PicketLink at Service Provider Responding 302 in EAP 7.1 with SAML - picketlink
Runtime: JBOSS EAP 7.1, EAP in-build picketLink and Chrome.
JAR: <resource-root path="/jboss/eap/7.1/jboss-eap/modules/system/layers/base/org/picketlink/federation/main/picketlink-federation-2.5.5.SP8-redhat-1.jar"/>
We enabled SP Initiated Web SSO with IDP and we are able to get the SAML response from IDP. IDP posting the saml response in Base64 Encoded format. While Chrome posting the SAML Response to Service Provider, Service provider not able to read the SAML response.
Picketlink at Service provider end responding 302 HTTP status to browser while posting SAML response to Service Provider. Due to 302, Service provider HTTP redirect to the page, which is mentioned in the Location header. Due to redirect via GET, SAML response getting lost.
Chrome Browser Log while Posting to Server Provider::
Request:
Request URL: https://serviceProvider.com:8583/SECUI/jaxrs/Authentication
Request Method: POST
Status Code: 302 Found
Remote Address: 10.10.10.10:8583
Referrer Policy: no-referrer-when-downgrade
Response Header:
Access-Control-Allow-Origin: https://IdentyProvider.com
Cache-Control: max-age=0
Connection: Keep-Alive
Content-Length: 0
Date: Wed, 25 Mar 2020 05:49:06 GMT
Expires: 0
Keep-Alive: timeout=15, max=1500
Location: https://serviceProvider.com:8583/SECUI/UI/index.htm
Pragma: no-cache
Server: JBCS httpd
Strict-Transport-Security: max-age=63072000; includeSubdomains;
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Request Header:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cache-Control: max-age=0
Connection: keep-alive
Content-Length: 6627
Content-Type: application/x-www-form-urlencoded
Cookie: secure=vReGx1TlykEsdWTMHUr3Y7TGMcDVekUasOvNnbAt.CAT_ICM_HUB_SEC_01; amlbcookie=01; iPlanetDirectoryPro=pa8p9OjugxK8YgBtiTAmClm9-dc.*AAJTSQACMDUAAlNLABxKMXNTaU1mOWhteWEwK0FaWFhwaTBwTGFvbHM9AAR0eXBlAANDVFMAAlMxAAIwMQ..*
DNT: 1
Host: serviceProvider.com:8583
Origin: https://IdentyProvider.com:8443
Referer: https://IdentyProvider.com:8443/openam/SSOPOST/metaAlias/SSO/idp4?ReqID=ID_03fe131e-b20e-4955-8626-df21adfb4dfa&index=null&acsURL=https://serviceProvider.com:8583/SECUI/jaxrs/Authentication&spEntityID=https://serviceProvider.com:8583/SECUI/jaxrs/Authentication&binding=urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.122 Safari/537.36
SAMLResponse:
PHNhbWxwOlJlc3BvbnNlIHhtbG5zOnNhbWxwPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6
cHJvdG9jb2wiIElEPSJzMmIyYmZiOGZjOWEyMzI3MGU4OTgwMGExNTZhOTQ3ZWIxMGNkZTU2Zjgi
IEluUmVzcG9uc2VUbz0iSURfMDNmZTEzMWUtYjIwZS00OTU1LTg2MjYtZGYyMWFkZmI0ZGZhIiBW
ZXJzaW9uPSIyLjAiIElzc3VlSW5zdGFudD0iMjAyMC0wMy0yNVQwNTo0OTowNFoiIERlc3RpbmF0
aW9uPSJodHRwczovL2hrbHZhdWFwcDE3NS5oay5zdGFuZGFyZGNoYXJ0ZXJlZC5jb206ODU4My9T
RUNVSS9qYXhycy9BdXRoZW50aWNhdGlvbiI+PHNhbWw6SXNzdWVyIHhtbG5zOnNhbWw9InVybjpv
YXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iPlNTTy1JRFA8L3NhbWw6SXNzdWVyPjxz
Y
JBOSS LOG:
13:49:05,653 DEBUG [io.undertow.request] (default I/O-12) Matched prefix path /SECUI for path /SECUI/jaxrs/Authentication
13:49:05,655 DEBUG [io.undertow.request.security] (default task-70) Security constraints for request /SECUI/jaxrs/Authentication are [SingleConstraintMatch{emptyRoleSemantic=AUTHENTICATE, requiredRoles=[]}]
13:49:05,655 DEBUG [io.undertow.request.security] (default task-70) Authenticating required for request HttpServerExchange{ POST /SECUI/jaxrs/Authentication request {Cache-Control=[max-age=0], Accept-Encoding=[gzip, deflate, br], DNT=[1], Origin=[https://IdentyProvider.com:8443], Connection=[keep-alive], Sec-Fetch-Site=[same-site], Cookie=[secure=vReGx1TlykEsdWTMHUr3Y7TGMcDVekUasOvNnbAt.CAT_ICM_HUB_SEC_01; amlbcookie=01; iPlanetDirectoryPro=pa8p9OjugxK8YgBtiTAmClm9-dc.*AAJTSQACMDUAAlNLABxKMXNTaU1mOWhteWEwK0FaWFhwaTBwTGFvbHM9AAR0eXBlAANDVFMAAlMxAAIwMQ..*], Referer=[https://IdentyProvider.com:8443/openam/SSOPOST/metaAlias/SSO/idp4?ReqID=ID_03fe131e-b20e-4955-8626-df21adfb4dfa&index=null&acsURL=https://serviceProvider.com:8583/SECUI/jaxrs/Authentication&spEntityID=https://serviceProvider.com:8583/SECUI/jaxrs/Authentication&binding=urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST], Host=[serviceProvider.com:8583], Accept=[text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9], Accept-Language=[en-US,en;q=0.9], Sec-Fetch-Mode=[navigate], User-Agent=[Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.122 Safari/537.36], Sec-Fetch-Dest=[document], Content-Length=[6627], Content-Type=[application/x-www-form-urlencoded], Upgrade-Insecure-Requests=[1]} response {X-XSS-Protection=[1], X-Content-Type-Options=[nosniff], X-Frame-Options=[SAMEORIGIN]}}
13:49:05,655 DEBUG [io.undertow.request.security] (default task-70) Setting authentication required for exchange HttpServerExchange{ POST /SECUI/jaxrs/Authentication request {Cache-Control=[max-age=0], Accept-Encoding=[gzip, deflate, br], DNT=[1], Origin=[https://IdentyProvider.com:8443], Connection=[keep-alive], Sec-Fetch-Site=[same-site], Cookie=[secure=vReGx1TlykEsdWTMHUr3Y7TGMcDVekUasOvNnbAt.CAT_ICM_HUB_SEC_01; amlbcookie=01; iPlanetDirectoryPro=pa8p9OjugxK8YgBtiTAmClm9-dc.*AAJTSQACMDUAAlNLABxKMXNTaU1mOWhteWEwK0FaWFhwaTBwTGFvbHM9AAR0eXBlAANDVFMAAlMxAAIwMQ..*], Referer=[https://IdentyProvider.com:8443/openam/SSOPOST/metaAlias/SSO/idp4?ReqID=ID_03fe131e-b20e-4955-8626-df21adfb4dfa&index=null&acsURL=https://serviceProvider.com:8583/SECUI/jaxrs/Authentication&spEntityID=https://serviceProvider.com:8583/SECUI/jaxrs/Authentication&binding=urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST], Host=[serviceProvider.com:8583], Accept=[text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9], Accept-Language=[en-US,en;q=0.9], Sec-Fetch-Mode=[navigate], User-Agent=[Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.122 Safari/537.36], Sec-Fetch-Dest=[document], Content-Length=[6627], Content-Type=[application/x-www-form-urlencoded], Upgrade-Insecure-Requests=[1]} response {X-XSS-Protection=[1], X-Content-Type-Options=[nosniff], X-Frame-Options=[SAMEORIGIN]}}
