XHR Date header not being applied in WindowsPhone 8 request - windows-phone-8

I am communicating with a third party service via XHR (cannot use ajax as I need to send as ArrayBuffer). I had a bunch of problems getting this to work under WP8 but have finally gotten a connection (always worked fine under android and iOS (phonegap)). The problem I have is that I need to send through a couple of specific headers for authentication. I am sending this through as:
xhr.open("POST", url, true);
xhr.timeout = 30000;
xhr.setRequestHeader("Content-Type",contentType+"; boundary=" + boundary);
xhr.setRequestHeader("Accept","application/json; charset=utf-8");
xhr.setRequestHeader("Authorization",auth);
xhr.setRequestHeader("Date",todayString);
xhr.send(bodyBuf);
In essence this works fine other than: the 'Date' header is never received. I constantly get back a response of 'Date header required'. I know that the actual connection is not something that you will be able to advise on, however I am wondering if anyone has encountered this before? Is everyone else able to set the xhr 'Date' header in WP8 which would imply that something is different in my code/setup or if anyone has any ideas.
btw, I am getting the same result when testing through the emulator and via an HTC it is not specific to a single device. but to the WP8 platform
Thanks,

Have found that this is a known problem. the ie httpwebrequest does not contain a 'Date' header so this can never be set. In order to do this, I have had to make a WP plugin to use the recently added mobile-httpclient code, which can set the 'Date' header.

Related

Access-Control-Request-Private-Network header issues

Today we updated the last version of google chrome browser (Version 102.0.5005.61). We have an aplication that runs into a vpn. And since then we start getting this errors on the console:
As you can see we get a timed out error on the preflight and then the xhr request fails.
We noticed that on this version of chorme they add the new header: Access-Control-Request-Private-Network. An that is what I see on the preflight headers:
Serching on what could be wrong, since this is happening only when we update the chrome version and in other browsers the site works perfectly; Ive found this:
https://developer.chrome.com/blog/private-network-access-preflight/
On the article is explained what to do and how to handle this.
And show kind of what is happening to me:
If your request would have triggered a regular CORS preflight without
Private Network Access rules, then two preflights may appear in the
network panel, with the first one always appearing to have failed.
This is a known bug, and you can safely ignore it.
Based on that I added the new header support on my API that is made on JAVA with spring boot.
response.setHeader("Access-Control-Allow-Methods", "GET, POST, DELETE, PUT, OPTIONS");
response.setHeader("Access-Control-Allow-Headers", "content-type");
response.setHeader("Access-Control-Allow-Credentials", "true");
response.setHeader("Access-Control-Max-Age", "180");
response.setHeader("Access-Control-Allow-Private-Network", "true");
response.setHeader("Access-Control-Expose-Headers", "Content-Disposition");
As you can see just added the header and return 200 for the option request
if ("OPTIONS".equals(request.getMethod())) {
response.setStatus(HttpServletResponse.SC_OK);
return;
}
The site is running, meaning it get served and is loaded on chrome browser but all the API calls from the site get that error. (See screen shoots avobe).
But still after that have the same issues. Any one had the same issue and was able to solve?
Any help will be appreciated!
Thanks!
EDIT:
We just add the headers on the preflight response:
Access-Control-Request-Private-Network: true
Access-Control-Allow-Private-Network: true
Then we go to the google flags configuration and disable this:
Now Im not sure why google thinks that my requests are insecure.
This issue is coming for Private and Public combination, like our web is deployed as CloudFront Public URL and backend is Private api hosting, so we are also facing this issue, currently only disabling "Send Private Network Access preflights" property of chrome is working (its only enough).
We have tried setting "preflight request will carry a new header, Access-Control-Request-Private-Network: true, and the response to it must carry a corresponding header, Access-Control-Allow-Private-Network: true" but no luck till now.
Our another web application on which FE/BE both are private hosting is working fine.

How to solve this "Caution: request is not finished yet in chrome"

I am facing an issue related to loading JSON data.
When I monitor JSON call on Developer Tools of Chrome, I get the following message in the network tab of Chrome Developer Tools.
Caution: request is not finished yet
Attaching a snip for reference:
It is caused by two-step response loading. If you are using some low-level API, make sure that you fetch not only headers, which arrive first, but also body content that comes later as a stream.
I had the same issue when using the fetch function in JavaScript. To solve it, make sure you call a method that reads the body of the response like json() or text():
// Sends request and loads only headers
fetch('/foo');
// Sends request, loads headers and then fetches the body as JSON
fetch('/foo').then(response => response.json());
In my case response headers were also loaded properly and I had a successful HTTP status code, but I was missing the body content and I had Caution: request is not finished yet inside Chrome Developer Tools.
consider removing all extensions and closing all the browser tabs
for me it helped - upon restart, all is well.
So strange
In my case, I needed to use response.text() instead of just using response. The usage of just response yields in "Caution: request is not finished yet"
fetch("API_URL_GOES_HERE", requestOptions)
.then(response => response.text())
.then(result => console.log(result))
A tip here would be: Open Postman's Code snippet and view the actual JS Fetch that is happening.
I ran into this issue due to a programming error that caused an infinite loop in my JavaScript code.
Some time ago Chrome would point out that a script is stuck, but for some reason such a message did not show up in my Chrome. Instead, I found this error in the network tab.
Trying Firefox, it showed the error message "This page is slowing down Firefox. To speed up your browser, stop this page".
This helped me figure out that in my case the issue was not related to the request, but was actually caused by a script running forever.
Apparently, the infinite loop in JavaScript causes Chrome to not finalize the request or at least it does not update this display. I am not sure why Chrome would not show a more meaningful error message that a script is stuck.

