Authorization header in a GET request in ActionScript? - actionscript-3

It seems impossible to accomplish a GET request that requires HTTP Authentication in ActionScript?

ya unfortunately for us all you can not use the authorization header in the Flash player. I'm pretty sure AIR supports it, though that probably doesn't help you. There are lots more headers not allowed, these are listed in the documentation.
The solution is to run your request through a proxy (such as a php script) that executes your request and returns the response. Thus works quite well as your Flash application does not need to be aware of this extra step.
I hope that helps (cause it took forever to type on this phone!)

Related

SoundCloud /resolve API endpoint returns JSON instead of JSONP

Related to this question, Soundcloud recently started returning JSON at /resolve instead of JSONP as documented.
Here is a JSBin that demonstrates this issue. IT attempts to resolve a track URL, but the Soundcloud API returns JSON rather than JSONP.
https://jsbin.com/fixabomefe/edit?html,console
(The client ID used there is used in the test environment for an OSS Soundcloud library so it's safe to leak here).
Does anyone (preferably at Soundcloud) know what's going on with the resolve endpoint and jsonp?
Happy to switch to json, but some communication / context about why this change happened would be helpful.
This was due to a bug that made it into production in the last few days. We've just deployed a fix, and it looks like the JSBin is working again. Apologies for the inconvenience!

Is there some kind of http validator?

I am writing a web service in node, and testing it with Postman. I spent a long timing looking for an error. When I finally found it, it turned out to be a simple error formatting the response body, which is json.
If I leave off the final brace in the response body, Postman waits for two minutes, and then reports that it received everything, just fine.
If I leave off the closing quote in the last value in the json, Postman says the server didn't respond, perhaps I should check my security certificates.
I would much rather Postman said "Hey, Buddy, you left off a quote!"
If there some validation service I can talk to? Or a plugin in Postman?
Here there are some validation javascript libraries, you can use:
Validator provides a declarative way of validating javascript objects.
Express-validator acts as an express.js middleware for node-validator.
Meanwhile, Postman got API testing and Collection Runner that can help you through this; which you can write some pre-request script as well as test script for each request.
Also, they got Newman which is a command-line collection runner. It allows you to effortlessly run and test a Postman collection directly from the command-line. It is built with extensibility in mind so that you can easily integrate it with your continuous integration servers and build systems.
I found that Paw worked (https://paw.cloud/). And so far I haven't paid for it.
Where Postman said "check your security certificates," Paw said "we were expecting 376 bytes but you only sent us 312."
Cuts down my time solving the problem a lot!
I use Fiddler for this. It is very good at identifying (with an error message that pops up) problems and bad implementations of the HTTP protocol. Browse the web with it running, and within a few minutes you'll undoubtedly hit a poorly implemented server.
Postman won't be able to handle these cases since it's insulated from poor behavior by the browser's framework.
That's not your problem though.
When I finally found it, it turned out to be a simple error formatting the response body, which is json.
That has absolutely nothing to do with HTTP. HTTP doesn't know or care what your request/response bodies are.
The problem you face is that your API endpoint could be returning whatever it wants. You need a custom solution to your problem, as there is no standard API server in this case.
Most folks will run unit tests that hit common endpoints of your service to ensure they're alive and well.
I should also point out that it should be all but impossible for you to break the JSON response if you're doing it correctly. Sounds like you're serializing JSON manually... never do that, we have JSON serializers for this purpose. Send in an object and let it worry about building the JSON output for you. Otherwise, you'll waste a lot of time on problems like these.

