I'm trying to create a http POST request using POSTMAN to this URL:
http://www.mfinante.ro/agentinume.html?pagina=domenii
on the codFiscalForm from HTML.
I set the input name=Oracle and judet=BUCURESTI and I'm receveing a piece of HTML, where I don't have the information I need (a HTML table form).
What I am doing wrong?
The reason of missing HTML table data in HTTP response is: The POST /numeCod.html request (action of codFiscalForm) is protected by TS*** Cookies. In POST /numeCod.html request, if TS*** Cookies, such as TS018732dc, TS5d0550f8_27 etc. are missing or incorrect, the request would be rejected by server.
When is TS*** Cookies retrieved/updated?
TS*** Cookies are retrieved or updated when you open webpage /agentinume.html?pagina=domenii. Please note all HTTP responses when open /agentinume.html?pagina=domenii will set/update TS*** Cookie, including responses of .js, .png files request.
When the result page is opened after submitting form, the TS*** Cookies are updated again.
How to confirm TS*** Cookies are critical for retrieving data?
On webpage, before click button VIZUALIZARE, you can open browser debug tool, such as Chrome DevTools, and delete one TS*** Cookie in panel Application - Cookies. After that, click button VIZUALIZARE will lead to an HTML page without table data.
Why Postman does not work even when TS*** Cookies are defined in headers?
Because TS*** Cookies keep changing, it is very difficult (if not impossible) to get the latest valid TS*** Cookies programmatically.
Related
I developed a contact form for my site and it is working and redirects to another url inside my domain when it is sent (for example lets say domain.com/sent). The thing is, if someone by chance decides to access the url domain.com/sent directly, it can be accessed like if he had submitted the form and was redirected there. I also have configured a 404 error custom page for any other page outside the existing ones, is there any way of disabling the domain.com/sent external access and redirecting to the error 404 page and keeping the sent page only for the users who really submitted the form?
Have the response to the POST request to the form handler set a cookie.
Have the handler for /sent test for that cookie and:
If it is set:
Delete the cookie
Display the sent page
If it not send:
Do something different such as displaying an error or redirecting
I have a situation, when I should to send a POST request to authenticate user, if it's succeed then server set a cookie and then we can get a protected page:
First request by Postman:
Second request (after first):
I need to implement it on web page. As I understand now, it's possible only via frames. How to do it? First request should be sent automatically after opening a page, so, user should open the page and see a protected page.
Cookie Authentication is you are trying to achieve?, here is are some links which will help to you with that.
https://dzone.com/articles/cookie-authentication-with-aspnet-core-20
There is a website and I want to access their backend api. I found a request which gives me json response, but when I change some parameters in the url, response is not changing, it's the same. I am not sure about the other parameters, but this one parameter that I want to use should change the response, but it's not.
Furthermore, when I monitor network tab in developer tools in chrome, and I send the request for the whole website, request that I want to use is listed and the response has the data I want, but when I copy that URL and send the request myself (isolated from the website) I am getting different response.
I've tried with two different locations over VPN and clearing chrome cache and it didn't work. Is there a way for this request to give the same response when caught while whole website is loading and when triggered manually?
I solved this problem by setting the appropriate request header. There was a request header that changed the api response.
As part of email signup process, I send a url in an email. The client should click it, my server applications sends a 303 response redirecting the client to the home page and the browser should open the home page. But this isn't happening. I am unable to debug whether this is a browser issue or web-server issue.
in this pic, you could see that on clicking the url, a request GET is sent and 303 is received
Here, I don't see any request going out (I see request headers but I am not convinced that the request was sent). In the timing tab, it looks as if the request is stalled
It seems the issue was the way I was redirecting. In of redirecting using absolute path Redirect("http://localhost:9000/home"), I wasn't using http i.e. Redirect("localhost:9000/home") which made the path relative. The initial request was http://localhost:9000/ws/users/signup/ and the new request after redirect became http://localhost:9000/ws/users/signup/localhost:9000/home which probably messed up something in the browser.
Most JWT tutorials I've seen say that you can attach it to the headers with AJAX. How do you attach the token on the initial page load?
For example, if a user goes to the base URL '/' and they don't have a token then show them the page. If they do have a token, redirect them to their profile page.
Edit:
I'm returning the generated token with a jquery ajax success function then redirecting the user. When the user gets to the home page ('/'), I'd like the access token to be sent via http headers to my server. Then the server can handle the request. However, anytime the user returns (if they close the browser and go to "mywebsite.com" or any other page), I'd like the server to be able to access the token. Are http headers the best way to do this?
success: function(token){
localStorage.setItem("token", token);
window.location.href('/');
}
If my application was a Single Page App (SPA), I could just use ajax all of the time, but it's not.
You cannot achieve what you want with HTTP headers. HTTP headers are something which are sent when a request is made to the server. In your case, you want to remember something about the client even if they close their website and come back later. The easiest to do that is through cookies.
Basically generate the JWT token for the client and send it to the client as a cookie. This logic will be written on the server side and there are many libraries available to do this depending on the technology you have chosen for server side. Then everytime the client makes a request to your server, browsers make sure that the stored cookies are sent.