
--> GET /media/uploads/bucket/a746a337-5c20-46a6-a1fc-701e772970fd-bWFpbi1uLW4tMC0wLTAtNDUwLTQ0NQ%3D%3D.jpg?timestamp=1437076851710 HTTP/1.1
Host: media-qa.example.com
Origin: https://qa-app.example.com
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.117 Safari/537.36
Referer: https://qa-app.example.com/media/photos/
Cookie: [1550 bytes were stripped]
HTTP_TRANSACTION_READ_RESPONSE_HEADERS
--> HTTP/1.1 302 FOUND
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-HTTP-Method-Override, Content-Type, X-Requested-With
Access-Control-Allow-Origin: https://qa-app.example.com
Location: https://qa-app.example.com/oauth/authorize/?request_uri=https%3A//media-qa.example.com/media/uploads/bucket/a746a337-5c20-46a6-a1fc-701e772970fd-bWFpbi1uLW4tMC0wLTAtNDUwLTQ0NQ%3D%3D.jpg%3Ftimestamp%3D1437076851710
HTTP_TRANSACTION_SEND_REQUEST_HEADERS
--> GET /oauth/authorize/?request_uri=https%3A//media-qa.example.com/media/uploads/bucket/a746a337-5c20-46a6-a1fc-701e772970fd-bWFpbi1uLW4tMC0wLTAtNDUwLTQ0NQ%3D%3D.jpg%3Ftimestamp%3D1437076851710 HTTP/1.1
Host: qa-app.example.com
Origin: https://qa-app.example.com
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.117 Safari/537.36
Referer: https://qa-app.example.com/media/photos/
Cookie: [1763 bytes were stripped]
HTTP_TRANSACTION_READ_RESPONSE_HEADERS
--> HTTP/1.1 302 FOUND
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Content-Type, X-HTTP-Method-Override, X-Requested-With
Access-Control-Allow-Origin: https://qa-app.example.com
Location: https://media-qa.example.com/media/uploads/bucket/a746a337-5c20-46a6-a1fc-701e772970fd-bWFpbi1uLW4tMC0wLTAtNDUwLTQ0NQ==.jpg?timestamp=1437076851710&access_token=C30mMVgoZSZtkpm3vgMNfLZEpkKT//%2BiZK5gbR39dvPfIaezfjNMocXJ0UCCH10jcE0yvOIrT8yISHerVvGZlGPy2rr2YwXkh1IsYcl0uNGYOP2bDYyz1cJNAwnRYZ4qS0uctDQiKNGZi3oC10TdIwzhz8aaOFAosRFEjPqrT553aXjpZr2SE4Z73TtU2pd%2B7ILICARbjp0r9yhDAAauJgQHkBAkcLVvW5TARQBeRR1OtXbf0CjN764EZ/2GEqCRhvo0rtVUQGUVpt/Sur9yFYUh1b/rFOZJ0o/Oj8rEUEg2c8p/O1ZrpN8emKMB%2BVWLXG97DPO6QpQmzGvaYCZsUDwGfvPNJ8wCtXEdQF0RzQMv3HG71StD9lK30BB46sDTuP24w7tH4PxqjY0cWBUpaMMz/mKLWuSWY6lerx7ibB7Gp%2B9OsclEHeaxKwFr%2BD63RFPmTwBtHKOF/PjIo%2BbmoxJZ07eJYAEYXDtfoLmFvM8%3D
Vary: Accept-Encoding
HTTP_TRANSACTION_SEND_REQUEST_HEADERS
