I have a GAS application that reads rows from an existing sheet, formats the data into a URL that matches a "pre-filled" URL for a form that I own, and attempts to auto-submit the form data using URLFetchApp.fetch() to a response sheet that I own. The formatted URL looks like this (Id removed):
https://docs.google.com/a/mycompany.com/forms/d//formResponse?pli=1&ifq&entry.887301985&entry.902886422=Account+Name&entry.2050597172=ContactName&entry.491359467=ModelName&entry.405418589=TLINmumber&entry.1727979741=SerialNo&entry.551688184=SRNo&submit=Submit";
This application was working fine until the last couple weeks. Now, it returns an HTTP 200 response, but the data is not (usually) written to the response sheet. I say "usually" because every once in awhile it works.
The response content of the HTTP response, when saved to a doc and opened in a browser, is a Google Apps authentication page, but I can't figure out why it wants to authenticate me when I own all the components involved.
Also,
1) Attempting to sign in using this page gives me an error that cookies are disabled in my browser, when they are not.
2) I can copy/paste the same URL into a page in the same browser as the same user id (plmgdocs) and it works just fine - no authentication page.
This is running in a private corporate google environment.
Any ideas are appreciated. Thanks!
Related
I have a problem with handling POST requests in Google Apps Script. I've created simple project with following functions:
function doGet(e){
return ContentService.createTextOutput("test").setMimeType(ContentService.MimeType.TEXT);
}
function doPost(e){
return ContentService.createTextOutput("test").setMimeType(ContentService.MimeType.TEXT);
}
When I try to send a GET request from postman I get correct response - as expected. However when I try to send POST request I get 405 Method not allowed and HTML error page in response. In deployment settings I set that it should execute as me and should be accessible to everyone.
What am I missing? How to make POST requests work with Google Apps Script?
EDIT:
So as Heiko Theißen wrote below there is 302 redirect at first.
As I can see Postman follows that redirect and sends POST once again to new URL but this request fails and I still don't know why unfortunately. I can see in security section that there is header Allow: HEAD, GET.
I cannot see any preflight request from Postman (as TheMaster suggested).
About reproducibility: I've pasted complete content of google apps script, and I mentioned that I am making request from postman. Here is link to current deployment of that script: https://script.google.com/macros/s/AKfycbyHdVpclM7pH1BB3IzwNjtcH07DF75H8ldqeLQCwQnX71lMs371g-UO-i8JaI5_zRqrDw/exec
Also here is screenshot from Postman - I'm just sending empty POST request without any custom headers. Tried also sending plain text or json as payload but results were the same each time.
So back to my original question: How can I receive POST request successfully in google apps script deployed as Web App?
I make it workable from postman by disabling the annotated option from settings.
If the preflight explanation given by TheMaster does not solve your problem, the following might help:
Requests to Google Apps Script always happen in two stages: The first request draws a redirection response to a generated URL, and the second request to that URL draws the response that you programmed (the text output "test").
When the first request is a POST request, the redirection response has status "302 Found", and the specification is ambiguous about what method the second request should have:
Note: For historical reasons, a user agent MAY change the request
method from POST to GET for the subsequent request. If this
behavior is undesired, the 307 (Temporary Redirect) status code
can be used instead.
Google Chrome makes the second request as a GET request (without repeating the POST payload, which the server already knows under the generated URL) and this works.
However, if your browser or Postman client does not change the method and makes the second request again as a POST (and your screenshot shows this is true), the server does not accept this and responds with "405 Method Not Allowed".
In other words: Google Apps Script expects the second request to be a GET request, but not all clients behave like that, because the specification is ambiguous at this point. Workarounds:
You can influence the behavior of Postman so that it does not preserve the POST method between the first and second request. See here.
Google Apps Script could avoid the ambiguity by responding to the first request with "303 See Other", but it does not. Perhaps create an issue for that?
I am struggling to understand how our local gov website functions. Specifically the URL https://self.maidstone.gov.uk/service/check_your_bin_day
Beginning to enter a postcode (not mine) such as 'ME15 7HQ' and without submitting the form, a list of addresses is available.
Selecting an address and then selecting 'black bin and food', the website will return a result of 'Your collection date will be FRI 30/07/2021'. Again without submitting the form.
Running OWASP's ZAP, I can see that data is being submitted and returned as JSON. The data begins to be submitted as soon as the postcode is being entered.
