I am writing a http handler for a server and I am looking directly at the http requests when they come in from different clients. I can easily deal with normal http requests. The problem occurs when I get a GET or POST request. I do not know how to access the data from the GET or the POST therefore I cannot continue. Could someone please point me in the direction of some where which deals with the issue on how to access the data. Thanks in advance.
Answer:
to do this:
In a GET request the data comes in the URL itself therefore just parse the URL from the HTTP request and look for the question mark and the arguments.
For a POST request there are 2 different ways however the main one means that the arguments are put in the body of the request like this:
q=hello&v=world
The length is specified in the request as well so if you need it is under Content-Length:
Related
I am trying to create a test plan using jmeter.its for an API Post request, I have a header manager, bodydata, checked for spellings and the syntax seems to be correct. However, Im getting 400 response code with the following error shown in the attached image. Anyone with an idea how I can resolve this? Thank you. the error
Here is the request the request
The user doesn't have to be logged in, i have added a header manager, I have also noticed there header has a cookie value thats hard coded but it appears to be the same in every request. In the UI the API request returns 200 and thats what im expecting with the Jmeter script.
In its current form the question cannot be answered comprehensively.
HTTP Status Code 400 means that
The 400 (Bad Request) status code indicates that the server cannot or
will not process the request due to something that is perceived to be
a client error (e.g., malformed request syntax, invalid request
message framing, or deceptive request routing).
Check that your ${site} and ${csVersion} variables have their respective values using Debug Sampler and View Results Tree listener combination
Cross check headers sent by JMeter and by the "UI", the most important is Content-Type
Use a sniffer tool like Wireshark of Fiddler and capture the requests which are being sent by JMeter and the "UI", the requests must be exactly the same apart from dynamic parameters which need to be correlated
The issues was being caused by an anti-forgery cookie which was hard coded in the request.I used a regex to extract the value from a previous request and used a variable value from the regex to make sure the same value is being passed on to the request that was failing.
I'm currently working with an API, which I would think is doing a wrong implementation of a REST API.
We have the following endpoints
GET v1/{organizationId}/invoices
GET v1/{organizationId}/invoices/{guid}
When you GET the first, you get all invoices, but if you get the second endpoint, without the Accept: Application/json header, you get the response from the first endpoint instead.
The company, which provides the API, says the reason for this is because the second endpoint can give both JSON and a PDF output, which would seem as a PDF would be
GET v1/{organizationId}/invoices/{guid}/pdf
Besides that, if send a malformed guid, you get a full blown HTML 404 error page instead of, e.g., a blank page or an error message.
To sum it up
Is the 2. endpoint handled properly?
Is it valid to make PDF an output like JSON/XML?
Shouldn't it be a new endpoint instead?
Is HTML allowed as an error response, even for a malformed request?
Some people don't like to categorize REST-based questions "right" and "wrong", but I will go ahead anyway:
No, the second resource should always return a representation of the second resource, that is, an invoice, never a collection of invoices.
Yes, it is completely OK to potentially return multiple representations of the same "thing". An invoice can conceivably return both json and pdf, and can select the correct one based on the "Accept" header.
No, it shouldn't be a new "endpoint", because these "things" are not "endpoints", but resources. An invoice is a resource, the json document is just a "representation" of the resource.
Yes, an error response can contain a body, with whatever representation the server is comfortable sending. The server should of course orient itself using the "Accept" header from the client, but is not required to do so.
A few remarks: It should not be possible to GET an invoice with a wrong guid, since these resources should be linked from the collection resource. When the client follows links (as it should), there should be no way to follow a link with a wrong guid.
It is wrong to return a completely different resource (invoice collection instead of an invoice), but it is OK to have multiple representations of the same resource. If there is no "Accept" header, the server should pick one, or indicate 406 Not Acceptable.
One small point: The mime-type should not be application/json, because how do you know it's an invoice then? It should be something like: application/vnd.someprovider.invoice+json. No one bothers with mime-types these days, but I mention it just for completeness sake.
I have been using Mandrill webhooks from a long time and till now I haven't encountered this error.
But now I see this error, I am not sure what has caused this ?
Please let me know why this might be happening and what might be the possible solution for the same.
Is it related to my server handling capacity because I have checked for that as well and Mandrill doesnt have too many concurrent request that it is sending to my Apache server, so according to me that is not an issue and also mysql also doesn't seem to be causing the bottleneck, but then I I have not used any benchmarking tool to determine the same.
Please let me know the solution if you guys have encountered something like this.
It seems that the URL is not responding to the request. There could be a few reasons:
If the URL points to an internal server, a firewall could be blocking it or a port number (if given).
Once set up the webhook will send via a POST HTTP verb, however for testing it sends a HEAD request. Quite often web servers (e.g. IIS) will limit what verbs they respond to and will only respond to GET and POST requests.
If that's working your URL should respond with just headers only to acknowledge the request. (HEAD doesn't allow any page content to be sent) so it should only do something like this for a HEAD request:
<?php header( 'Content-Type:' ); // returning 200 ?>
More details on their site
http://help.mandrill.com/entries/22024856-Why-can-t-my-webhook-or-inbound-route-URL-be-verified-
You may wish to try this tool to see what HTTP header result is being returned (if any) or if another error is being returned, just remember that if the URL is internal, it could be blocked to the outside world.
https://chrome.google.com/webstore/detail/postman-rest-client/fdmmgilgnpjigdojojpjoooidkmcomcm?hl=en
I'd like to know if the POST method on HTTP sends data as a QueryString, or if it use a special structure to pass the data to the server.
