I develop a Chrome uses XMLHttpRequest to send a GET HTTP request with an username/password to a basic-auth-protected URL, so that it can then "auto-login" to it afterwards (since Chrome caches credentials for HTTP basic-auth).
Here's the code I use:
var xml = new XMLHttpRequest();
xml.open('GET',<url>,false,<username>,<password>)
xml.send('');
After some additional research, I found out that it might have to do with Chrome 19 not supporting the username:pwd#url syntax for authenticating to basic-auth protected URLs, because when I send the XMLHttpRequest, I see this in Google Chrome's js console:
GET http://user:pass#domain.com 401 (Unauthorized)
Does anyone know whether it's a bug or if Chrome stopped supporting this feature?
My function
function autoLogin(domain, user, password) {
var httpAuth;
if (window.XMLHttpRequest) {
httpAuth = new XMLHttpRequest(); // code for IE7+, Firefox, Chrome, Opera, Safari
}
else if (window.ActiveXObject) {
httpAuth = new ActiveXObject("Microsoft.XMLHTTP"); // code for IE6, IE5
}
else {
alert("Seu browser não suporta autenticação xml. Favor autenticar no popup!");
}
var userName = domain + "\\" + user;
httpAuth.open("GET", "/_layouts/settings.aspx", false, userName, password);
httpAuth.onreadystatechange = function () {
if (httpAuth.status == 401) {
alert("Usuário e/ou senha inválidos.");
eraseCookie('AutoLoginCookieUserControl_User');
eraseCookie('AutoLoginCookieUserControl_Password');
}
else {
if ($(".pnlLogin").is(':visible')) {
$(".pnlLogin").hide();
$(".pnlUsuario").css("display", "block");
$(".avatar").css("display", "block");
var name = $().SPServices.SPGetCurrentUser({ fieldName: "Title" });
$(".loginNomeUsuario").html("Seja Bem Vindo(a) <br />" + name);
}
}
}
var userAgent = navigator.userAgent.toLowerCase();
$.browser.chrome = /chrome/.test(navigator.userAgent.toLowerCase());
if ($.browser.chrome == true) {
httpAuth.setRequestHeader("Authorization", "Basic " + btoa(userName + ":" + password));
}
try {
httpAuth.send();
}
catch (err) {
console.log(err);
}
}
You need to add headers to the XHR request manually.
xml.setRequestHeader("Authorization", "Basic " + btoa(username + ":" + password))
Demo here: http://jsbin.com/inuhiv/2 (NOte, there is nothing to auth, however look at devtools and see the request has auth header)
Related
I am building a frontend and backend application.
Using If none match header in the request, my server is returning 304 status but chrome always shows 200 status.
Same implementation works well with Firefox and IE.
All the headers are placed properly
I have added cache-control to max-age 0 and always revalidate.
However chrome is successfully showing the cached data but why I don't see 304 status in the network
Below are the images from chrome and Firefox network panel
Image from chrome
Image from Firefox
My backend is built in .net core and I have used action filter attribute to return ETag and 304 status, below is the code
public override async Task OnActionExecutionAsync(ActionExecutingContext context, ActionExecutionDelegate next){ var isRequestMethodGet = context.HttpContext.Request.Method == "GET";
bool isModified = false;
string authToken = "";
var path = context.HttpContext.Request.Path.ToString() + context.HttpContext.Request.QueryString.ToString();
if (context.HttpContext.Request.Headers.ContainsKey("Authorization"))
{
authToken = context.HttpContext.Request.Headers["Authorization"];
}
var etag = GetETag(path, authToken);
if (isRequestMethodGet)
{
var myId = context.HttpContext.Request.Headers["myId"].ToString();
var value = await distributedCacheRepository.GetCachedItem($"{redisPrefix}-{myId}");
if (value != null)
{
if (context.HttpContext.Request.Headers.Keys.Contains("If-None-Match") && context.HttpContext.Request.Headers["If-None-Match"].ToString() == etag)
{
isModified = true;
context.HttpContext.Response.StatusCode = 304;
context.Result = new StatusCodeResult((int)HttpStatusCode.NotModified);
}
}
else
{
await distributedCacheRepository.InsertKeyValueAsync($"{redisPrefix}-{myId}", myId);
}
}
if(!isRequestMethodGet || !isModified)
{
await next();
}
context.HttpContext.Response.Headers.Add("cache-control", new[] { "no-transform", "must-revalidate", "max-age=0" });
context.HttpContext.Response.Headers.Add("vary", new[] { "Accept", "Accept-Encoding", "Authorization", "Cookie" });
context.HttpContext.Response.Headers.Add("ETag", new[] { etag }); }
Are you sending request to a different port/domain ? I had same issue as you did, server returns 304 (checked via postman) but chrome shows as 200.