13:49:05,655 DEBUG [io.undertow.request.security] (default task-70) Attempting to authenticate HttpServerExchange{ POST /SECUI/jaxrs/Authentication request {Cache-Control=[max-age=0], Accept-Encoding=[gzip, deflate, br], DNT=[1], Origin=[https://IdentyProvider.com:8443], Connection=[keep-alive], Sec-Fetch-Site=[same-site], Cookie=[secure=vReGx1TlykEsdWTMHUr3Y7TGMcDVekUasOvNnbAt.CAT_ICM_HUB_SEC_01; amlbcookie=01; iPlanetDirectoryPro=pa8p9OjugxK8YgBtiTAmClm9-dc.*AAJTSQACMDUAAlNLABxKMXNTaU1mOWhteWEwK0FaWFhwaTBwTGFvbHM9AAR0eXBlAANDVFMAAlMxAAIwMQ..*], Referer=[https://IdentyProvider.com:8443/openam/SSOPOST/metaAlias/SSO/idp4?ReqID=ID_03fe131e-b20e-4955-8626-df21adfb4dfa&index=null&acsURL=https://serviceProvider.com:8583/SECUI/jaxrs/Authentication&spEntityID=https://serviceProvider.com:8583/SECUI/jaxrs/Authentication&binding=urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST], Host=[serviceProvider.com:8583], Accept=[text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9], Accept-Language=[en-US,en;q=0.9], Sec-Fetch-Mode=[navigate], User-Agent=[Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.122 Safari/537.36], Sec-Fetch-Dest=[document], Content-Length=[6627], Content-Type=[application/x-www-form-urlencoded], Upgrade-Insecure-Requests=[1]} response {Expires=[0], Cache-Control=[no-cache, no-store, must-revalidate], X-XSS-Protection=[1], X-Content-Type-Options=[nosniff], Pragma=[no-cache], X-Frame-Options=[SAMEORIGIN]}}, authentication required: true
13:49:05,655 DEBUG [io.undertow.request.security] (default task-70) Authentication outcome was NOT_ATTEMPTED with method io.undertow.security.impl.CachedAuthenticatedSessionMechanism#1cb334c2 for HttpServerExchange{ POST /SECUI/jaxrs/Authentication request {Cache-Control=[max-age=0], Accept-Encoding=[gzip, deflate, br], DNT=[1], Origin=[https://IdentyProvider.com:8443], Connection=[keep-alive], Sec-Fetch-Site=[same-site], Cookie=[secure=vReGx1TlykEsdWTMHUr3Y7TGMcDVekUasOvNnbAt.CAT_ICM_HUB_SEC_01; amlbcookie=01; iPlanetDirectoryPro=pa8p9OjugxK8YgBtiTAmClm9-dc.*AAJTSQACMDUAAlNLABxKMXNTaU1mOWhteWEwK0FaWFhwaTBwTGFvbHM9AAR0eXBlAANDVFMAAlMxAAIwMQ..*], Referer=[https://IdentyProvider.com:8443/openam/SSOPOST/metaAlias/SSO/idp4?ReqID=ID_03fe131e-b20e-4955-8626-df21adfb4dfa&index=null&acsURL=https://serviceProvider.com:8583/SECUI/jaxrs/Authentication&spEntityID=https://serviceProvider.com:8583/SECUI/jaxrs/Authentication&binding=urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST], Host=[serviceProvider.com:8583], Accept=[text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9], Accept-Language=[en-US,en;q=0.9], Sec-Fetch-Mode=[navigate], User-Agent=[Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.122 Safari/537.36], Sec-Fetch-Dest=[document], Content-Length=[6627], Content-Type=[application/x-www-form-urlencoded], Upgrade-Insecure-Requests=[1]} response {Expires=[0], Cache-Control=[no-cache, no-store, must-revalidate], X-XSS-Protection=[1], X-Content-Type-Options=[nosniff], Pragma=[no-cache], X-Frame-Options=[SAMEORIGIN]}}
13:49:06,381 DEBUG [org.jboss.modcluster] (UndertowEventHandlerAdapter - 1) MODCLUSTER000009: Sending STATUS for default-server
13:49:06,382 DEBUG [io.undertow.request] (default I/O-2) Received CPING, sending CPONG
13:49:06,700 DEBUG [io.undertow.request.security] (default task-70) Authenticated as 1575777, roles []
13:49:06,701 DEBUG [io.undertow.request.security] (default task-70) Authentication outcome was AUTHENTICATED with method org.picketlink.identity.federation.bindings.wildfly.sp.SPFormAuthenticationMechanism#b6af5cf for HttpServerExchange{ POST /SECUI/jaxrs/Authentication request {Cache-Control=[max-age=0], Accept-Encoding=[gzip, deflate, br], DNT=[1], Origin=[https://IdentyProvider.com:8443], Connection=[keep-alive], Sec-Fetch-Site=[same-site], Cookie=[secure=vReGx1TlykEsdWTMHUr3Y7TGMcDVekUasOvNnbAt.CAT_ICM_HUB_SEC_01; amlbcookie=01; iPlanetDirectoryPro=pa8p9OjugxK8YgBtiTAmClm9-dc.*AAJTSQACMDUAAlNLABxKMXNTaU1mOWhteWEwK0FaWFhwaTBwTGFvbHM9AAR0eXBlAANDVFMAAlMxAAIwMQ..*], Referer=[https://IdentyProvider.com:8443/openam/SSOPOST/metaAlias/SSO/idp4?ReqID=ID_03fe131e-b20e-4955-8626-df21adfb4dfa&index=null&acsURL=https://serviceProvider.com:8583/SECUI/jaxrs/Authentication&spEntityID=https://serviceProvider.com:8583/SECUI/jaxrs/Authentication&binding=urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST], Host=[serviceProvider.com:8583], Accept=[text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9], Accept-Language=[en-US,en;q=0.9], Sec-Fetch-Mode=[navigate], User-Agent=[Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.122 Safari/537.36], Sec-Fetch-Dest=[document], Content-Length=[6627], Content-Type=[application/x-www-form-urlencoded], Upgrade-Insecure-Requests=[1]} response {Expires=[0], Cache-Control=[no-cache, no-store, must-revalidate], X-XSS-Protection=[1], Pragma=[no-cache], X-Frame-Options=[SAMEORIGIN], Location=[https://serviceProvider.com:8583/SECUI/UI/index.htm], Date=[Wed, 25 Mar 2020 05:49:06 GMT], X-Content-Type-Options=[nosniff], Content-Length=[0]}}
13:49:06,701 DEBUG [io.undertow.request.security] (default task-70) Authentication result was AUTHENTICATED for HttpServerExchange{ POST /SECUI/jaxrs/Authentication request {Cache-Control=[max-age=0], Accept-Encoding=[gzip, deflate, br], DNT=[1], Origin=[https://IdentyProvider.com:8443], Connection=[keep-alive], Sec-Fetch-Site=[same-site], Cookie=[secure=vReGx1TlykEsdWTMHUr3Y7TGMcDVekUasOvNnbAt.CAT_ICM_HUB_SEC_01; amlbcookie=01; iPlanetDirectoryPro=pa8p9OjugxK8YgBtiTAmClm9-dc.*AAJTSQACMDUAAlNLABxKMXNTaU1mOWhteWEwK0FaWFhwaTBwTGFvbHM9AAR0eXBlAANDVFMAAlMxAAIwMQ..*], Referer=[https://IdentyProvider.com:8443/openam/SSOPOST/metaAlias/SSO/idp4?ReqID=ID_03fe131e-b20e-4955-8626-df21adfb4dfa&index=null&acsURL=https://serviceProvider.com:8583/SECUI/jaxrs/Authentication&spEntityID=https://serviceProvider.com:8583/SECUI/jaxrs/Authentication&binding=urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST], Host=[serviceProvider.com:8583], Accept=[text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9], Accept-Language=[en-US,en;q=0.9], Sec-Fetch-Mode=[navigate], User-Agent=[Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.122 Safari/537.36], Sec-Fetch-Dest=[document], Content-Length=[6627], Content-Type=[application/x-www-form-urlencoded], Upgrade-Insecure-Requests=[1]} response {Expires=[0], Cache-Control=[no-cache, no-store, must-revalidate], X-XSS-Protection=[1], Pragma=[no-cache], X-Frame-Options=[SAMEORIGIN], Location=[https://serviceProvider.com:8583/SECUI/UI/index.htm], Date=[Wed, 25 Mar 2020 05:49:06 GMT], X-Content-Type-Options=[nosniff], Content-Length=[0]}}
