Is there a way to fake POST requests in Chrome?
So far the best Ive seen is the extension called Postman which I think is BRILLIANT except for 1 detail that is critical. It doesnt download the other resources like CSS stylesheets and images.
What other tool I could use?
Try use Postman as a Google Chrome App
https://chrome.google.com/webstore/detail/postman/fhbjgbiflinjbdggehcddcbncdddomop
(P.S. from How do I manually fire HTTP POST requests with Firefox or Chrome?)
Related
I'm developing a ionic app and I need to make some CORS requests for dev purpose.
I use chrome v49 with -disable-web-security. I also use an .htcacces to allow OPTIONS request.
But i still get an error 405.
Chrome header sum'up
Try adding the chrome Extension Allow-Control-Allow-Origin: * from chrome webstore , enable
cross-origin resource sharing
from its option, then reload the page
Thanks for your answer. We already tried that but it did not succeed either.
The problem was server side. We used symphony witch refuse everything with is rly strict policy. To solve this we used NelmioCorsBundle.
Is is possible, on the client side, to manipulate the HTML sent from a site when you are not the owner of the site, and have no access to the code?
Yes. There are many ways.
HTTP proxies such as Fiddler or Burp can break on all requests and then manipulate the response before it reaches the browser.
Video explaining how this is done in Fiddler.
There are also several browser plugins like Tampermonkey (Chrome) and Greasemonkey (Firefox) that allow you to execute custom JavaScript on page load automatically.
There are built-in DOM manipulation extensions for all browsers, like this one :
https://addons.mozilla.org/en-US/firefox/addon/greasemonkey/
We developed new file action for our web-app, it works fine when using chrome or Firefox but on IE we have problems, when trying to understand the issues we noticed that when the message goes to our web-app it doesn't send any cookies including the session cookie although the web-app sends set-cookie header.
why is it happens?
OK, we found the problem, apparently when using iframes in IE cookies are blocked as IE refers to Iframes as third party app, to unblock cookies we should to add privacy policy to the headers using P3P header.
good place to read about is - Cookie blocked/not saved in IFRAME in Internet Explorer.
This sounds like a possible bug on our end. Can you email us at API AT box.com with specific information about the request that's being sent as well as which version of IE you're using?
I want to get the same results that Google Chrome get on his Network functionality Network Google Chrome. I found this, but i'm not sure if it works and how to use it. Basically i want to use that information to made a google chrome extension.
Any idea?
I think the chrome.devtools.network API would be better suited for your use.
I've switched my Facebook page to pull an iframe as a result of Facebook's recent announcement that they were supporting iframes in pages. Since you need to host the iframe page outside of Facebook, I figured it would be nice to do using Cloudfront to host the files (an HTML page, a CSS stylesheet and a jpg image). Unfortunately, despite setting the permissions on the Cloudfront files to 744, the iframe page loads correctly in a browser, but when called from Facebook, I get this error message.
When I host the same files on my Media Temple server, the iframe on the actual Facebook page also loads correctly.
Is there a reason why Facebook and Cloudfront don't play together? I haven't been able to find one so far.
Unfortunately Facebook loads the iframe page using an HTTP POST, not an HTTP GET and is not compatible since Amazon has a REST interface and properly uses POST to upload/modify content.
Best,
David Bullock
I ran into this problem today and it caused some headscratching. As David Bullock points out the problem is that Facebook loads the HTML page via a POST request but S3 (and thus by extension CloudFront) won't serve resources in response to this (it returns 405 Method Not Allowed).
You can host your CSS, scripts and images on S3 / CloudFront, but the initial HTML page has to be on some other server. If you're concerned about load or latency from across the globe then you could try implementing a tiny redirector that forwards the Facebook POST request to the CloudFront-cached location (you'll have to return 303 See Other to do this redirection so the browser makes a GET request instead: see RFC 2616).
There is a shockingly easy workaround to the fact that AWS rejects POST requests and the fact that Facebook requires page tabs to be hosted via HTTPS: just redirect the request through https://bit.ly/….
Yes, it's really that easy.
Host the HTML page wherever you like. HTTP is fine.
Create a bit.ly-shortened URL to the page.
Use it—substituting https:// for http://—as the "Secure Page Tab
URL" as you create your Facebook Page Tab.
Activate the tab using this highly-undocumented dialog URL: https://www.facebook.com/dialog/pagetab?app_id=app_id&redirect_uri=bitly_url
Boom: done.
OK, it can be done: but you need to host the images on Cloudfront and the rest of the content on S3. Amazon provides a set of clear instructions on how to this. Issue solved.
Use Cloudfront to trap the 405 error and serve your html as the "Custom Error Response" page to the desired index page
Updated:
This was down voted, however I'm going to help lots of Facebook developers with the following. The final Issue that we had with hosting a facebook application on S3 was with CORS. We fixed the 405's by doing a "Custom Error Response" See this link for details:
http://blog.celingest.com/en/2014/10/02/tutorial-using-cors-with-cloudfront-and-s3/