I'm trying to use the google drive API using a device_code from the Google API. In the documentation, the Google Drive scope doesn't seem to be listed:
https://developers.google.com/identity/protocols/OAuth2ForDevices#allowedscopes
However, in the exact same page, they have an example that uses the Google Drive API in the https://developers.google.com/identity/protocols/OAuth2ForDevices#callinganapi
When I try connecting using any google Drive scope, with the following request:
POST /o/oauth2/device/code HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Host: accounts.google.com
Connection: close
User-Agent: Paw/3.1 (Macintosh; OS X/10.12.4) GCDHTTPRequest
Content-Length: 136
client_id=clientid&scope=https://www.googleapis.com/auth/drive.readonly
I get this answer:
HTTP/1.1 400 Bad Request
Content-Type: application/json; charset=utf-8
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Tue, 23 May 2017 03:02:31 GMT
Server: ESF
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Alt-Svc: quic=":443"; ma=2592000; v="37,36,35"
Accept-Ranges: none
Vary: Accept-Encoding
Connection: Close
{
"error" : "invalid_scope"
}
I'm just wandering since there is a difference in the documentation if it is or isn't possible to do it, if I made a mistake or not.
Related
I'm using a recent version of Chrome, and when I view a pdf in the browser I'd like to download the file.
When I attempt to download it, it is supposed to have the name "index.pdf".
However, when attempting to download the file I get a "Network Error" and the filename is "download" instead of "index.pdf"
These are the current headers I have for the chrome pdf plugin:
Cache-Control: no-cache, no-store, must-revalidate, max-age=0
Connection: keep-alive
Content-Disposition: inline; filename=index.pdf
Content-Type: application/pdf;charset=iso-8859-1
Date: Fri, 07 Dec 2018 16:42:16 GMT
Expires: -1
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubdomains;
Transfer-Encoding: chunked
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
I expect the app should respond with code 304 instead of 200.
But even IF-NONE-MATCH equals ETAG it doesn't happen.
I use 'Cache-Control: no-cache' to not store a response in cache to be validated each time. Otherwise Chrome uses it's disc cache, which is unacceptable.
Request:
GET /api/v4/record/11728 HTTP/1.1
Host: host.domain.com
Connection: keep-alive
Authorization: Basic YWRtaW467Uc2Zs0eTIwMTM=
Origin: https://host.domain.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36
Accept: application/json, text/plain, */*
DNT: 1
Referer: https://host-ui.domain.com/some_page
Accept-Encoding: gzip, deflate, sdch, br
If-None-Match: W/"39dcd8467e47701a69c617333f7b6dac"
If-Modified-Since: Thu, 13 Apr 2017 16:09:25 GMT
Name
Response:
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,PUT,DELETE,PATCH,HEAD,OPTIONS
Access-Control-Allow-Origin: https://host-ui.domain.com
Cache-Control: no-cache
Content-Encoding: gzip
Content-Type: application/json; charset=utf-8
Date: Thu, 13 Apr 2017 16:20:31 GMT
ETag: W/"39dcd8467e47701a69c617333f7b6dac"
Last-Modified: Thu, 13 Apr 2017 16:09:25 GMT
Server: nginx/1.8.1 + Phusion Passenger 4.0.60
Status: 200 OK
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Powered-By: Phusion Passenger 4.0.60
X-Request-Id: ab87433e-62bd-437f-ad7c-0e1d3f95257b
X-Runtime: 0.209121
X-XSS-Protection: 1; mode=block
transfer-encoding: chunked
Connection: keep-alive
In the application common action looks like:
def action
record = Model.find(params['id'])
if stale?(record)
hard_work_result = to_do_somethig
render json: {
success: 0,
result: hard_work_result
}
end
end
There seems to be a history behind this but short story: gzip is messing with Weak ETags
Weak ETag: ETag: W/"8763458...
Strong ETag: ETag: "8763458...
You can test that this is the problem if you use cURL and disable gzip from Accept-Encoding (or use modheaders in chrome: Disable gzip compression in chrome )
References:
Getting no 304 response in Chrome/Safari but via curl
https://masa331.github.io/2016/01/06/roda-etag-caching-gotcha.html
Weak ETAGs in Rails?
Solution?
When running from nginx itself, the problem did not occur. The first link above suggests that if you are having the problem from within nginx then adding an etag on; after the gzip on; fixes the problem. Specifically though weak etags were not returned. Running from within nginx would seem to be the only option if you want gzip enabled.
my versions
Server: nginx/1.10.2 + Phusion Passenger 5.1.2`)
ii ruby-rails 2:4.2.6-1
ii ruby2.3 2.3.1-2~16.04
Ive managed to work around the problem when running in passenger standalone by editing the nginx.conf.erb and disabling gzip. To do this, you first need to get the template of the conf file:
passenger start --debug-nginx-config
this will put a file called nginx.conf.erb in your current directory. Then you can edit this file to say:
gzip off;
and then start passenger again with this file
passenger start --nginx-config-template nginx.conf.erb
see here for details of downloading and using the nginx.conf.erb
In either case you should be able to see that weak etags are not returned
Having had repeatedly no joy with accessing groups settings via UrlFetch in GoogleAppsScript I looked to test the basic query I was using according to the docs in the APIs Explorer
UrlFetchApp.fetch('https://www.googleapis.com/groups/v1/groups/exampleGroupId#example.com?key={YOUR_API_KEY}', fetchArgs);
Never completes a round tring
The fact that the APIs explorer also fails with similar errors at least gives me some comfort, but where to report the failing?