13:49:07,014 DEBUG [io.undertow.request] (default I/O-12) Received CPING, sending CPONG
13:49:07,014 DEBUG [io.undertow.request] (default I/O-12) Matched prefix path /SECUI for path /SECUI/UI/index.htm
13:49:07,015 DEBUG [io.undertow.request.security] (default task-71) Security constraints for request /SECUI/UI/index.htm are [SingleConstraintMatch{emptyRoleSemantic=AUTHENTICATE, requiredRoles=[]}]
13:49:07,015 DEBUG [io.undertow.request.security] (default task-71) Authenticating required for request HttpServerExchange{ GET /SECUI/UI/index.htm request {Accept=[text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9], Accept-Language=[en-US,en;q=0.9], Cache-Control=[max-age=0], Sec-Fetch-Mode=[navigate], Accept-Encoding=[gzip, deflate, br], DNT=[1], User-Agent=[Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.122 Safari/537.36], Sec-Fetch-Dest=[document], Connection=[keep-alive], Sec-Fetch-Site=[same-site], Cookie=[secure=vReGx1TlykEsdWTMHUr3Y7TGMcDVekUasOvNnbAt.CAT_ICM_HUB_SEC_01; amlbcookie=01; iPlanetDirectoryPro=pa8p9OjugxK8YgBtiTAmClm9-dc.*AAJTSQACMDUAAlNLABxKMXNTaU1mOWhteWEwK0FaWFhwaTBwTGFvbHM9AAR0eXBlAANDVFMAAlMxAAIwMQ..*], Referer=[https://IdentyProvider.com:8443/openam/SSOPOST/metaAlias/SSO/idp4?ReqID=ID_03fe131e-b20e-4955-8626-df21adfb4dfa&index=null&acsURL=https://serviceProvider.com:8583/SECUI/jaxrs/Authentication&spEntityID=https://serviceProvider.com:8583/SECUI/jaxrs/Authentication&binding=urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST], Upgrade-Insecure-Requests=[1], Host=[serviceProvider.com:8583]} response {X-XSS-Protection=[1], X-Content-Type-Options=[nosniff], X-Frame-Options=[SAMEORIGIN]}}
13:49:07,015 DEBUG [io.undertow.request.security] (default task-71) Setting authentication required for exchange HttpServerExchange{ GET /SECUI/UI/index.htm request {Accept=[text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9], Accept-Language=[en-US,en;q=0.9], Cache-Control=[max-age=0], Sec-Fetch-Mode=[navigate], Accept-Encoding=[gzip, deflate, br], DNT=[1], User-Agent=[Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.122 Safari/537.36], Sec-Fetch-Dest=[document], Connection=[keep-alive], Sec-Fetch-Site=[same-site], Cookie=[secure=vReGx1TlykEsdWTMHUr3Y7TGMcDVekUasOvNnbAt.CAT_ICM_HUB_SEC_01; amlbcookie=01; iPlanetDirectoryPro=pa8p9OjugxK8YgBtiTAmClm9-dc.*AAJTSQACMDUAAlNLABxKMXNTaU1mOWhteWEwK0FaWFhwaTBwTGFvbHM9AAR0eXBlAANDVFMAAlMxAAIwMQ..*], Referer=[https://IdentyProvider.com:8443/openam/SSOPOST/metaAlias/SSO/idp4?ReqID=ID_03fe131e-b20e-4955-8626-df21adfb4dfa&index=null&acsURL=https://serviceProvider.com:8583/SECUI/jaxrs/Authentication&spEntityID=https://serviceProvider.com:8583/SECUI/jaxrs/Authentication&binding=urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST], Upgrade-Insecure-Requests=[1], Host=[serviceProvider.com:8583]} response {X-XSS-Protection=[1], X-Content-Type-Options=[nosniff], X-Frame-Options=[SAMEORIGIN]}}
13:49:07,015 DEBUG [io.undertow.request.security] (default task-71) Attempting to authenticate HttpServerExchange{ GET /SECUI/UI/index.htm request {Accept=[text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9], Accept-Language=[en-US,en;q=0.9], Cache-Control=[max-age=0], Sec-Fetch-Mode=[navigate], Accept-Encoding=[gzip, deflate, br], DNT=[1], User-Agent=[Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.122 Safari/537.36], Sec-Fetch-Dest=[document], Connection=[keep-alive], Sec-Fetch-Site=[same-site], Cookie=[secure=vReGx1TlykEsdWTMHUr3Y7TGMcDVekUasOvNnbAt.CAT_ICM_HUB_SEC_01; amlbcookie=01; iPlanetDirectoryPro=pa8p9OjugxK8YgBtiTAmClm9-dc.*AAJTSQACMDUAAlNLABxKMXNTaU1mOWhteWEwK0FaWFhwaTBwTGFvbHM9AAR0eXBlAANDVFMAAlMxAAIwMQ..*], Referer=[https://IdentyProvider.com:8443/openam/SSOPOST/metaAlias/SSO/idp4?ReqID=ID_03fe131e-b20e-4955-8626-df21adfb4dfa&index=null&acsURL=https://serviceProvider.com:8583/SECUI/jaxrs/Authentication&spEntityID=https://serviceProvider.com:8583/SECUI/jaxrs/Authentication&binding=urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST], Upgrade-Insecure-Requests=[1], Host=[serviceProvider.com:8583]} response {Expires=[0], Cache-Control=[no-cache, no-store, must-revalidate], X-XSS-Protection=[1], X-Content-Type-Options=[nosniff], Pragma=[no-cache], X-Frame-Options=[SAMEORIGIN]}}, authentication required: true
13:49:07,015 DEBUG [io.undertow.request.security] (default task-71) Authentication outcome was NOT_ATTEMPTED with method io.undertow.security.impl.CachedAuthenticatedSessionMechanism#1cb334c2 for HttpServerExchange{ GET /SECUI/UI/index.htm request {Accept=[text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9], Accept-Language=[en-US,en;q=0.9], Cache-Control=[max-age=0], Sec-Fetch-Mode=[navigate], Accept-Encoding=[gzip, deflate, br], DNT=[1], User-Agent=[Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.122 Safari/537.36], Sec-Fetch-Dest=[document], Connection=[keep-alive], Sec-Fetch-Site=[same-site], Cookie=[secure=vReGx1TlykEsdWTMHUr3Y7TGMcDVekUasOvNnbAt.CAT_ICM_HUB_SEC_01; amlbcookie=01; iPlanetDirectoryPro=pa8p9OjugxK8YgBtiTAmClm9-dc.*AAJTSQACMDUAAlNLABxKMXNTaU1mOWhteWEwK0FaWFhwaTBwTGFvbHM9AAR0eXBlAANDVFMAAlMxAAIwMQ..*], Referer=[https://IdentyProvider.com:8443/openam/SSOPOST/metaAlias/SSO/idp4?ReqID=ID_03fe131e-b20e-4955-8626-df21adfb4dfa&index=null&acsURL=https://serviceProvider.com:8583/SECUI/jaxrs/Authentication&spEntityID=https://serviceProvider.com:8583/SECUI/jaxrs/Authentication&binding=urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST], Upgrade-Insecure-Requests=[1], Host=[serviceProvider.com:8583]} response {Expires=[0], Cache-Control=[no-cache, no-store, must-revalidate], X-XSS-Protection=[1], X-Content-Type-Options=[nosniff], Pragma=[no-cache], X-Frame-Options=[SAMEORIGIN]}}
13:49:07,015 DEBUG [io.undertow.request.security] (default task-71) Authenticated as 1575777, roles []
