In Java I am able to specify http header using
client = new DefaultHttpClient();
HttpGet get = new HttpGet(url);
get.addHeader(key, value);
Now I need to create an html form, how do I pass the same data information?
You cannot, with pure HTML, cause the user's browser to send a particular header (other than Post-Data and so on).
If you need to send HTTP headers you'll have to use a Javascript XMLHTTPRequest or other dynamic device. See this SO question.
Related
What I am trying to do is that I have a set of three websites hosted on three different clients(A,B,C). One of the website(That is B) carries information about the headers and footers of the site A. I want to get information from the SITE B in a JSON response of HTML to display the Navigation on the SITE A and SITE C.
My understating is that to get the response is JSON and save that information in the cache file to generate HTML.
Is my understanding correct? How can I achieve this? Is there a better way to do this?
Basically, if you want to cache JSON result from your controller's action, you can use OutputCache attribute :
[OutputCache(Duration = 10)] //Duration is in seconds
public ActionResult GetMyJsonData() {
var myData = new Data();
return Json(data);
}
You can apply the same attribute on your action that returns the HTML.
This question is about HTTP Request headers -- not HTTP Response headers.
Is there any way to programmatically make User Agents add or change any HTTP Request Header e.g. by means of HTML, JavaScript, for links or resources from a web page. There exists some HTTP Request Headers that one would think should be able to be controlled programmatically, for example max-stale.
(One could for example imagine that some optional attribute for HTML-elements <a>, <link>, <img> <script> etc, could exist that would cause the User Agent to add/change a HTTP request header in its request to the server, but I have not found such an attribute. Similarly, one could think that there should exist some mechanism to control HTTP Request Headers when AJAX is used.)
Turning around the question ...: Why does the HTTP Request Header max-stale exist at all if it cannot be controlled?
Thanks!
The XMLHTTPResponse setRequestHeader() method can be used to set HTTP request headers for an AJAX request. Various JavaScript libraries expose this function in different ways. For example, with jQuery.ajax() you would set the headers property of the settings parameter.
There are some ways in which you can affect request headers in html, e.g. via a form's enctype attribute. I do not believe there is any way to actually specify the actual header values in html.
For Ajax you can specify request headers, though the browser will block certain headers from being set, I doubt max-stale is one of them.
Also not only browsers make http request, there are a whole host of applications that do and any of them could easily set the max-stale header if they wanted.
Hi I'm new to restfulyii
I'm having a problem with the json response a tag is being prepended
Refer to the code below
(just assume that there are '<>' for the link tag)
<link rel="stylesheet" type="text/css" href="/assets/e5ba1689/srbac.css" />{"success":true,"message":"Record(s) Found","data":{"totalCount":1,"share":[{"id":"0","elementid":"1","type":"video","suid":"1","duid":"5","permissions":"superuser"}]}}
this coming from api/ under GET method and same with other rest verbs
I can't parse my JSON data because of the prepended line.
Please help..
reference:
localhost/api/ - method: GET/POST/PUT/DELETE
Everything is working fine with restful yii except that json response format...
Thanks in advance!
Ohmel Paguirigan
The problem seams to be that YII is not recognizing that your request is an actual Ajax request.
Search in srbac/components/Helper.php for:
if (!Yii::app()->request->isAjaxRequest){
Yii::app()->clientScript->registerCssFile($cssFile);
}
You will notice that SRBAC is checking if your request is an actual Ajax request.
Yoshi on the Yii Forms says that:
yii checks if there is a X-Requested-With HTTP header set (which
should result in an $_SERVER['HTTP_X_REQUESTED_WITH'] server variable)
and whether it contains the string 'XMLHttpRequest'. But this is a
custom header set by most javascript libraries (and so does jQuery).
There are e.g. some proxies which drop these custom headers (mainly
for security reasons) and therefore your application can't recognize
whether it's an ajax request or not. It's not 100% reliable.
Therefore, you must make sure that your javascript library is injecting this Header.
To do this in Javascript, in your app.run
add the following:
$http.defaults.headers.common['X-Requested-With'] = 'XMLHttpRequest';
Then, all of y our http requests in angular will send the header yii needs to discern that an AjaxRequest is being sent!
Hope this helps!
I have the following form:
<form method="post" action="http://domain.com/api.json?param=value"></form>
On submission of this form, this will replace my document with a response from http://domain.com/api.json.