--> GET /media/uploads/bucket/a746a337-5c20-46a6-a1fc-701e772970fd-bWFpbi1uLW4tMC0wLTAtNDUwLTQ0NQ==.jpg?timestamp=1437076851710&access_token=C30mMVgoZSZtkpm3vgMNfLZEpkKT//%2BiZK5gbR39dvPfIaezfjNMocXJ0UCCH10jcE0yvOIrT8yISHerVvGZlGPy2rr2YwXkh1IsYcl0uNGYOP2bDYyz1cJNAwnRYZ4qS0uctDQiKNGZi3oC10TdIwzhz8aaOFAosRFEjPqrT553aXjpZr2SE4Z73TtU2pd%2B7ILICARbjp0r9yhDAAauJgQHkBAkcLVvW5TARQBeRR1OtXbf0CjN764EZ/2GEqCRhvo0rtVUQGUVpt/Sur9yFYUh1b/rFOZJ0o/Oj8rEUEg2c8p/O1ZrpN8emKMB%2BVWLXG97DPO6QpQmzGvaYCZsUDwGfvPNJ8wCtXEdQF0RzQMv3HG71StD9lK30BB46sDTuP24w7tH4PxqjY0cWBUpaMMz/mKLWuSWY6lerx7ibB7Gp%2B9OsclEHeaxKwFr%2BD63RFPmTwBtHKOF/PjIo%2BbmoxJZ07eJYAEYXDtfoLmFvM8%3D HTTP/1.1
Host: media-qa.example.com
Origin: https://qa-app.example.com
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.117 Safari/537.36
Referer: https://qa-app.example.com/media/photos/
Cookie: [1550 bytes were stripped]
HTTP_TRANSACTION_READ_RESPONSE_HEADERS
--> HTTP/1.1 302 FOUND
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-HTTP-Method-Override, Content-Type, X-Requested-With
Access-Control-Allow-Origin: https://qa-app.example.com
Location: https://gbbrsh.cloudfront.net/media/uploads/bucket/a746a337-5c20-46a6-a1fc-701e772970fd-bWFpbi1uLW4tMC0wLTAtNDUwLTQ0NQ==.jpg?Expires=1437076916&Signature=WBDGSQXer-zAREYgiD1~DA8pUaNUBha4WrUFt-WI5Soh4Z-5ayw35UocOG7DuC9FOnAQAeU5Nvp8hKdofDB--ic4aMH0e~LmHaJ38GtP-lHnyyfQDpjJOEmGM2GY3sB0KG7qa8~eTXX9jKDJTCG9Hkf0EpievuWwiXEKGYaSbe0tkR4CLyhND3sIDJbFGCQQZ7NmhMB-3vOsqDKYKKz9SebuiqO0qbL8SvqBkMEiufXCF2MriR4hVDEjFQssE3ysBbhiMlkaINAeOkEmiZEAjnhB-ncN31Lvy4Lo1LxiyCqKH9QwPOpa6ukK0WrYXWwiTi2VRAaxSjm-xgbGiIArmA__&Key-Pair-Id=APKAJNUAAHKHVOSPPXTQ
HTTP_TRANSACTION_SEND_REQUEST_HEADERS
--> GET /media/uploads/bucket/a746a337-5c20-46a6-a1fc-701e772970fd-bWFpbi1uLW4tMC0wLTAtNDUwLTQ0NQ==.jpg?Expires=1437076916&Signature=WBDGSQXer-zAREYgiD1~DA8pUaNUBha4WrUFt-WI5Soh4Z-5ayw35UocOG7DuC9FOnAQAeU5Nvp8hKdofDB--ic4aMH0e~LmHaJ38GtP-lHnyyfQDpjJOEmGM2GY3sB0KG7qa8~eTXX9jKDJTCG9Hkf0EpievuWwiXEKGYaSbe0tkR4CLyhND3sIDJbFGCQQZ7NmhMB-3vOsqDKYKKz9SebuiqO0qbL8SvqBkMEiufXCF2MriR4hVDEjFQssE3ysBbhiMlkaINAeOkEmiZEAjnhB-ncN31Lvy4Lo1LxiyCqKH9QwPOpa6ukK0WrYXWwiTi2VRAaxSjm-xgbGiIArmA__&Key-Pair-Id=APKAJNUAAHKHVOSPPXTQ HTTP/1.1
Host: gbbrsh.cloudfront.net
Origin: https://qa-app.example.com
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.117 Safari/537.36
Referer: https://qa-app.example.com/media/photos/
HTTP_TRANSACTION_READ_RESPONSE_HEADERS
--> HTTP/1.1 200 OK
Access-Control-Allow-Origin: https://qa-app.example.com
Access-Control-Allow-Methods: GET
Access-Control-Max-Age: 3000
Access-Control-Allow-Credentials: true
Vary: Origin