13:49:07,016 DEBUG [io.undertow.request.security] (default task-71) Authentication outcome was AUTHENTICATED with method org.picketlink.identity.federation.bindings.wildfly.sp.SPFormAuthenticationMechanism#b6af5cf for HttpServerExchange{ GET /SECUI/UI/index.htm request {Accept=[text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9], Accept-Language=[en-US,en;q=0.9], Cache-Control=[max-age=0], Sec-Fetch-Mode=[navigate], Accept-Encoding=[gzip, deflate, br], DNT=[1], User-Agent=[Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.122 Safari/537.36], Sec-Fetch-Dest=[document], Connection=[keep-alive], Sec-Fetch-Site=[same-site], Cookie=[secure=vReGx1TlykEsdWTMHUr3Y7TGMcDVekUasOvNnbAt.CAT_ICM_HUB_SEC_01; amlbcookie=01; iPlanetDirectoryPro=pa8p9OjugxK8YgBtiTAmClm9-dc.*AAJTSQACMDUAAlNLABxKMXNTaU1mOWhteWEwK0FaWFhwaTBwTGFvbHM9AAR0eXBlAANDVFMAAlMxAAIwMQ..*], Referer=[https://IdentyProvider.com:8443/openam/SSOPOST/metaAlias/SSO/idp4?ReqID=ID_03fe131e-b20e-4955-8626-df21adfb4dfa&index=null&acsURL=https://serviceProvider.com:8583/SECUI/jaxrs/Authentication&spEntityID=https://serviceProvider.com:8583/SECUI/jaxrs/Authentication&binding=urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST], Upgrade-Insecure-Requests=[1], Host=[serviceProvider.com:8583]} response {Expires=[0], Cache-Control=[no-cache, no-store, must-revalidate], X-XSS-Protection=[1], X-Content-Type-Options=[nosniff], Pragma=[no-cache], X-Frame-Options=[SAMEORIGIN]}}
13:49:07,016 DEBUG [io.undertow.request.security] (default task-71) Authentication result was AUTHENTICATED for HttpServerExchange{ GET /SECUI/UI/index.htm request {Accept=[text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9], Accept-Language=[en-US,en;q=0.9], Cache-Control=[max-age=0], Sec-Fetch-Mode=[navigate], Accept-Encoding=[gzip, deflate, br], DNT=[1], User-Agent=[Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.122 Safari/537.36], Sec-Fetch-Dest=[document], Connection=[keep-alive], Sec-Fetch-Site=[same-site], Cookie=[secure=vReGx1TlykEsdWTMHUr3Y7TGMcDVekUasOvNnbAt.CAT_ICM_HUB_SEC_01; amlbcookie=01; iPlanetDirectoryPro=pa8p9OjugxK8YgBtiTAmClm9-dc.*AAJTSQACMDUAAlNLABxKMXNTaU1mOWhteWEwK0FaWFhwaTBwTGFvbHM9AAR0eXBlAANDVFMAAlMxAAIwMQ..*], Referer=[https://IdentyProvider.com:8443/openam/SSOPOST/metaAlias/SSO/idp4?ReqID=ID_03fe131e-b20e-4955-8626-df21adfb4dfa&index=null&acsURL=https://serviceProvider.com:8583/SECUI/jaxrs/Authentication&spEntityID=https://serviceProvider.com:8583/SECUI/jaxrs/Authentication&binding=urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST], Upgrade-Insecure-Requests=[1], Host=[serviceProvider.com:8583]} response {Expires=[0], Cache-Control=[no-cache, no-store, must-revalidate], X-XSS-Protection=[1], X-Content-Type-Options=[nosniff], Pragma=[no-cache], X-Frame-Options=[SAMEORIGIN]}}
13:49:07,223 DEBUG [io.undertow.request] (default I/O-12) Received CPING, sending CPONG
HTTP Log:
10.128.117.63 - - [25/Mar/2020:13:58:40 +0800] "POST /SECUI/jaxrs/Authentication HTTP/1.1" 302 -
==> ssl_request_log.2020-03-25 <==
[25/Mar/2020:13:58:40 +0800] 10.128.117.63 TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 "POST /SECUI/jaxrs/Authentication HTTP/1.1" -
==> ssl_access_log.2020-03-25 <==
10.128.117.63 - - [25/Mar/2020:13:58:40 +0800] "GET /SECUI/UI/index.htm HTTP/1.1" 200 7342
==> ssl_request_log.2020-03-25 <==
[25/Mar/2020:13:58:40 +0800] 10.128.117.63 TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 "GET /SECUI/UI/index.htm HTTP/1.1" 7342
PiketLink.xml
<PicketLink xmlns="urn:picketlink:identity-federation:config:2.1">
<PicketLinkSP xmlns="urn:picketlink:identity-federation:config:2.1" LogOutPage="/customLogout.jsp" SupportsSignatures="true" BindingType="POST">
<IdentityURL>https://IdentyProvider.com:8443/openam/SSOPOST/metaAlias/SSO/idp4</IdentityURL>
<!-- <ServiceURL>https://serviceProvider.com:8583/SECUI/UI/index.htm</ServiceURL> -->
<ServiceURL>https://serviceProvider.com:8583/SECUI/jaxrs/Authentication</ServiceURL>
<KeyProvider ClassName="org.picketlink.identity.federation.core.impl.KeyStoreKeyManager">
<Auth Key="KeyStoreURL" Value="/jboss/eap/7.1/instances/CAT_ICM_HUB_SEC_01/MFA.jks" />
<Auth Key="KeyStorePass" Value="changeit" />
<Auth Key="SigningKeyPass" Value="changeit" />
<Auth Key="SigningKeyAlias" Value="serviceProvider.com" />
<ValidatingAlias Key="serviceProvider.com" Value="serviceProvider.com" />
<ValidatingAlias Key="IdentyProvider.com" Value="IdentyProvider.com" />
</KeyProvider>
</PicketLinkSP>
<Handlers xmlns="urn:picketlink:identity-federation:handler:config:2.1">
<Handler class="org.picketlink.identity.federation.web.handlers.saml2.SAML2LogOutHandler" />
<!-- <Handler class="org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2HandlerResponse"/> -->
<!-- <Handler class="org.picketlink.identity.federation.web.handlers.saml2.SAML2AttributeHandler "/> -->
<Handler class="org.picketlink.identity.federation.web.handlers.saml2.SAML2AuthenticationHandler" >
<!-- <Option Key="ASSERTION_CONSUMER_URL" Value="https://serviceProvider.com:8583/SECUI/UI/index.htm"/> -->
</Handler>
<Handler class="org.picketlink.identity.federation.web.handlers.saml2.RolesGenerationHandler" />
<Handler class="org.picketlink.identity.federation.web.handlers.saml2.SAML2SignatureGenerationHandler" />
<!-- <Handler class="org.picketlink.identity.federation.web.handlers.saml2.SAML2SignatureValidationHandler" /> -->
</Handlers>
</PicketLink>
Related
Chrome "access-Control-Allow-Origin" header for origin error (CORS)
I have the following setup: Webserver 1 https://localhost:8888 Webserver 2 https://localhost:9005 Webserver 3 https://localhost:9006 I open https://localhost:8888 from a Web browser and enter the following JS code. (async () => { const endpointId = '1d60eb5195725648'; const continueUrl = 'https://localhost:9006/' const signinUrl = new URL('https://localhost:9005/_login'); signinUrl.searchParams.set('continue', continueUrl); signinUrl.searchParams.set('endpoint', endpointId); const response = await fetch(signinUrl.toString(), { credentials: 'include', headers: { 'Authorization': `Bearer ${gapi.auth.getToken().access_token}`, }, }); })(); I'm getting this error in my Chrome Browser Version 102.0.5005.115 Access to fetch at 'https://localhost:9006/?TOKEN=0<Truncated>c&endpoint=1d60eb5195725648' (redirected from 'https://localhost:9005/_login?continue=https%3A%2F%2Flocalhost%3A9006%2F&endpoint=1d60eb5195725648') from origin 