I'm obviously an amateur but have never seen a site like this. The purposes of the request to Stackoverflow is that I would like (either via curl or a HTTP request) to be able to submit a postcode and address, and then receive the bin days as relevant.
Is this possible? If so any pointers please?
This website uses JavaScript and HTTP requests to dynamically load data.
For viewing those requests, open devtools > Networktab, and click on XHR button:
Afterwards, try to write postcode into the form. For me, it made request to runLookup url. When you click Preview tab, you can see the JSON you was mentioning. In this case, you can find the Street addresses (which are then added to next input on website) is on integration > transformed > rows_data.
The devtools have one amazing feature, that will convert the HTTP request to cURL command, you can do it by right-clicking on the request, Copy > Copy as cURL command:
By this way, you can make the whole process, although, from seeing the whole complexity of their API, I don't think it will be that easy, due you probably would need to preserve cookies, and generally follow some steps of requests to get the result (but this doesn't need to be true, it's just my observation).
Hello I'm doing a PWA and I use Google spreadsheet to store info and send emails.
When I use the app, in the console shows me the "XHR finished loading" message with an url with json data from my entire sheet.
What I want is that people don't have access to that URL or the JSON data, is this possible? or What should I do so that information is not visible in that way?
if your UI can access a URL, anyone could.
You can protect it though, deepening on your server side capability.
If your server side can authenticate the request to have proper credentials, then the protection can be implemented.
But you can't mask anything from UI to prevent users from seeing it. What goes to browser -> user have visibility. PWA wont change that fact.
I configured a twilio phone number with sms and set the messaging request url to a twimlets.com/echo url
that returns....
When I send an sms to the twilio number, a "Why" response comes back as expected.
When I change the request url to point to my web-app, which returns output that looks like this...
The inbound sms is logged, but no "Checking.." response comes back to the sms client.
Looking at the inbound log for the number, I see the message was received, but with a warning...
Further inspection finds the body of the response is html indicating a mis-direction somehow.
now, changing the url from https: to http: I see the following.
As you have figured out by now, this webapp is a google apps script web app hosted on google drive... any clue why this link would be failing when called by twilio, but not from my browser?
Thanks for the help Philnash, using incognito mode led me to discover that the problem was that I had published my apps script web app incorrectly.
create a new version of my apps script File > Manage versions
publish the new version (and be sure to select the new version #)
Twilio developer evangelist here.
I just clicked on the link you provided as your application and was met with a page telling me I did not have permission to view the script. My guess is that's the page Twilio is getting right now and why you're able to see the XML but Twilio sees HTML. I'd take a look at the permissions for the script and try to open it up so that Twilio is able to see the page. Checking in a browser in private/incognito mode should help.
So, I've gotten to the point in my app where I can retrieve a list of spreadsheet documents from a user's Google Drive account by using the Google Spreadsheet API. I populate the file list in a ui control that users can click on to then retrieve the list of its worksheets. It's working as expected in some cases, but in others it is not. In my request, I use the url that comes back from the file list, and even so, the API responds with:
Sorry, the file you have requested does not exist.
Make sure that you have the correct URL and that the owner of the file hasn't deleted it.
Well, surely the file wasn't deleted. I got it back in the response to my request for the files list. I also can get to the file via a normal web browser. Also, the URL is correct because that's the one the API responded with. My code does not manipulate the url that comes back in that initial files response. In fact, here is the URL that is used to grab the worksheets:
https://spreadsheets.google.com/feeds/worksheets/{long key here}/private/full
So, my question is why does my request for some worksheets come back with a response with the actual list of worksheets, but on others (which I have access to, and I know exists) I get the faulty response.
Thanks,
Arie
My app is using OAuth 2.0 and I ran into the same error with new Google Sheets. What fixed that was making a change in scope param sent during OAuth's authorize call and then reauthorising (reinitiating OAuth flow and obtaining new tokens).
Until now scope in my app was just:
https://spreadsheets.google.com/feeds
Updated scope and solution to the issue in my case:
https://spreadsheets.google.com/feeds https://docs.google.com/feeds
I'm running into this in my own stuff. At least for what I'm running into, it seems to be an issue with New Sheets. I'm sorry to not have more of a solution (I'm still trying to find out what to fix on my end) but this may help you narrow down the issue.