I developed my own custom web server for a robot I built (video), without really knowing the intricacies of HTTP. One issue I am running into is I send a request from a browser, say, http://192.168.2.10/r?cmd=doStuff and the robot responds. Then I send the same request again from the browser (by clicking on a bookmark I saved), and the request never goes out, it just shows the response from the previous request.
Here is what comes from the browser (IE8 in particular):
GET /r?cmd=s HTTP/1.1
Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml+xml, image/pjpeg, application/x-ms-xbap, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
Accept-Language: en-US
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; Tablet PC 2.0; InfoPath.2; .NET4.0C; .NET4.0E; Zune 4.7)
Accept-Encoding: gzip, deflate
Host: 192.168.2.10
Connection: Keep-Alive
The robot responds with the following:
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: The Little Robot That Could 1.0
Date: Thu, 01 Jan 2009 00:05:00 GMT
Content-Length: 4
X-Powered-By: Little Robot HTTP Server
Do I need to throw some other HTTP header into the mix to prevent the browser from caching the response?
Yes, you need cache-control header.
Cache-Control: no-cache;max-age=0
I would try throwing in a Pragma: no-cache. Should work on any modern browser.
http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html
Well.
The real problem here is using GET for "do something".
Related
I have a compressed resource that when viewed in IE, loads from the cache as expected. However when my application loads the same URL, Wininet ignores the cache and always downloads the content from the server. With dynamic content compression disabled on IIS, my application behaves the same as IE (the HTTP GET includes an If-None-Match header.)
What can I do to get my app behave the same as IE?
_httpClient = new HttpClient(new WebRequestHandler
{
CachePolicy = new HttpRequestCachePolicy(HttpRequestCacheLevel.Default),
AutomaticDecompression = DecompressionMethods.Deflate | DecompressionMethods.GZip
});
using (Task<HttpResponseMessage> tget = _httpClient.GetAsync(uri, HttpCompletionOption.ResponseHeadersRead, _cancel))
{
tget.Wait();
response = tget.Result;
}
The HTTP headers for my application's GET:
GET https://beautykiosktest.coinstar.com/conductor/configuration/files/Promos.xml?kioskid=ENG20130027 HTTP/1.1
Accept: */*
Accept-Language: en-US
User-Agent: ConfigurationService/2.3.0.0
Host: beautykiosktest.coinstar.com
Accept-Encoding: gzip, deflate
HTTP/1.1 200 OK
Cache-Control: max-age=30
Transfer-Encoding: chunked
Content-Type: application/xml; charset=utf-8
Content-Encoding: gzip
ETag: "cHmrX5Fp2Z+ETV/qIXiS2A=="
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Tue, 17 Mar 2015 00:39:18 GMT
IE's GET with a 304 response is what I expect
GET https://beautykiosktest.coinstar.com/conductor/configuration/files/Promos.xml?kioskid=ENG20130027 HTTP/1.1
Accept: image/jpeg, image/gif, image/pjpeg, application/x-ms-application, application/xaml+xml, application/x-ms-xbap, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
Accept-Language: en-US
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; InfoPath.3; .NET4.0C; .NET4.0E; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET CLR 1.1.4322)
Accept-Encoding: gzip, deflate
Host: beautykiosktest.coinstar.com
If-None-Match: "cHmrX5Fp2Z+ETV/qIXiS2A=="
DNT: 1
Connection: Keep-Alive
HTTP/1.1 304 Not Modified
Cache-Control: max-age=30
ETag: "cHmrX5Fp2Z+ETV/qIXiS2A=="
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Tue, 17 Mar 2015 00:42:13 GMT
I ended up filing a ticket with Microsoft to resolve this and found out that there is a bug in .NET 4 which causes this. The problem is that a cache entry populated from a response with a Vary header doesn't get matched properly on the next GET because even though the AutomaticDecompression property is set, .NET hasn't added the Accept-Encoding header into the request before doing a WinINET cache test.
The workaround/fix is to add an "Accept-Encoding" default header to the HttpClient instance before using it.
_httpClient.DefaultRequestHeaders.Add("Accept-Encoding", "gzip, deflate");
We have a WinJS apps that shows a web site inside a WebView control, the WebPage loads fine however every ajax call fails with 0x80070005 Access is denied error. We tried adding "Internet (Client)", "Internet (Client/Server)" and "Private Networks" capabilities to the app without success.
The calls use CORS to allow calling multiple domains, the site is working fine on every desktop browser, even on IE inside Modern environment. However, when the site is running inside the WebView control, only the preflight request runs, despite the server being responding with status code 200, the real request is never being sent.
We can see this using Fiddler, here is the preflight request:
OPTIONS /Queries/QueryContentAreas/GetAvaliableContentAreas HTTP/1.1
Accept: */*
Origin: https://myapp.demo.es
Access-Control-Request-Method: GET
Access-Control-Request-Headers: accept, authorization
UA-CPU: AMD64
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; MSAppHost/2.0; rv:11.0) like Gecko
Host: myappapi.demo.es
Content-Length: 0
Connection: Keep-Alive
Cache-Control: no-cache
And here is the server's response:
HTTP/1.1 200 OK
Server: Microsoft-IIS/8.0
Access-Control-Allow-Origin: https://myapp.demo.es
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: authorization
X-Powered-By: ASP.NET
Date: Thu, 29 May 2014 16:32:56 GMT
Content-Length: 0
In Visual Studio this access denied error appears:
SCRIPT7002: XMLHttpRequest: Error de red 0x80070005, Acceso denegado.