Here's how I found out why:
In my swagger doc, 304 is returned (request sent from localhost:8083 to localhost:8083)
In my application, same request but 200 is returned (request sent from localhost:4300 to localhost:8083)
So I proxy my application request to same domain (request sent from localhost:4300 to localhost:4300 then proxy to localhost:8083)
I get 304 as expected
I need to fetch the client local IP address from a web application.
For which I am using a standard RTCPeerConnection implementation to fetch. But the ice candidate that is returned does not carry the IP V4 address, but an address that look like a guid: asdf-xxxx-saass-xxxx.local
But surprisingly this chrome extension is able to fetch the same on same machine and browser.
Note: code that I used in web application is same as of the extension
This is the html code for same:
<html>
<head>
<script type="text/javascript" src="https://code.jquery.com/jquery-1.11.1.js"></script>
<script type="text/javascript">
function logit(msg) {
var dt = new Date(); var time = dt.getHours() + ":" + dt.getMinutes() + ":"
+ dt.getSeconds();
console.log(time + " " + msg);
};
function getChromeVersion() {
try {
var raw = navigator.userAgent.match(/Chrom(e|ium)\/([0-9]+)\./);
return raw ? parseInt(raw[2], 10) : false;
} catch (e) {
return null;
}
}
function getChromeManifest() {
return chrome.runtime && typeof chrome.runtime === "function" ? chrome.runtime.getManifest() : {}
}
function getUserIP(callback) {
logit(" getting user local ip ")
getLocalIPs(function (ips) {
logit(" got user local ip : " + ips)
if (ips && ips.length) return callback(ips[0]);
logit(" getting user local ip with stun ")
getLocalIPs(function (ips) {
logit(" got user local ip with stun : " + ips)
if (ips && ips.length) return callback(ips[0])
logit(" cannot get user local ip, returning null ")
callback(null)
}, true, 2000)
})
}
function getLocalIPs(callback, withStun, timeout) {
var ips = [];
var RTCPeerConnection = window.RTCPeerConnection ||
window.webkitRTCPeerConnection || window.mozRTCPeerConnection;
var pc = new RTCPeerConnection({
// Don't specify any stun/turn servers, otherwise you will
// also find your public IP addresses.
// iceServers: [],
iceServers: withStun ? [{ urls: "stun:stun.services.mozilla.com" }] : []
});
var closeAndCallback = function () {
clearTimeout(waitTimeout)
try {
if (pc && pc.close) {
pc.close();
}
} catch (e) { console.log("exception while closing pc, err: %s", err) }
callback(ips);
}
var waitTimeout = timeout ? setTimeout(closeAndCallback, timeout) : null;
// Add a media line, this is needed to activate candidate gathering.
pc.createDataChannel('');
// onicecandidate is triggered whenever a candidate has been found.
pc.onicecandidate = function (e) {
console.log(e)
if (!e.candidate) { // Candidate gathering completed.
pc.close();
closeAndCallback();
return;
}
var ip = /^candidate:.+ (\S+) \d+ typ/.exec(e.candidate.candidate)[1];
if (ips.indexOf(ip) == -1) // avoid duplicate entries (tcp/udp)
ips.push(ip);
};
pc.createOffer(function (sdp) {
pc.setLocalDescription(sdp);
}, function onerror() { });
};
function callThirdParty(server, name) {
var api = server;
logit("Connecting " + server + " ...");
$.ajax({
type: "GET",
url: api,
success: function (data) {
if (data && data['ip']) {
logit("Public IP: " + data['ip']);
}
}, error:
function (request, status, error) {
logit('Response: ' + request.responseText);
logit(' Error: ' + error);
logit(' Status: ' + status);
},
complete: function (data) {
logit(' API Finished: ' + name + " Server!");
}
});
}
document.addEventListener('DOMContentLoaded', function () {
getUserIP(function (ip) { //
ipaddress = ip;
$('#ip2').html(ipaddress);
var manifest = getChromeManifest();
logit(manifest.name);
logit("Version: " + manifest.version);
logit("Chrome Version: " + getChromeVersion());
callThirdParty("https://api.ipify.org?format=json", "ipify.org");
}, 100);
}, false);
</script>
</head>
<p>Public IPs</p>
<div id="ip"></div>
<p>Local IP</p>
<div id="ip2"></div>
<p>Logs</p>
<div id="log"></div>
<div id="log1"></div>
<div id="log2"></div>
</html>
TL;DR
It looks like local addresses are/will be anonymized using mDNS and default setting for the flag would be gradually set to Enabled for all Chrome users.