Is it possible to POST this form, but prevent receiving a response, and keep the existing HTML with the form?
Send an HTTP 204 No Content response instead of the usual 200 OK response.
10.2.5 204 No Content
The server has fulfilled the request but does not need to return an
entity-body, and might want to return updated metainformation. The
response MAY include new or updated metainformation in the form of
entity-headers, which if present SHOULD be associated with the
requested variant.
If the client is a user agent, it SHOULD NOT change its document view
from that which caused the request to be sent. This response is
primarily intended to allow input for actions to take place without
causing a change to the user agent's active document view, although
any new or updated metainformation SHOULD be applied to the document
currently in the user agent's active view.
The 204 response MUST NOT include a message-body, and thus is always
terminated by the first empty line after the header fields.
You could just use AJAX (XMLHttpRequest in this example) to submit the post
var xmlhttp = new XMLHttpRequest();
xmlhttp.open("POST", "http://domain.com/api.json?param=value", true);
xmlhttp.send(null);
Before hand, if you need. You can grab your param value and encode it:
var val = encodeURIComponent(document.getElementById("param").value);
then the second line would be more like:
xmlhttp.open("POST", "http://domain.com/api.json?param="+val, true);
Otherwise, any sort of submitting from a form will load a page. A hack would be to put it in a iframe thats hidden, and just delete the iframe when done.
I would like to display the image from a network camera on my web page, but the image is behind a HTTP basic authentication server.
In Firefox and Chrome I can do this:
<img width="320" height="200" src="http://username:password#server/Path" />
But in Internet Explorer 8, I get an empty image box. If I use JQuery to set the src attribute, IE8 displays a blank src. It looks like IE8 is checking the string and rejecting it.
Is there a way to put the basic authentication credentials in the img tag?
Bottom line: Not all browsers allow this. It may work in some but not others.
But as someone else has said already, it's not very safe -- you're effectively giving the login and password details to anyone who browses the page. Not good.
A better option would be proxy it through the same server that you're providing the html code from, then the href in the <img> tag could just be a local URL, and no-one need know where the image is actually coming from.
You can load your img with AJAX, using XMLHttpRequest. As you might know, XMLHttpRequest has a setRequestHeaders method, so you will be able to manipulate headers for your request, hence, you will be able to do basic HTTP authentication.
Best way is to create a login page, then setup port forwarding on your router to display the camera. Does the camera come with web software?
See http://support.microsoft.com/kb/834489 and http://msdn.microsoft.com/en-us/library/ie/ee330735(v=vs.85).aspx#login_creds_urls
Long story short, usernames/passwords are not formally supported under the HTTP/HTTPS protocol schemes and due to their use in phishing attacks, they were disabled in IE6 on XPSP2. Support can be manually re-enabled by the user using a registry override (FEATURE_HTTP_USERNAME_PASSWORD_DISABLE) but this is not recommended.
Try http proxy.
On server side, enable tinyProxy, create ReversePath to
basic authentication server in configuration like:
AddHeader "Authorization" "Basic dXNlcjpwYXNz"
ReversePath "/foo/" "http://somewhere:3480/foo/"
dXNlcjpwYXNz is base64 encoded string from user:pass
Enable reverse proxy in Apache or NGINX to tinyProxy path http://localhot:8888/foo/
Img Source accessable from local server instead of old way deprecated, without http auth pop-up or CORS error.
http://user:pass#somewhere:3480/foo/DEST.jpg
ajax add http header works!
pictureUrl = "https://somewhere/file.jpg";
var oReq = new XMLHttpRequest();
oReq.open("GET", pictureUrl, true);
oReq.setRequestHeader("Authorization", "Basic " + btoa("UserName"+":"+"Password"));
// use multiple setRequestHeader calls to set multiple values
oReq.responseType = "arraybuffer";
oReq.onload = function (oEvent) {
var arrayBuffer = oReq.response; // Note: not oReq.responseText
if (arrayBuffer) {
var u8 = new Uint8Array(arrayBuffer);
var b64encoded = btoa(String.fromCharCode.apply(null, u8));
var mimetype="image/jpeg"; // or whatever your image mime type is
document.getElementById("iOdata").src="data:"+mimetype+";base64,"+b64encoded;
}
};
oReq.send(null);