Testing PUT methods on a RESTful web service

I have a simple RESTful web service and I wish to test the PUT method on a certain resource. I would like to do it in the most simple way using as few additional tools as possible.
For instance, testing the GET method of a resource is the peak of simplicity - just going to the resource URL in the browser. I understand that it is impossible to reach the same level of simplicity when testing a PUT method.
The following two assumptions should ease the task:
The request body is a json string prepared beforehand. Meaning, whatever is the solution to my problem it does not have to compose a json string from the user input - the user input is the final json string.
The REST engine I use (OpenRasta) understands certain URL decorators, which tell it what is the desired HTTP method. Hence I can issue a POST request, which would be treated as a PUT request inside the REST engine. This means, regular html form can be used to test the PUT action.
However, I wish the user to be able to enter the URL of the resource to be PUT to, which makes the task more complicated, but eases the testing.
Thanks to all the good samaritans out there in advance.
P.S.
I have neither PHP nor PERL installed, but I do have python. However, staying within the realm of javascript seems to be the simplest approach, if possible. My OS is Windows, if that matters.
I'd suggest using the Poster add-on for Firefox. You can find it over here.
As well as providing a means to inspect HTTP requests coming from desktop and web applications, Fiddler allows you to create arbitrary HTTP requests (as well as resend ones that were previously sent by an application).
It is browser-agnostic.
I use the RESTClient firefox plugin (you can not use an URL for the message body but at least you can save your request) but also would recommend curl on the command line.
Maybe you should also have a look at this SO question.

Is there a way around a JSON block?

I accessed the following url last night for the first time and saw the JSON data there without a problem: http://mlb.mlb.com/ws/search/MediaSearchService?team_id=111&start=0&site=mlb&hitsPerPage=12&hitsPerSite=10&type=json&c_id=&src=vpp&sort=desc&sort_type=custom
This morning, I get the following message: "Please contact Search administrator as request is coming from invalid host/domain "
I am also unable to get a response in Yahoo Pipes.
Is there a way around what appears to be a block? Not sure what else could have happened.
Are you sure that isn't an internal API which got exposed accidentally? If it is, they have the full right to block everyone out (just tested, I get the very same message) or if it's meant for 3rd party developers but through managed API key storage, you have to obtain an API key somehow.
If there's a block, there's a reason.
I'd be very leery of circumventing this particular block - Major League Baseball has proven very litigious in the past. You don't want to get sued for a DMCA violation - they can afford much, much more expensive lawyers than you can.
Your JSON is being served over http. Since your URL worked before and is not working now, the server is most likely checking for an authentication cookie. which has probably expired. You should check to see if there is an API/way to authenticate your call with their service, otherwise even if you find a workaround there is not guarantee that it will continue to work.

Custom headers possible with URLRequest/URLStream using method GET?

Quite simple really:
var req:URLRequest=new URLRequest();
req.url="http://somesite.com";
var header:URLRequestHeader=new URLRequestHeader("my-bespoke-header","1");
req.requestHeaders.push(header);
req.method=URLRequestMethod.GET;
stream.load(req);
Yet, if I inspect the traffic with WireShark, the my-bespoke-header is not being sent. If I change to URLRequestMethod.POST and append some data to req.data, then the header is sent, but the receiving application requires a GET not a POST.
The documentation mentions a blacklist of headers that will not get sent. my-bespoke-header is not one of these. It's possibly worth mentioning that the originating request is from a different port on the same domain. Nothing is reported in the policyfile log, so it seems unlikely, but is this something that can be remedied by force loading a crossdomain.xml with a allow-http-request-headers-from despite the fact that this is not a crossdomain issue? Or is it simply an undocumented feature of the Flash Player that it can only send custom headers with a POST request?
From what I can gather, it seems like your assumption about the lack of custom headers support for HTTP GET is indeed an undocumented feature (or a bug?) in the standard libraries.
In any case, you might want to see if as3httpclient would fit your purposes and let you work around this issue. Here's a relevant snippet from a post in the blog of the developer of this library:
"I was not able to set the header of a
HTTP/GET request. Macromedia Flash
Player allows you set the header only
for POST requests. I discussed this
issues with Ted Patrick and he told me
how I can us Socket to achieve the
desired and he was very kind to give a
me code-snippet, which got me
started."
If this limitation was undocumented at one time, that's no longer the case. See:
http://livedocs.adobe.com/flex/3/langref/flash/net/URLRequest.html#requestHeaders
"[...] Due to browser limitations, custom HTTP request headers are only supported for POST requests, not for GET requests. [...]"