Aborting http request sent via Feign client - spring-cloud-netflix

Is there any way to cancel an http request sent via feign client? I thought of intercepting the requests to store them somewhere so I can abort them if needed but there no such method provided by "Request" class. I want to abort file download.

Related

is there any easy way to check binary format of http2 request and response payload

I am trying to study how the http2.0 request and response are encoded in binary. Postman doesn't support http2.0 I have tried to use curl --http2 to send a request and capture. But it is not working as http request package cannot be captured if there is no connection established. So I have to create an http2 server using python but it still failed for some reason.
Is there anyway to quickly view different http2 request packages in tools such as Wireshark so that I can view how it is encoded?
Note: It will be better that the request payload contains json payload or image payload. It will also be better if I can set up an easy RESTful http2 server with get and post method. It will be even better if a http2 request can be simulated directly in local machine or there is any public REST server with public documentation using http2 protocol.

POSTMAN client send correct JSON response but the Chrome browser receives HTML

This sounds very absurd but I opened up an old React project of mine and the view does not render. Upon inspection, I found it is receiving a HTML response from the Flask server. However, I am sending valid JSON response to the frontend. This is evident from the POSTMAN client too which throws a JSON response.
So to summarise, Postman Client is receiving expected JSON response from Flask server BUT the Chrome browser is not ! How /Why is this happening ?
Attaching the screenshot below
The server and client are running on different ports. The Postman requests are sent to the port 5000 and any endpoint is relative to localhost:5000 . Hence the response on Postman is as expected. However, for the React frontend to redirect its calls to the backend running on port 5000 , we need a way to tell the frontend to do so since endpoints are relative to the address on which they are running. Hence, an endpoint /questions for the server running on 5000 means localhost:5000/questions but for the frontend means localhost:3000/questions . This connection is provided by setting proxy on the package.json of your project. The value of the proxy would be the server address .

Spring boot oauth2 auth server sessions

I'm attempting to understand how spring boot uses http sessions to manage the oauth authorization code flow.
I understand that after the user submits their credentials via the /login form spring will persist the authentication object so it can be retrieved when the browser is redirected to retrieve the authorization code.
What I dont understand is if the browser needs to sends jsession cookie to the server or http basic authentication header when invoking this flow.
For example if I wanted to initiate the flow manually via curl do I need to specify any special headers ?
It doesn't use HTTP sessions to persist it, the client ID and authorisation code (the code that's passed back to the client app after the user authenticates) is used to identify the authentication object. The authorisation code is then used to obtain the access token.
So:
The client app redirects to the auth server, passing in their client ID.
The user authenticates with their username and password on the auth server , which stores the authentication against the code and client ID and passed the authorisation code back to the calling app as a request param on the redirect URL.
The client app calls back to the auth server, authenticating with it's client ID and secret and passing in the authorisation code. This is then swapped for the access (and possible refresh) token.
If the app needs the user details, the client app calls the user details endpoint authenticating with the access token it now has.

proxy rewrite location header field on redirect

Is it possible to configure the proxy on a secured route so that on a redirect the location header field in the response is rewritten to HTTPS?
I get Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://complan-complan.a3c1.starter-us-west-1.openshiftapps.com/planner
when I log in to the application. But also without login the request to the above URL is redirected to HTTP and again to HTTPS.
Thanks!
When the exposed route in OpenShift is set to TLS edge termination then the build-in HAProxy will terminate the HTTPS connection and create a new HTTP connection to your application.
To get the original client-ip/protocol/port the proxy inserts the HTTP headers X-Forwarded-For, X-Forwarded-Proto and X-Forwarded-Port.
For redirection to work correctly you have to tell your framework/server to use those fields. In your case with Wildfly you can follow theses instructions
There are samples for other frameworks/servers in the OpenShift FAQ:
https://developers.openshift.com/faq/troubleshooting.html#_how_do_i_redirect_traffic_to_https

Why WebSocket can share the 80 port with HTTP "after the handshake"?

As I understand:
A port designates a program on the server.
When we say to share a port, it actually means to have the requests processed by the same program listening on that port.
The WebSocket handshake resembles the HTTP format, so it can be understood by the server program that handles HTTP protocol. So it's OK to send the handshake request to port 80.
But after the handshake, the WebSocket data format is totally different from HTTP format, how could it still be sent to port 80? Such as via URL like below:
ws://somehost:80/chat
How does it work out?
My guess:
Does the HTTP program see that the incoming request on port 80 cannot be handled as HTTP, and then it will pass it to WebSocket program to process it. If so, what if there's some other protocol that wants to share port 80, say WebSocket2, how could HTTP program know which protocol to pass on to if there's not a way to identify the protocol being used.
ADD 1
Based on jfriend00's reply, I draw the following diagram:
So WebSocket and HTTP traffic in the same browser are actually carried out through different socket connections. Though they both start by connecting to server's port 80.
I think if the word WebSocket doesn't contain a socket in it, it will be easier to understand it as just another application level protocol over TCP protocol.
ADD 2
I refined the above diagram to below based on jfriend00's further comments.
What I want to show is how WebSocket communication and HTTP communication to the same server coexist in a browser.
ADD 3
After reading this thread, I recalled that the server port doesn't change when server accept a connection: Does the port change when a TCP connection is accepted by a server?
So the diagram should be like this:
The TCP connection for HTTP and the TCP connection for WebSocket should be using different client ports.
When a server listens on a given port, it is listening for incoming connections. When a new incoming connection arrives, it is given its own socket to run on. That socket provides the connection between the two endpoints. From then on, that socket runs completely independently from all other sockets that might also be connected.
So, one incoming http request can specify the "upgrade" header and get upgraded to webSocket and then both ends agree to talk the webSocket protocol from then on. Meanwhile, other incoming http requests without that upgrade header are treated only as normal http requests.
In case you don't quite understand how the webSocket protocol works, you can get a full look at how it connects here.
Here are the main steps:
The client requesting a webSocket connection, sends an HTTP request to the server on port 80.
That HTTP request is a perfectly legal HTTP request, but it has a header included on it Upgrade: websocket.
If the server supports the webSocket protocol, then it responds with a legal HTTP response with a 101 status code that includes a header Connection: Upgrade.
At that point, both sides then switch protocols to the webSocket protocol and all future communication on that socket is done using the data format for the webSocket frame.
Any other incoming HTTP requests that do not contain the upgrade request header are treated as normal HTTP requests.
Does the HTTP program see that the incoming request on port 80 cannot
be handled as HTTP, and then it will pass it to WebSocket program to
process it.
No, the first request IS a legal HTTP request (just with a special header in it) and the response sent back is a legal HTTP response. But, after that response, both sides switch protocols to webSocket. So a custom header is used to tell the web server that this incoming HTTP request is meant to be the first step in establishing a webSocket connection.
If so, what if there's some other protocol that wants to share port
80, say WebSocket2, how could HTTP program know which protocol to pass
on to if there's not a way to identify the protocol being used.
This upgrade mechanism could be used to support other protocols too by just specifying a different protocol name Upgrade: someOtherProtocol though I'm not aware of any others that have been standardized.
Because the browser use a new port to connect and send/receive messages to/from the server.