'https://localhost:8888' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: The 'Access-Control-Allow-Origin' header has a value 'https://localhost:8888' that is not equal to the supplied origin. Have the server send the header with a valid value, or, if an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled. Looks like Origin field is correct according to the info in Headers. What am I missing? (I truncated Token to improve readability) Requests: Request URL: https://localhost:9005/_login?continue=https%3A%2F%2Flocalhost%3A9006%2F&endpoint=1d60eb5195725648 Request Method: OPTIONS Status Code: 200 OK Remote Address: [::1]:9005 Referrer Policy: origin Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: Authorization Access-Control-Allow-Headers: Proxy-Authorization Access-Control-Allow-Methods: GET Access-Control-Allow-Origin: https://localhost:8888 Content-Length: 0 Date: Sun, 12 Jun 2022 02:47:09 GMT -- Accept: */* Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9,es;q=0.8 Access-Control-Request-Headers: authorization Access-Control-Request-Method: GET Cache-Control: no-cache Connection: keep-alive Host: localhost:9005 Origin: https://localhost:8888 Pragma: no-cache Referer: https://localhost:8888/ Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: same-site User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.0.0 Safari/537.36 Request URL: https://localhost:9005/_login?continue=https%3A%2F%2Flocalhost%3A9006%2F&endpoint=1d60eb5195725648 Request Method: GET Status Code: 302 Found Remote Address: [::1]:9005 Referrer Policy: origin Access-Control-Allow-Credentials: true Access-Control-Allow-Origin: https://localhost:8888 Cache-Control: no-cache, no-store, max-age=0, must-revalidate Content-Length: 360 Content-Type: text/html; charset=utf-8 Date: Sun, 12 Jun 2022 02:47:09 GMT Expires: Mon, 01 Jan 1990 00:00:00 GMT Location: https://localhost:9006/?TOKEN=00cfdab4e480656ed7d71b3e58df42fe5422d85d33118a5af5fb7cc66f2d81330b46740ccbca4927ecfe841e751f0de72fdf53c4eb7d66b7c5ab857e33c6beaa270950fe0c49047fd5260db3120731d0abbfe3be1a0d316db4b0754610c81e2b070cea24e46e0e5ef76937c65832ef7c315b452b846e87f59be3124478cee49045162c&endpoint=1d60eb5195725648 Pragma: no-cache Accept: */* Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9,es;q=0.8 Authorization: Bearer ya29.a0ARrdaM8mfOksOCl6l4O13z5PQv1cUVgKDKWgbo_rNXDL_Fw_-aedVVJdAFOSYByUjEy1WYrAKoik0KHx_c69aCXZcuAXbYedYkZRtDb5Y3Bz98eqjrOBjT0XrWspWdGNqRvsq_L_rDERdnsUFDFKCNiFCHV4sg Cache-Control: no-cache Connection: keep-alive Cookie: _ga=GA1.1.1057744305.1654277711; _gid=GA1.1.1514740287.1654641546; _gat=1 Host: localhost:9005 Origin: https://localhost:8888 Pragma: no-cache Referer: https://localhost:8888/ sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="102", "Google Chrome";v="102" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "macOS" Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: same-site User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.0.0 Safari/537.36 Request URL: https://localhost:9006/?TOKEN=00cfdab4e480656ed7d71b3e58df42fe5422d85d33118a5af5fb7cc66f2d81330b46740ccbca4927ecfe841e751f0de72fdf53c4eb7d66b7c5ab857e33c6beaa270950fe0c49047fd5260db3120731d0abbfe3be1a0d316db4b0754610c81e2b070cea24e46e0e5ef76937c65832ef7c315b452b846e87f59be3124478cee49045162c&endpoint=1d60eb5195725648 Referrer Policy: origin Provisional headers are shown Learn more Referer: https://localhost:8888/ User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.0.0 Safari/537.36
Chrome refuses to cache http response
I set max-age in Cache-Control header, but every time when I reload the webpage, it just goes out and fetches the resource again, following is an example request and response headers: Request Headers :authority: mydomain.com :method: GET :path: /.well-known/openid-configuration :scheme: https accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 accept-encoding: gzip, deflate, br accept-language: en cache-control: max-age=0 // I have no idea why this is sent in request by chrome sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="98", "Google Chrome";v="98" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" sec-fetch-dest: document sec-fetch-mode: navigate sec-fetch-site: none sec-fetch-user: ?1 upgrade-insecure-requests: 1 user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.102 Safari/537.36 Response Headers access-control-allow-credentials: true cache-control: public, s-maxage=2678400, max-age=14400, immutable cf-cache-status: DYNAMIC cf-ray: 6e7465234fc16c30-SIN content-encoding: br content-type: application/json; charset=utf-8 date: Sat, 05 Mar 2022 16:58:12 GMT expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dSVocqHdnD4mopGV2L7pD08hRF3MZbpmBAsNHWm2eBznl15JNgOU7bkNcBn4qgoszBpGpGoCBPSbgCLWq796dv0jta9Ajlwq0BCEyW55h3Q2NO7mfQuz8cABZLAgWam4"}],"group":"cf-nel","max_age":604800} server: cloudflare vary: Origin, Accept-Encoding
How to pass Request Headers into requests.get(url, headers = headers) in proper format?
Below are the request headers I copied from chrome. How do I pass these values to response = requests.get(url, headers = headers) so that I don't get any error. Should all the keys and values be made strings by enclosing within '' ? :authority: portal.grab.com :method: POST :path: /foodweb/v2/search :scheme: https accept: application/json, text/plain, / accept-encoding: gzip, deflate, br accept-language: en content-length: 87 content-type: application/json;charset=UTF-8 origin: https://food.grab.com referer: https://food.grab.com/ sec-ch-ua: "Google Chrome";v="95", "Chromium";v="95", ";Not A Brand";v="99" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "macOS" sec-fetch-dest: empty sec-fetch-mode: cors sec-fetch-site: same-site user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 x-country-code: PH x-gfc-country: PH x-grab-web-app-version: ~k5VPZk5KBtLKJOP7fLbR x-recaptcha-token: 03AGdBq24a8dFVYhN75ZFSZR6MSzf8anLJEc-c6xCFkUYi87f5FQLlYV8NeHspOYwqJYS1ypTDvpPVU4FG6NbvkwbwHgHCxAOaiHi8sLtnraXL78xszl-HgySw_yBGCadmL4I9TmnDL8HITA4ug4FZ-tITOWIE9AI1L2OWAgFJC25r663aHtF16pJGLJovE4D1IVm2NziSUhWNdlv9aSxym4s1dGhM9YTu0w2FNCfiHqLURKs-sk4GLQ-O1Xv2xuTRuvBiDxXZYisKKt0nnoMpov5CPmwzFVaQGFXVk5xLz05bsbsdN7gf4DcoGD8i1yM3vbNMld-gqgDJ6DhLX3IY6NxJ_2QdH-dQctu4OCB9oPUursOAFs6ph8Xqf_kL3XQLzdO2qRMhU9wVlmAocV8lm8DTF0Urxp1JkRY6X7SeKDeQsX0KX2vO3ZFFjfYb19Gqpts5CQCGJO5j