GET https://www.googleapis.com/groups/v1/groups/exampleGroupId#example.com?key={YOUR_API_KEY}
Authorization: Bearer ya29....[snip]
X-JavaScript-User-Agent: Google APIs Explorer
gives
200 OK
cache-control: private, max-age=0, must-revalidate, no-transform
content-encoding: gzip
content-length: 731
content-type: application/atom+xml; charset=UTF-8
date: Tue, 12 Nov 2013 11:31:09 GMT
etag: "N…[snip]…I"
expires: Tue, 12 Nov 2013 11:31:09 GMT
server: GSE
[application/atom+xml; charset=UTF-8 data]
adding any field to the query
GET https://www.googleapis.com/groups/v1/groups/exampleGroupId#example.com?fields=archiveOnly&key={YOUR_API_KEY}
Authorization: Bearer ya29....[snip]
X-JavaScript-User-Agent: Google APIs Explorer
always results in error
400 Bad Request
cache-control: private, max-age=0
content-encoding: gzip
content-length: 209
content-type: application/vnd.google.gdata.error+xml; charset=UTF-8
date: Tue, 12 Nov 2013 11:33:34 GMT
expires: Tue, 12 Nov 2013 11:33:34 GMT
server: GSE
[application/vnd.google.gdata.error+xml; charset=UTF-8 data]
<?xml version="1.0" encoding="UTF-8"?>
<errors xmlns="http://schemas.google.com/g/2005">
<error>
<domain>GData</domain>
<code>invalidParameter</code>
<location type="parameter">fields</location>
<internalReason>Invalid field selection archiveOnly</internalReason>
</error>
</errors>
Is the API borked?
Try using the Google OAuth 2.0 Playground instead. I think the Groups Settings API Explorer is broken.
I am also having trouble with implementing with in Apps Script. I am stuck in an authorization loop. Similar to this reported bug. https://code.google.com/p/google-apps-script-issues/issues/detail?id=3046
This one works:
view-source:http://code.jquery.com/jquery-2.0.3.min.js
This one does not:
view-source:http://pagead2.googlesyndication.com/pagead/show_ads.js
The network status is "canceled". Response headers:
HTTP/1.1 200 OK
P3P: policyref="http://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Content-Type: text/javascript; charset=UTF-8
ETag: 18135184975683587730
Date: Thu, 11 Jul 2013 10:00:44 GMT
Expires: Thu, 11 Jul 2013 11:00:44 GMT
X-Content-Type-Options: nosniff
Content-Disposition: attachment
Content-Encoding: gzip
Server: cafe
Content-Length: 6489
X-XSS-Protection: 1; mode=block
Age: 2014
Cache-Control: public, max-age=3600
Without "view-source" I'm able to download the file and view the source but I want to know why this happens.
A strange thing in addition is, that it is not possible to open the web delevoper tools after opening this view-source url. If you do, the tools are completely blank:
I'm taking a guess here: it has to do with the Content-Disposition setting in the Response Header.
Reference: http://support.microsoft.com/kb/260519.
I'm trying to do HEAD requests to follow 302 links, however this link: http://news.google.com/news/url?sa=t&fd=R&usg=AFQjCNGrJk-F7Dmshmtze2yhifxRsv8sRg&url=http://www.mtv.com/news/articles/1647243/20100907/story.jhtml
is troublesome because a HEAD request returns a 200 OK and a GET request returns the expected 302 Status code.
So I'll need to do a GET request but I'd rather not have to pay for the extra bandwidth times that will come from getting the entire HTML document. Anyone know a hack to do a GET without getting the body returned?
UPDATE: took David's advice to do a Range header but they seem to still be ignoring it
GET /news/url?sa=t&fd=R&usg=AFQjCNGrJk-F7Dmshmtze2yhifxRsv8sRg&url=http://www.mtv.com/news/articles/1647243/20100907/story.jhtml HTTP/1.1
Range: bytes=0-10
x-ms-range: 0-600
Host: news.google.com
Connection: Keep-Alive
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP/1.1 302 Moved Temporarily
Content-Type: text/html; charset=UTF-8
Location: http://www.mtv.com/news/articles/1647243/20100907/story.jhtml
Content-Length: 258
Date: Wed, 08 Sep 2010 20:28:16 GMT
Expires: Wed, 08 Sep 2010 20:28:16 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Server: GSE
Set-Cookie: PREF=ID=ef5f1bc768645c5e:TM=1283977696:LM=1283977696:S=5n26IrEDpcQTJIb1; expires=Fri, 07-Sep-2012 20:28:16 GMT; path=/; domain=.google.com
<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>
The document has moved
here.
</BODY></HTML>
File a bug with the web server's owner.
Try using the Range header in your request.
If that doesn't work, can you just hang up the connection after you get the headers you want?
In the specific example you cite, you could just pull it out of the original URL's "url" parameter. But for a more generic approach, I'd stick to David M.'s suggestions