In fact, when I analyze the communication with POST method from client to server (with Fiddler for example), I don't see any QueryString, but a Form Body context with the name/value pairs.
The best way to visualize this is to use a packet analyzer like Wireshark and follow the TCP stream. HTTP simply uses TCP to send a stream of data starting with a few lines of HTTP headers. Often this data is easy to read because it consists of HTML, CSS, or XML, but it can be any type of data that gets transfered over the internet (Executables, Images, Video, etc).
For a GET request, your computer requests a specific URL and the web server usually responds with a 200 status code and the the content of the webpage is sent directly after the HTTP response headers. This content is the same content you would see if you viewed the source of the webpage in your browser. The query string you mentioned is just part of the URL and gets included in the HTTP GET request header that your computer sends to the web server. Below is an example of an HTTP GET request to http://accel91.citrix.com:8000/OA_HTML/OALogout.jsp?menu=Y, followed by a 302 redirect response from the server. Some of the HTTP Headers are wrapped due to the size of the viewing window (these really only take one line each), and the 302 redirect includes a simple HTML webpage with a link to the redirected webpage (Most browsers will automatically redirect any 302 response to the URL listed in the Location header instead of displaying the HTML response):
For a POST request, you may still have a query string, but this is uncommon and does not have anything to do with the data that you are POSTing. Instead, the data is included directly after the HTTP headers that your browser sends to the server, similar to the 200 response that the web server uses to respond to a GET request. In the case of POSTing a simple web form this data is encoded using the same URL encoding that a query string uses, but if you are using a SOAP web service it could also be encoded using a multi-part MIME format and XML data.
For example here is what an HTTP POST to an XML based SOAP web service located at http://192.168.24.23:8090/msh looks like in Wireshark Follow TCP Stream:
Post uses the message body to send the information back to the server, as opposed to Get, which uses the query string (everything after the question mark). It is possible to send both a Get query string and a Post message body in the same request, but that can get a bit confusing so is best avoided.
Generally, best practice dictates that you use Get when you want to retrieve data, and Post when you want to alter it. (These rules aren't set in stone, the specs don't forbid altering data with Get, but it's generally avoided on the grounds that you don't want people making changes just by clicking a link or typing a URL)
Conversely, you can use Post to retrieve data without changing it, but using Get means you can bookmark the page, or share the URL with other people, things you couldn't do if you'd used Post.
http://en.wikipedia.org/wiki/GET_%28HTTP%29
http://en.wikipedia.org/wiki/POST_%28HTTP%29
As for the actual format of the data sent in the message body, that's entirely up to the sender and is specified with the Content-Type header. If not specified, the default content-type for HTML forms is application/x-www-form-urlencoded, which means the server will expect the post body to be a string encoded in a similar manner to a GET query string. However this can't be depended on in all cases. RFC2616 says the following on the Content-Type header:
Any HTTP/1.1 message containing an entity-body SHOULD include a
Content-Type header field defining the media type of that body. If
and only if the media type is not given by a Content-Type field, the
recipient MAY attempt to guess the media type via inspection of its
content and/or the name extension(s) of the URI used to identify the
resource. If the media type remains unknown, the recipient SHOULD
treat it as type "application/octet-stream".
A POST request can include a query string, however normally it doesn't - a standard HTML form with a POST action will not normally include a query string for example.
GET will send the data as a querystring, but POST will not. Rather it will send it in the body of the request.
If your post try to reach the following URL
mypage.php?id=1
you will have the POST data but also GET data.
The answer to this little question will clear everything up for me.
If have a form tag that has a Get method and an action of some random script.
When I hit the submit button on the page, the Get Method is sent to HTTP and HTTP is what appends the query string to the url, the HTTP then returns a 20X status if the response is good and a 40X is a bad response? And our action goes to our webserver to run the script?
HTTP is transport and HTML is content. The Form submit calls a GET or POST request on the server depending on the action defined for the HTML form. The Form's arguments are appended by the Browser's form logic to the HTTP request, depending whehter GET or POST is used, they are attached to the request URL or put into the request body.
Then the request is handled on the server and the result is returned by the server logic (which can be a CGI, some perl script, a J2EE application etc.).
The server seponds with a HTTP status code (where everything below 300 is a success, and everything above 399 is an error - see here:HTTP staus codes ).
You are sending your form's data via HTTP using the "get" request. HTTP is a protocol and not a server. Your request is handled by a server who knows how to handle the HTTP protocol, eg. Apache.
The server processes the data and sends back a response. As you mention there are different kind of responses. 404 is best known (document not found).
The script is not run on the server, it is run on the client (the browser).
HTML is the markup code that describes the structure of the page. Browsers interpet the HTML code they receive and construct your page from it. Check here for more details: Wikipedia: HTML
The HTTP is the protocol used by the browser to talk to the server. Check this for more details: Wikipedia again: HTTP