File: demo
Not sure if you ever figured this out or not, but I'm running into something similar.
Based on Features and restrictions by context (HTML) it seems like since the app is inside the web context (because it's in a WebView) cross-domain XHR requests are not allowed.
In my application I needed to make periodic cross-domain HTTP POST requests to receive up-to-date data from a server (periodic polling). The application was not working in IE8 while it was in Chrome. So I decided to debug this with Wireshark:
I executed 2 equivalent codes in IE8 and Chrome. I monitored my network with Wireshark.
The wireshark filter is:
http.request.full_uri == "http://www.andlabs.net/html5/uCOR.php"
I noticed that IE8 only sends the request once and returns the same cached response for the following invocations. Chrome, on the other hand, sends a new request each time.
The code I used for IE8:
var cor = new XDomainRequest();
cor.onload = function() { alert(cor.responseText);}
cor.open('POST', 'http://www.andlabs.net/html5/uCOR.php');
cor.send();
The code I used for Chrome:
var cor = new XMLHttpRequest();
cor.onload = function() { alert(cor.responseText);}
cor.open('POST', 'http://www.andlabs.net/html5/uCOR.php');
cor.send();
In order to prevent cached response in IE8 I tried the following code and it worked:
var cor = new XDomainRequest();
cor.onload = function() { alert(cor.responseText);}
cor.open('POST', 'http://www.andlabs.net/html5/uCOR.php');
cor.send(''+new Date());
Why does IE8 behave this way and is there any way to solve this in a different way than what I did? Notice that I cannot use the same trick for GET requests.
By the way the request and the response for IE are as follows:
request:
POST /html5/uCOR.php HTTP/1.1
Accept: */*
Origin: http://jsbin.com
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C)
Host: www.andlabs.net
Content-Length: 0
Connection: Keep-Alive
Cache-Control: no-cache
response:
HTTP/1.1 200 OK
Content-Type: text/html
Server: Microsoft-IIS/7.0
Access-Control-Allow-Origin: *
X-Powered-By: ASP.NET
Date: Tue, 17 Jan 2012 21:41:39 GMT
Content-Length: 180
This is a page from www.andlabs.net which is accessible from any website through Cross Origin Requests<br>This page contains the following header:<br>Access-Control-Allow-Origin: *
It looks like there aren't any caching headers on the response, so browsers may behave differently. Can you add the following header to the response: Cache-Control: no-cache
I want to monitor all the http request send from my chrome browser, and collect all the http request to another server.
I have read This question and These examples, but I don't know how to get the content of the request.
For example, when I browse google.com in my chrome browser with this chrome extension, this extension will send the following the another server which will collect it:
GET http://www.google.com/ HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: zh-CN
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.2)
Accept-Encoding: gzip, deflate
Proxy-Connection: Keep-Alive
Host: www.google.com
Pragma: no-cache
Cookie: blabla...
I can not find how to get the content of all the requests from here, is that possible?
Sorry, it's not possible at the moment. All you can get is headers.
I want one external page to be embedded in my pages via IFRAME.
Take an example:
My page contents:
<html>
<body>
<iframe style="height: 593px; width: 100%;" src="http://xxx.com/test/" name="urlPx2473258" id="urlPx_2473258"></iframe>
</body>
</html>
It's in the captured HTTP packets as follows:
Request===>
`GET http://xxx.com/ HTTP/1.1
Accept: image/gif, image/jpeg, image/pjpeg, image/pjpeg, application/xaml+xml, application/vnd.ms-xpsdocument, application/x-ms-xbap, application/x-ms-application, */*
Referer: https://plmtest2.apple.com/Agile/PLMServlet?module=LoginHandler&opcode=forwardToMainMenu
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.2; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.04506.648; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
Accept-Encoding: gzip, deflate
Host: wikiserver.apple.com
Connection: Keep-Alive
Response===>
HTTP/1.1 200 OK
Date: Wed, 14 Sep 2011 22:14:30 GMT
Server: Twisted/8.2.0 TwistedWeb/8.2.0
Content-Length: 15626
Accept-Ranges: bytes
Cache-Control: no-cache, no-store, must-revalidate, max-age=0, max-age=60
Content-Type: text/html;charset=utf-8
Expires: Wed, 14 Sep 2011 22:15:28 GMT
MS-Author-Via: DAV
X-Frame-Options: SameOrigin
X-UA-Compatible: IE=EmulateIE7
Connection: close`
As can be seen, the value is set to "SameOrigin". However, the origin is app server and the frame content is from Wiki server. Therefore, the content cannot be displayed.
I can not make any changes for external page (out of my control). Is any idea I can archive this?
The whole purpose of X-Frame-Options is to prevent other, potentially malicious web sites from doing exactly what you're trying to do. You'll need to find some way to turn it off at the source.