For local development take a look here (set to Disable): chrome://flags/#enable-webrtc-hide-local-ips-with-mdns
Unless someone finds out some clever hack for it, you probably won't be able to revert the change for users of your webapp.
That guid is actually mDNS address. Quick search in newest WebRTC bugs in Chromium https://bugs.chromium.org/p/chromium/issues/list?can=2&q=component%3ABlink%3EWebRTC+
revealed few interesting entries, and there are few StackOverflow questions regarding anonymization not working (like this one: mDNS Support for WebRTC at Google Chrome M74).
Right now I see the effect in Chrome 75 on few computers with Windows 10 - some sites which previously were able to detect local IP flawlessly (http://net.ipcalf.com, https://ipleak.net, https://browserleaks.com/webrtc) now don't display it or show mDNS url instead.
As a sidenote: after enabling the mDNS flag, the extension you've linked wasn't able to detect my exact local IP. Instead, it showed few candidates from /24 address group. Even then, the extension could be privileged in some way, so it wouldn't be affected so much by mDNS anonymization.
EDIT (Mar 2020): it looks like Firefox could be anonymizing local IPs as well.
As of March 2020, there are two settings in about:config page:
media.peerconnection.ice.obfuscate_host_addresses - when set to true, it changes local IP to {uuid}.local
media.peerconnection.ice.obfuscate_host_addresses.whitelist - string with URLs, which are able to retrieve real IP, even with obfuscation enabled
I've checked Firefox 73 and Developer Edition 74 (without any extension that could have changed the setting), first had obfuscate_host_addresses set to false, while dev edition had it enabled.
EDIT (Oct 2020): since Chrome 86 the mDNS setting is enabled and cannot be disabled via chrome://flags anymore (there is no such option available).
Can some explain why the the http.request end function is running before any data is actually retrieved? And how would I debug this any further? Should I be checking an http status?
This is going to work with Google Home app, but I took that code out and getting same error running locally. The http.request is from what a teacher provided in a class.
You can paste: people/?search=Luke%20Skywalker
into http://swapi.com (SW = StarWars API) to see the expected result.
'use strict';
/*eslint no-undef: "error"*/
/*eslint-env node*/
/*eslint-disable no-console */
let http = require('http');
let starWarsAPI = `www.swapi.co`;
//function to get details of the Star Wars Characters
//exports.handler = function(event, context, callback) {
//console.log("event=" + JSON.stringify(event));
//console.log("context=" + JSON.stringify(context));
//let characterName = event.result.parameters.StarWarsCharacter;
let characterName = "Luke Skywalker";
console.log("**** characterName=" + characterName);
let options = searchPeopleRequestOptions(characterName);
console.log("options=" + JSON.stringify(options));
makeRequest(options, function( data, error) {
console.log(" Processing data.results");
let person = data.results[0];
if (person) {
let height = person.height;
let mass = person.mass;
let response = person.name + " is " + height + " centimeters tall, weighs " + mass + " kilograms";
console.log("**** response=" + response);
//callback(null, {"speech": response});
}
else {
console.log ("No person found");
//callback(null, {"speech": "I'm not sure that character exists!"});
}
});
//};
console.log("The end");
//create a function to read first and last names from the API.
function searchPeopleRequestOptions(argCharacterName) {
var pathValue = `/api/people/?search=`+
encodeURIComponent(argCharacterName);
return {
host: starWarsAPI,
path: pathValue
};
}
function makeRequest(options, callback) {
var responseString = "";
var request = http.request(options,
function(response) {
response.on('data', function(data) {
responseString += data;
console.log("responseString=" + responseString);
});
response.on('end', function() {
console.log("end: responseString=" + responseString);
// dies on next line because responseString is empty
var responseJSON = JSON.parse(responseString);
callback(responseJSON, null);
});
response.on('error', function (error) {
console.log('\n Error received: ' + error);
});
});
request.end();
}
This is what I see when I run it:
E:\GitHub\NealWalters\GoogleHomeTest
λ node indexTest.js
**** characterName=Luke Skywalker
options={"host":"www.swapi.co","path":"/api/people/?search=Luke%20Skywalker"}
The end
end: responseString=
undefined:1
I'm not sure what's writing out the "undefined: 1" line.
If you look at the server's response status code, it will be 301: Moved Permanently.
And value of location field of response is:
https://swapi.co/api/people/?search=Luke%20Skywalker
instead
http://swapi.co/api/people/?search=Luke%20Skywalker
As we can see, the protocol changed from http to https.
The problem is that the http client supplied with the node.js does not support redirection for permanently changed URL.