JSON syntax error in Opencart 2.0.3.2 RC multi store

Via github I installed the 2.0.3.2. RC version on my digital ocean VPS. All seemed to work fine, but just like many others i got problems with the JSON syntax error. I spent hours reading through forum pages about
API users that have to be made
API users that have to be appointed
Maintenance mode that had to be switched off
the json = array(); solution
and cUrl loopback restrictions (including the vqmod curl loopback workaround ) http://forum.opencart.com/viewtopic.php?f=191&t=146714
All of these solutions didn't seem to work... When i finally found out that I had my VPS access restricted on IP address and removed this restriction the order history update seemed to work fine so I assumed ALL was ok.
Today when I tried to edit an order, the same following error came popping up. So I started going over the forums again for a solution.
While heavily frustrated trying things i bumped in to this strange behaviour. When on the first page of order editing I get the error, but when I select the standard shop... all works fine... I can edit the order exactly how i want... but when i switch the option back to the store the order was placed in... it responds directly with the same error (see attachment).
I'm not sure if there are any other multistore users that are on 2.0.3+ that have shops that are working fine?
Could you think with me? Could it be something with the Cross-Origin Resource Sharing policy? All suggestions are welcome!
Go to Settings, edit your store (not Default),
and on first tab (Genaral), make sure that your SSL URL is set.
If you don't have SSL, then set the same value as Store URL.
Hope this helps.
Probably a cross origin policy issue as you mentioned. I solved this issue on 1.5.6 as well as the crossdomain cookie issue (which has never worked properly to my knowledge on any version) by adding:
xhrFields: { withCredentials: true },
In the AJAX request as well as setting access-control-allow-credentials on the receiving header. The trick here is that for cross origin headers to work this way you need to explicitly declare the URL which is allowed (i.e., Header set Access-Control-Allow-Origin "*" will not work). The next trick is that you don't want to accept these headers from any and every URL.
To work around this, I added something like this to the manual.php controller - which in 2.0+ would be api/order.php (and for cross domain cookie sharing common/header.php as well):
$this->load->model('setting/store');
$allowed[] = trim(HTTP_SERVER,'/');
$allowed[] = trim(HTTPS_SERVER, '/');
$stores = $this->model_setting_store->getStores();
foreach ($stores as $store) {
if ($store['url']) $allowed[] = strtolower(trim($store['url'],'/'));
if ($store['ssl']) $allowed[] = strtolower(trim($store['ssl'],'/'));
}
if (isset($this->request->server['HTTP_REFERER'])) {
$url_parts = parse_url($this->request->server['HTTP_REFERER']);
$origin = strtolower($url_parts['scheme'] . '://' . $url_parts['host']);
if (in_array($origin,$allowed)) {
header("access-control-allow-origin: " . $origin);
header("access-control-allow-credentials: true");
} else {
header("access-control-allow-origin: *");
}
} else {
header("access-control-allow-origin: *");
}
header("access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept");
header("access-control-allow-methods: PUT, GET, POST, DELETE, OPTIONS");
This would basically create an array of all acceptable URLs and if the request is valid it sets the HTTP headers explicitly to allow cookies and session data. This was primarily a fix for cross-domain cookie sharing but I have a feeling it may be helpful for working around the 2.0 api issue as well.
A colleague of me found out the api calls are always done through ssl, all I had to do is add the normal store url in the SSL field in the settings from the store (not the main).

Using Ext JS with my HTML Files

I have an application uses Spring Security 3(has a Jackson Marshaller) runs on a Tomcat 7. I designed my application with Jquery and it runs well. I designed a login page with Ext JS and after successful login it redirects to index.html. However it gives an error and can't redirect because when server sends HTML file it comes into that function at Ext JS:
Ext.util.JSON = new (function(){
...
doDecode = function(json){
return eval("(" + json + ")");
},
...
I wants to render it as a JSON response and gives an error as usual. How to solve it?
PS: It gives that on Firebug:
syntax error
[Break On This Error] (<!DOCTYPE html>
The server is not returning valid JSON. Its look as if it is returning a HTML page (perhaps a friendly error page). If you follow the stack trace up its probably Ext.decode response.responseText (inspect this you'll see whats returned although not the best way)
First step would be to investigate the request in the Net panel in Firebug or Chrome, look at the request and response headers and content this will point you in the right direction. Please please please do not resolve this problem without first learning to use a client side browser debugger (Firebug or Chrome Dev Tools or even Safari) such as walking the stack on break on error, break on XHR, inspect the XHR headers and response etc.. not just watching the console window.
You might be able to fix this continuing blind but you'll pay heavily again next time.

faultEvent message body of HTTPService empty in Mozilla and Chrome

I am using HTTPService for authentication in my appliaction and I am parsing the messahe body of faultEvent of fault handler to determine what fault is coming. Every thing is working fine in IE but in case of Chrome and Mozilla the message body of FaultEvent of faulthandler is coming empty.
Please suggest how can I handle faults in Mozilla and Chrome ?
Had similar problem and found that flash gets from server only 'HTTP 200' responses. All faults are handled as faults without any messages forwarded. So, we 'invented' our own web-services, that add additional header. We always return status 200 for HTTP response, but add return code and message into our header.
Then we parse our custom header and have true response.
Also have read, that this problem is solved in newest flash player 10, but maybe still in development versions. And because we need to support also version 9, we keep using our custom headers.