There is an example how to format headers in Python requests documentation: Custom Headers so in your case it should looks like this: headers = { 'accept': 'application/json, text/plain, /', 'accept-encoding': 'gzip, deflate, br', 'accept-language': 'en', 'content-length': '87', 'content-type': 'application/json;charset=UTF-8', 'origin': 'https://food.grab.com', 'referer': 'https://food.grab.com/', 'sec-ch-ua': '"Google Chrome";v="95", "Chromium";v="95", ";Not A Brand";v="99"', 'sec-ch-ua-mobile': '?0', 'sec-ch-ua-platform': '"macOS"', 'sec-fetch-dest': 'empty', 'sec-fetch-mode': 'cors', 'sec-fetch-site': 'same-site', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36', 'x-country-code': 'PH', 'x-gfc-country': 'PH', 'x-grab-web-app-version': '~k5VPZk5KBtLKJOP7fLbR', 'x-recaptcha-token': '03AGdBq24a8dFVYhN75ZFSZR6MSzf8anLJEc-c6xCFkUYi87f5FQLlYV8NeHspOYwqJYS1ypTDvpPVU4FG6NbvkwbwHgHCxAOaiHi8sLtnraXL78xszl-HgySw_yBGCadmL4I9TmnDL8HITA4ug4FZ-tITOWIE9AI1L2OWAgFJC25r663aHtF16pJGLJovE4D1IVm2NziSUhWNdlv9aSxym4s1dGhM9YTu0w2FNCfiHqLURKs-sk4GLQ-O1Xv2xuTRuvBiDxXZYisKKt0nnoMpov5CPmwzFVaQGFXVk5xLz05bsbsdN7gf4DcoGD8i1yM3vbNMld-gqgDJ6DhLX3IY6NxJ_2QdH-dQctu4OCB9oPUursOAFs6ph8Xqf_kL3XQLzdO2qRMhU9wVlmAocV8lm8DTF0Urxp1JkRY6X7SeKDeQsX0KX2vO3ZFFjfYb19Gqpts5CQCGJO5j' }
ReactJS fetch post API 405 issue
I am using swagger to post APi which works fine, but when I post it from react jsm that cause 405 issue. Fiddler appears the RAW information for swagger as following: POST http://localhost:7100/api/test/submit?guid=17327026-4348-4ce9-aceb-5774c3a724bf HTTP/1.1 Host: localhost:7100 Connection: keep-alive Content-Length: 14 Origin: http://localhost:7100 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.78 Safari/537.36 Content-Type: application/json Accept: */* Referer: http://localhost:7100/swagger/ui/index Accept-Encoding: gzip, deflate, br Accept-Language: en,en-US;q=0.8,zh;q=0.6,zh-CN;q=0.4 Cookie: ASP.NET_SessionId=yzdydpdimqvgpvejykzjqqqb; .ASPXAUTH=dWLGc_XQvl3qTNrEJXsRyk3w-tXBSFeXKC0bIUDzLDLFJi5kbSAt_hcJXQs0-pfz7uVm-VJ27ZGAbN8eErCNV-Wozn3D1ZbHD7ONNN5VCMjT_Joyz_1aIcTZLR401s0TtC4Br1sRlerv0zX4F4xnDLhrIm5YKkGfZj2aZzDgc-KjNPVWY1SEC6k2XqPq54vo9_HUvudihHGlneNx1n2JlodvFxAeYudKnUSBRWpp2rRAx94uF7KmmP5BQoTmBTTq1qKSv98YiPToicePFR32d9yk1Uw1qcFrnkKD2zKOCuJByNgCLN_eC5dOmdLKfPCekciEJ16KfeYg8XeApIf13vCrtGOy-L2EXibWuEjUjKCrUy8sfYTGNZbxDffTg9gNOn7-nfyR5hKLYDM0CxfmENV7S0ExTSFyGhsR5aqqB3oXq3A_i8ENabgGMy_tFyor06S7_vrUUcDlS2hFgsxWzgMrRUdVIlohHK2-slPdbhwuUKIZXKKiSQijwH0RskwF-l8RyVe_0VCcCVipk4MXtncDvrubmEW09LWeOycyc0wc1BmMHL9AATpBHA6WBNLEaMGS9-x-RhFC5YNJW1KtetmlXiaKmiX9L-2wWhVRgjlhmfjtRPjxlVvW1GxyeKC-JOlSPnY6DInNM-qa2dcZjdaoffdnLBvzKTHkJNwzUSZw8fN-Vz6SVmURMtpEQAKmxloNvw "test working" for post from react as following: OPTIONS http://localhost:7100/api/test/submit?guid=17327026-4348-4CE9-ACEB-5774C3A724BF HTTP/1.1 Host: localhost:7100 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache Access-Control-Request-Method: POST Origin: http://localhost:3000 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.78 Safari/537.36 Access-Control-Request-Headers: content-type Accept: */* Referer: http://localhost:3000/?testId=17327026-4348-4ce9-aceb-5774c3a724bf Accept-Encoding: gzip, deflate, br Accept-Language: en,en-US;q=0.8,zh;q=0.6,zh-CN;q=0.4 I believe something wrong in following fetch post function, is there any chance to fix it, then the RAW information can be same as first one. onFormSubmit(Result) { fetch("http://localhost:7100/api/test/submit?guid=" + "17327026-4348-4CE9-ACEB-5774C3A724BF", { method: 'POST', // headers: {'Content-Type':'application/x-www-form-urlencoded'}, headers: {'Content-Type':'application/json'}, // contentType: 'application/json; charset=utf-8', // body: JSON.stringify(result) body: "test working" }) .then((response) => { console.log(response.ok ? 'success' : 'error'); }) .catch(function (error) { console.log('catch error'); }); }
This is a CORS Issue You need to allow requests comming from http://localhost:3000 in you server.
Chrome & CORS with 302 redirects and withCredentials=true
I am having trouble with Chromium-based browsers and CORS requests that include 302 redirects. More specifically, I am having trouble with Chromium versions 34-42 inclusive; 43 and later works, and it seems 33 and earlier versions worked as well (I didn't test too far past 33, 28 worked). My XHR request uses withCredentials=true, so Access-Control-Allow-Origin="*" is not allowed; the server must reply with an Access-Control-Allow-Origin header that echoes the incoming request's Origin header. After receiving the first 302, Chromium 43 and later sends "Origin: null" as part of the redirected request, and accepts 'Access-Control-Allow-Origin: null" in response (as does Firefox). The Chromium series of 34-42 all send the host name as Origin for all requests, and several issues from this time indicate that CORS redirects were only supported with Access-Control-Allow-Origin set to "*", and that "the original XHR must not have allow-credentials set to true", example: https://code.google.com/p/chromium/issues/detail?id=154967 I am hoping this is a misconception, and there is something as an app developer I can do on the client and/or server to coerce those versions to not cancel the redirect, or failing that, ideas for a workaround. Version 33 & earlier sent the entire host name for every request, and the full roundtrip works. One possibility for a workaround I have been experimenting with stems from the fact that, I actually do not need withCredentials=true for the cross-domain request, I only need it for the redirect back to the origin host to exchange cookie-based authentication for an access_token, but I could not find a way to get the client to send a cookie when following the 302 to itself unless it was also sent with the original cross-domain request. To illustrate, here are excerpts from a chrome://net-internals/#events log for a successful request using Chrome 43: [img src] HTTP_TRANSACTION_SEND_REQUEST_HEADERS --> GET /media/uploads/bucket/a746a337-5c20-46a6-a1fc-701e772970fd-bWFpbi1uLW4tMC0wLTAtNDUwLTQ0NQ%3D%3D.jpg?timestamp=1437075435614 