So, you can use https module instead http (just change the require('https')).
Or use packages that support redirection. For example axios or request.
I need to display hello world using servlet program in browser by Ajax call but on clicking button I am not to display it what could be reason of this error:
Uncaught NetworkError: Failed to execute 'send' on 'XMLHttpRequest': Failed to load 'file:///D:/workspace/Poc_Ajax/WebContent/WEB-INF/HelloWorld'.
<!DOCTYPE html>
<html>
<head>
<script>
function getXMLHttpRequest() {
var xmlHttpReq = false;
// to create XMLHttpRequest object in non-Microsoft browsers
if (window.XMLHttpRequest) {
xmlHttpReq = new XMLHttpRequest();
} else if (window.ActiveXObject) {
try {
// to create XMLHttpRequest object in later versions
// of Internet Explorer
xmlHttpReq = new ActiveXObject("Msxml2.XMLHTTP");
} catch (exp1) {
try {
// to create XMLHttpRequest object in older versions
// of Internet Explorer
xmlHttpReq = new ActiveXObject("Microsoft.XMLHTTP");
} catch (exp2) {
xmlHttpReq = false;
}
}
}
return xmlHttpReq;
}
/*
* AJAX call starts with this function
*/
function makeRequest() {
var xmlHttpRequest = getXMLHttpRequest();
xmlHttpRequest.onreadystatechange = getReadyStateHandler(xmlHttpRequest);
xmlHttpRequest.open("POST", "HelloWorld", true);
xmlHttpRequest.setRequestHeader("Content-Type",
"application/x-www-form-urlencoded");
xmlHttpRequest.send();
}
/*
* Returns a function that waits for the state change in XMLHttpRequest
*/
function getReadyStateHandler(xmlHttpRequest) {
// an anonymous function returned
// it listens to the XMLHttpRequest instance
return function() {
if (xmlHttpRequest.readyState == 4) {
if (xmlHttpRequest.status == 200) {
document.getElementById("hello").innerHTML = xmlHttpRequest.responseText;
} else {
alert("HTTP error " + xmlHttpRequest.status + ": " + xmlHttpRequest.statusText);
}
}
};
}
</script>
</head>
<body>
<div>Getting Started with AJAX using JAVA: Hello World!</div>
<div id="hello"><button type="button" onclick="makeRequest()">Say Hello!</button></div>
</body>
</html>
To run a servlet program you need to make an HTTP request to a web server that is configured to execute the servlet.
Your Ajax URL (as displayed in the error message) starts with file:// so you are trying to deal with a local file instead of a webserver.
Install a webserver (such as Tomcat). Load your HTML document from it. Make sure that "HelloWorld" is a relative URI from that HTML document to the servlet URL.
Am trying to post json data to the server. am using visual studio 2012 RC and windowsazure for hosting the web application . On posting am getting the following errors :
OPTIONS http://*.azurewebsites.net/api/Child 405 (Method Not Allowed) jquery-1.7.1.js:8102
XMLHttpRequest cannot load http://*.azurewebsites.net/api/Child. Origin null is not allowed by Access-Control-Allow-Origin.
My client side code is :
function PostChild() {
var Chld = {};
Chld.Child_FirstName = $("#Child_FirstName").val();
Chld.Child_LastName = $("#Child_LastName").val();
Chld.Child_Age = $("#Child_Age").val();
var createurl = "http://*.azurewebsites.net/api/Child";
$.ajax({
type: "POST",
url: createurl,
contentType: "application/json; charset=utf-8",
data: JSON.stringify(Chld),
statusCode: {
200: function () {
$("#txtmsg").val("done");
alert('Success');
}
},
error:
function (res) {
alert('Error');
$("#txtmsg").val("error" + " "
+ res.status + " " + res.statusText);
}
});
}
My server side code is :
public HttpResponseMessage PostChild(Child child)
{
if (ModelState.IsValid)
{
db.Children.Add(child);
db.SaveChanges();
HttpResponseMessage response = Request.CreateResponse(HttpStatusCode.Created, child);
response.Headers.Location = new Uri(Url.Link("DefaultApi", new { id = child.ChildID }));
return response;
}
else
{
return Request.CreateResponse(HttpStatusCode.BadRequest);
}
}
Help me please
Thanks,
The errors was due to CORS (Cross Origin Resource sharing). By default, a web page cannot make calls to services (APIs) on a domain other than the one where the page came from. This is a security measure to avoid cross-site forgery attacks and all.
To solve it follow this tutorial:
http://blogs.msdn.com/b/carlosfigueira/archive/2012/02/20/implementing-cors-support-in-asp-net-web-apis.aspx