HTTP/1.1 Host: media-qa.example.com Origin: https://qa-app.example.com User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36 Referer: https://qa-app.example.com/media/photos/ Cookie: [1568 bytes were stripped] HTTP_TRANSACTION_READ_RESPONSE_HEADERS --> HTTP/1.1 302 FOUND Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-HTTP-Method-Override, Content-Type, X-Requested-With Access-Control-Allow-Origin: https://qa-app.example.com Content-Type: text/html; charset=utf-8 Location: https://qa-app.example.com/oauth/authorize/?request_uri=https%3A//media-qa.example.com/media/uploads/bucket/a746a337-5c20-46a6-a1fc-701e772970fd-bWFpbi1uLW4tMC0wLTAtNDUwLTQ0NQ%3D%3D.jpg%3Ftimestamp%3D1437075435614 [get cross-domain access token] HTTP_TRANSACTION_SEND_REQUEST_HEADERS --> GET /oauth/authorize/?request_uri=https%3A//media-qa.example.com/media/uploads/bucket/a746a337-5c20-46a6-a1fc-701e772970fd-bWFpbi1uLW4tMC0wLTAtNDUwLTQ0NQ%3D%3D.jpg%3Ftimestamp%3D1437075435614 HTTP/1.1 Host: qa-app.example.com Origin: null User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36 Referer: https://qa-app.example.com/media/photos/ Cookie: [1762 bytes were stripped] HTTP_TRANSACTION_READ_RESPONSE_HEADERS --> HTTP/1.1 302 FOUND Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: Content-Type, X-HTTP-Method-Override, X-Requested-With Access-Control-Allow-Origin: null Content-Type: text/html; charset=utf-8 Location: https://media-qa.example.com/media/uploads/bucket/a746a337-5c20-46a6-a1fc-701e772970fd-bWFpbi1uLW4tMC0wLTAtNDUwLTQ0NQ==.jpg?timestamp=1437075435614&access_token=L221i4rC5R8NY2AbP4lIxo7apr6HlIHttKroKkQi3tzUSaL7NE7aoBcLUI432Mast8b/NH7ksFfRhsCOhK7P86Lc4C9GlkRn%2Bze/UBJeG8gbRVlnxdjdzBFfp9kAbYR9onDM9b1bUdRaV1q19it8OL3aBzThrmng1E%2BMmT%2BVyK0qXLqQ6yA/tHfrgyC9XwFbKqW6BQSpLOyVOPHZZ4t3dgzimTD9HJCbLUUjZt7nf7iCAOBcaR9CiUH8vlcP4wkOmXk3AoDslYu6IUZtRHrSs7OplBtTXgmzBlSaum%2BccFzdNu5TuH%2BQkmp2QQHErwRJkUNN9S5ZcRzlXdUGg8%2B698Wh5zYFVa%2B/pEfykkf%2BAuqKjbVicGq%2BgxCYOCuqe4YJU/GPMHsBC6gvVYFmtkDaG4za1N4fvbmBb9u%2BHHZNdW0kvj55N9QgJ86lHZjddvfEivET0TVTo1u0u6Wp/TM4EMXLtMK3urBpEAMWBT9PlE8%3D [url redirection service adds cloudfront signature] HTTP_TRANSACTION_SEND_REQUEST_HEADERS --> GET /media/uploads/bucket/a746a337-5c20-46a6-a1fc-701e772970fd-bWFpbi1uLW4tMC0wLTAtNDUwLTQ0NQ==.jpg?timestamp=1437075435614&access_token=L221i4rC5R8NY2AbP4lIxo7apr6HlIHttKroKkQi3tzUSaL7NE7aoBcLUI432Mast8b/NH7ksFfRhsCOhK7P86Lc4C9GlkRn%2Bze/UBJeG8gbRVlnxdjdzBFfp9kAbYR9onDM9b1bUdRaV1q19it8OL3aBzThrmng1E%2BMmT%2BVyK0qXLqQ6yA/tHfrgyC9XwFbKqW6BQSpLOyVOPHZZ4t3dgzimTD9HJCbLUUjZt7nf7iCAOBcaR9CiUH8vlcP4wkOmXk3AoDslYu6IUZtRHrSs7OplBtTXgmzBlSaum%2BccFzdNu5TuH%2BQkmp2QQHErwRJkUNN9S5ZcRzlXdUGg8%2B698Wh5zYFVa%2B/pEfykkf%2BAuqKjbVicGq%2BgxCYOCuqe4YJU/GPMHsBC6gvVYFmtkDaG4za1N4fvbmBb9u%2BHHZNdW0kvj55N9QgJ86lHZjddvfEivET0TVTo1u0u6Wp/TM4EMXLtMK3urBpEAMWBT9PlE8%3D HTTP/1.1 Host: media-qa.example.com Origin: null User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36 Referer: https://qa-app.example.com/media/photos/ Cookie: [1568 bytes were stripped] HTTP_TRANSACTION_READ_RESPONSE_HEADERS --> HTTP/1.1 302 FOUND Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-HTTP-Method-Override, Content-Type, X-Requested-With Access-Control-Allow-Origin: null Content-Type: text/html; charset=utf-8 Location: https://gbbrsh.cloudfront.net/media/uploads/bucket/a746a337-5c20-46a6-a1fc-701e772970fd-bWFpbi1uLW4tMC0wLTAtNDUwLTQ0NQ==.jpg?Expires=1437075499&Signature=RpCVix5lcF5~Arah0WxhSoB3SN7ZfxXIwnaL8EOdlslIz5c9Ycic1wF~sjwTnWD5fxS~SBhexIz37oqjHjED3MTPiXAmuPjO1mQ-V8ACc8N-geWBIvMQRw9kCjCRmtquSs7TynaFqopv0BpQKH2G1xVdfoDaOZZWso7pXnpR50c2NdyDD-WMZNLKJ657Dj4-wCL8ZJdUPOgiXsfcxM1AZGy5P034SCL8JB8ZyEh1bUDszLkQa8lIpsy08mt9t8ZjFcR2i6bqBZNZOquT3jbOEy8VprL4lmtyOmVJaNTaBevZC6rQ6CM~jd~Ya2FockK5bNGYxM043OU71NExS0lHTg__&Key-Pair-Id=APKAJNUAAHKHVOSPPXTQ Set-Cookie: [349 bytes were stripped] [finally, get cloudfront image] HTTP_TRANSACTION_SEND_REQUEST_HEADERS --> GET /media/uploads/bucket/a746a337-5c20-46a6-a1fc-701e772970fd-bWFpbi1uLW4tMC0wLTAtNDUwLTQ0NQ==.jpg?Expires=1437075499&Signature=RpCVix5lcF5~Arah0WxhSoB3SN7ZfxXIwnaL8EOdlslIz5c9Ycic1wF~sjwTnWD5fxS~SBhexIz37oqjHjED3MTPiXAmuPjO1mQ-V8ACc8N-geWBIvMQRw9kCjCRmtquSs7TynaFqopv0BpQKH2G1xVdfoDaOZZWso7pXnpR50c2NdyDD-WMZNLKJ657Dj4-wCL8ZJdUPOgiXsfcxM1AZGy5P034SCL8JB8ZyEh1bUDszLkQa8lIpsy08mt9t8ZjFcR2i6bqBZNZOquT3jbOEy8VprL4lmtyOmVJaNTaBevZC6rQ6CM~jd~Ya2FockK5bNGYxM043OU71NExS0lHTg__&Key-Pair-Id=APKAJNUAAHKHVOSPPXTQ HTTP/1.1 Host: gbbrsh.cloudfront.net Origin: null User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36 Referer: https://qa-app.example.com/media/photos/ HTTP_TRANSACTION_READ_RESPONSE_HEADERS --> HTTP/1.1 200 OK Content-Length: 48776 Access-Control-Allow-Origin: null Access-Control-Allow-Methods: GET Access-Control-Max-Age: 3000 Access-Control-Allow-Credentials: true Vary: Origin And here is an unsuccessful log using version 42, note that all the redirects using 43 above sent "Origin: null", but 42 sends the host name (which the server replies with), and the client cancels the request: HTTP_TRANSACTION_SEND_REQUEST_HEADERS --> GET /media/uploads/bucket/a746a337-5c20-46a6-a1fc-701e772970fd-bWFpbi1uLW4tMC0wLTAtNDUwLTQ0NQ%3D%3D.jpg?timestamp=1437074740624 HTTP/1.1 Host: media-qa.example.com Origin: https://qa-app.example.com User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Safari/537.36 Referer: https://qa-app.example.com/media/photos/ Cookie: [1571 bytes were stripped] HTTP_TRANSACTION_READ_RESPONSE_HEADERS --> HTTP/1.1 302 FOUND Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-HTTP-Method-Override, Content-Type, X-Requested-With Access-Control-Allow-Origin: https://qa-app.example.com Location: https://qa-app.example.com/oauth/authorize/?request_uri=https%3A//media-qa.example.com/media/uploads/bucket/a746a337-5c20-46a6-a1fc-701e772970fd-bWFpbi1uLW4tMC0wLTAtNDUwLTQ0NQ%3D%3D.jpg%3Ftimestamp%3D1437074740624 HTTP_TRANSACTION_SEND_REQUEST_HEADERS --> GET /oauth/authorize/?request_uri=https%3A//media-qa.example.com/media/uploads/bucket/a746a337-5c20-46a6-a1fc-701e772970fd-bWFpbi1uLW4tMC0wLTAtNDUwLTQ0NQ%3D%3D.jpg%3Ftimestamp%3D1437074740624 HTTP/1.1 Host: qa-app.example.com Origin: https://qa-app.example.com User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Safari/537.36 Referer: https://qa-app.example.com/media/photos/ Cookie: [1769 bytes were stripped] HTTP_TRANSACTION_READ_RESPONSE_HEADERS --> HTTP/1.1 302 FOUND Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: Content-Type, X-HTTP-Method-Override, X-Requested-With Access-Control-Allow-Origin: https://qa-app.example.com Location: https://media-qa.example.com/media/uploads/bucket/a746a337-5c20-46a6-a1fc-701e772970fd-bWFpbi1uLW4tMC0wLTAtNDUwLTQ0NQ==.jpg?timestamp=1437074740624&access_token=JbXemck/weq2TjoVtgwuXDZB1GgmBqlDix3z5WfsWFlf2aZVmCud99wtAU%2BBErVxm6Lk1MRP1ubM/bf59URPs9uXMLYC%2Bnk6lAYQRUBhO3UmBnZk967W/5f9/1YnfRHQe1Y9fGRSkddQJdzdOwkMAvYSCw%2BN1ofkrb4tYKz9OWja1WRuim82Mt5uzdb5eXVLUnlCCgqt9LjN6yDHPm7UjMwQMG8V0kFPIkL4ZGb/5WfXXa2NJY1Qq3GbFGFQID49vw/XDP6B9q9kRIL4D/NuLUocRUvw5iHZciqygpnJl1GaRcVr%2B5%2BBbKBw3c0Gou4X/ojiewnds2pYPPxNGKploy88l4GcjpGw%2BXmDiP4wUgCojhRporBjp2y87AnaY1k6BSI1j9xHxiSnjXT7pMsyXpBfMYCoAwV/w1Fh1E/Tu1ygXJhaOHAx%2B19BxOIYPWFJVw3djggbkN1jRo%2Bde%2BolGjfEXtFarwfx4nyCeNyYAd0%3D Vary: Accept-Encoding URL_REQUEST_DELEGATE [dt=0] +URL_REQUEST_DELEGATE [dt=3] DELEGATE_INFO [dt=3] --> delegate_info = "AsyncResourceHandler" -URL_REQUEST_DELEGATE CANCELLED As I mentioned, if you go back to version 33, it works even though the client was sending the host name in the Origin header for all requests: HTTP_TRANSACTION_SEND_REQUEST_HEADERS --> GET /media/uploads/bucket/a746a337-5c20-46a6-a1fc-701e772970fd-bWFpbi1uLW4tMC0wLTAtNDUwLTQ0NQ%3D%3D.jpg?timestamp=1437076851710 HTTP/1.1 Host: media-qa.example.com Origin: https://qa-app.example.com User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.117 Safari/537.36 Referer: https://qa-app.example.com/media/photos/ Cookie: [1550 bytes were stripped] HTTP_TRANSACTION_READ_RESPONSE_HEADERS --> HTTP/1.1 302 FOUND Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-HTTP-Method-Override, Content-Type, X-Requested-With Access-Control-Allow-Origin: https://qa-app.example.com Location: https://qa-app.example.com/oauth/authorize/?request_uri=https%3A//media-qa.example.com/media/uploads/bucket/a746a337-5c20-46a6-a1fc-701e772970fd-bWFpbi1uLW4tMC0wLTAtNDUwLTQ0NQ%3D%3D.jpg%3Ftimestamp%3D1437076851710 HTTP_TRANSACTION_SEND_REQUEST_HEADERS --> GET /oauth/authorize/?request_uri=https%3A//media-qa.example.com/media/uploads/bucket/a746a337-5c20-46a6-a1fc-701e772970fd-bWFpbi1uLW4tMC0wLTAtNDUwLTQ0NQ%3D%3D.jpg%3Ftimestamp%3D1437076851710 HTTP/1.1 Host: qa-app.example.com Origin: https://qa-app.example.com User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.117 Safari/537.36 Referer: https://qa-app.example.com/media/photos/ Cookie: [1763 bytes were stripped] HTTP_TRANSACTION_READ_RESPONSE_HEADERS --> HTTP/1.1 302 FOUND Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: Content-Type, X-HTTP-Method-Override, X-Requested-With Access-Control-Allow-Origin: https://qa-app.example.com Location: https://media-qa.example.com/media/uploads/bucket/a746a337-5c20-46a6-a1fc-701e772970fd-bWFpbi1uLW4tMC0wLTAtNDUwLTQ0NQ==.jpg?timestamp=1437076851710&access_token=C30mMVgoZSZtkpm3vgMNfLZEpkKT//%2BiZK5gbR39dvPfIaezfjNMocXJ0UCCH10jcE0yvOIrT8yISHerVvGZlGPy2rr2YwXkh1IsYcl0uNGYOP2bDYyz1cJNAwnRYZ4qS0uctDQiKNGZi3oC10TdIwzhz8aaOFAosRFEjPqrT553aXjpZr2SE4Z73TtU2pd%2B7ILICARbjp0r9yhDAAauJgQHkBAkcLVvW5TARQBeRR1OtXbf0CjN764EZ/2GEqCRhvo0rtVUQGUVpt/Sur9yFYUh1b/rFOZJ0o/Oj8rEUEg2c8p/O1ZrpN8emKMB%2BVWLXG97DPO6QpQmzGvaYCZsUDwGfvPNJ8wCtXEdQF0RzQMv3HG71StD9lK30BB46sDTuP24w7tH4PxqjY0cWBUpaMMz/mKLWuSWY6lerx7ibB7Gp%2B9OsclEHeaxKwFr%2BD63RFPmTwBtHKOF/PjIo%2BbmoxJZ07eJYAEYXDtfoLmFvM8%3D Vary: Accept-Encoding HTTP_TRANSACTION_SEND_REQUEST_HEADERS --> GET /media/uploads/bucket/a746a337-5c20-46a6-a1fc-701e772970fd-bWFpbi1uLW4tMC0wLTAtNDUwLTQ0NQ==.jpg?timestamp=1437076851710&access_token=C30mMVgoZSZtkpm3vgMNfLZEpkKT//%2BiZK5gbR39dvPfIaezfjNMocXJ0UCCH10jcE0yvOIrT8yISHerVvGZlGPy2rr2YwXkh1IsYcl0uNGYOP2bDYyz1cJNAwnRYZ4qS0uctDQiKNGZi3oC10TdIwzhz8aaOFAosRFEjPqrT553aXjpZr2SE4Z73TtU2pd%2B7ILICARbjp0r9yhDAAauJgQHkBAkcLVvW5TARQBeRR1OtXbf0CjN764EZ/2GEqCRhvo0rtVUQGUVpt/Sur9yFYUh1b/rFOZJ0o/Oj8rEUEg2c8p/O1ZrpN8emKMB%2BVWLXG97DPO6QpQmzGvaYCZsUDwGfvPNJ8wCtXEdQF0RzQMv3HG71StD9lK30BB46sDTuP24w7tH4PxqjY0cWBUpaMMz/mKLWuSWY6lerx7ibB7Gp%2B9OsclEHeaxKwFr%2BD63RFPmTwBtHKOF/PjIo%2BbmoxJZ07eJYAEYXDtfoLmFvM8%3D HTTP/1.1 Host: media-qa.example.com Origin: https://qa-app.example.com User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.117 Safari/537.36 Referer: https://qa-app.example.com/media/photos/ Cookie: [1550 bytes were stripped] HTTP_TRANSACTION_READ_RESPONSE_HEADERS --> HTTP/1.1 302 FOUND Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-HTTP-Method-Override, Content-Type, X-Requested-With Access-Control-Allow-Origin: https://qa-app.example.com Location: https://gbbrsh.cloudfront.net/media/uploads/bucket/a746a337-5c20-46a6-a1fc-701e772970fd-bWFpbi1uLW4tMC0wLTAtNDUwLTQ0NQ==.jpg?Expires=1437076916&Signature=WBDGSQXer-zAREYgiD1~DA8pUaNUBha4WrUFt-WI5Soh4Z-5ayw35UocOG7DuC9FOnAQAeU5Nvp8hKdofDB--ic4aMH0e~LmHaJ38GtP-lHnyyfQDpjJOEmGM2GY3sB0KG7qa8~eTXX9jKDJTCG9Hkf0EpievuWwiXEKGYaSbe0tkR4CLyhND3sIDJbFGCQQZ7NmhMB-3vOsqDKYKKz9SebuiqO0qbL8SvqBkMEiufXCF2MriR4hVDEjFQssE3ysBbhiMlkaINAeOkEmiZEAjnhB-ncN31Lvy4Lo1LxiyCqKH9QwPOpa6ukK0WrYXWwiTi2VRAaxSjm-xgbGiIArmA__&Key-Pair-Id=APKAJNUAAHKHVOSPPXTQ HTTP_TRANSACTION_SEND_REQUEST_HEADERS --> GET /media/uploads/bucket/a746a337-5c20-46a6-a1fc-701e772970fd-bWFpbi1uLW4tMC0wLTAtNDUwLTQ0NQ==.jpg?Expires=1437076916&Signature=WBDGSQXer-zAREYgiD1~DA8pUaNUBha4WrUFt-WI5Soh4Z-5ayw35UocOG7DuC9FOnAQAeU5Nvp8hKdofDB--ic4aMH0e~LmHaJ38GtP-lHnyyfQDpjJOEmGM2GY3sB0KG7qa8~eTXX9jKDJTCG9Hkf0EpievuWwiXEKGYaSbe0tkR4CLyhND3sIDJbFGCQQZ7NmhMB-3vOsqDKYKKz9SebuiqO0qbL8SvqBkMEiufXCF2MriR4hVDEjFQssE3ysBbhiMlkaINAeOkEmiZEAjnhB-ncN31Lvy4Lo1LxiyCqKH9QwPOpa6ukK0WrYXWwiTi2VRAaxSjm-xgbGiIArmA__&Key-Pair-Id=APKAJNUAAHKHVOSPPXTQ HTTP/1.1 Host: gbbrsh.cloudfront.net Origin: https://qa-app.example.com User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.117 Safari/537.36 Referer: https://qa-app.example.com/media/photos/ HTTP_TRANSACTION_READ_RESPONSE_HEADERS --> HTTP/1.1 200 OK Access-Control-Allow-Origin: https://qa-app.example.com Access-Control-Allow-Methods: GET Access-Control-Max-Age: 3000 Access-Control-Allow-Credentials: true Vary: Origin