Why is my Rest API not working with my ip? - api

There is json i need to access with a GET request, it has no restrictions, my friends can access it from their location.
However, from my device (tried on Chrome, Firefox, VS Code, Edge), and even from my phone, both have a different IP, I cannot access it.
Transfer-Encoding: chunked
Content-Type: application/json; charset=utf-8
X-Xss-Protection: 0
X-Content-Type-Options: nosniff
X-Permitted-Cross-Domain-Policies: none
Date: Fri, 07 Jan 2022 08:46:09 GMT
This is the output from an online request testing app, and it works.
Is there anything in this output that can give me a hint on what to change to make it accessible from any device?

Where is the JSON located? If it is at your friends, try port forwarding at his place. If it isn't, we will need to see your code and we will need more context. Internet access can get complicated.

Related

HTML Header indicates image/jpeg, DevTools indicates document and cache is not working

I am trying to cache some images and using the DevTools of MS Edge to analyze the network.
The URL should return only the image via readfile($image) and I see the image correctly in the browser.
Response Headers:
HTTP/1.1 200 OK
Date: Mon, 25 May 2020 19:18:56 GMT
Server: Apache/2.4.38
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: max-age=86400
Pragma: no-cache
Debugbar-Time: 1590434336
Debugbar-Link: https://blog.casa.spiti/?debugbar_time=1590434336
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: image/jpeg
The Network Tab of the Chrome Dev Tools shows document for the image.
Questions to this output:
What is this expire date of 1981? How do I change it?
Is this the reason why the image is not cached?
Why is the image being indicated as document? Is it because I use readfile()?
Impossible to answer without seeing your server config.
Shouldn’t be, cache-control is used in preference to Expires.
If you are loading the image directly in the browser it shows as document - even if it’s an image. That image is the document in that case. If you load the image as part of an HTML document, then it will show as Image in Dev Tools.

How to authenticate into a Django app using RemoteUserBackend

My app is required to support users logged in via SSO on a 3rd party server.
I configured settings.py based on the docs, i.e.
MIDDLEWARE_CLASSES = [
'...',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.auth.middleware.PersistentRemoteUserMiddleware',
'...',
]
AUTHENTICATION_BACKENDS = [
'django.contrib.auth.backends.RemoteUserBackend',
]
I tried to test this using Postman on a couple of the app's URLs with no auth and with basic auth (user is defined) and, of course, with REMOTE_USER (and/or HTTP_REMOTE_USER header set).
In all cases I get a 401 - unauthorized code. Moreover, the breakpoint in authenticate is never called. The process_request in the middleware is called, but the REMOTE_USER header is not in request.META.
What else do I need to configure (in Django, Postman - or better still Apache) so that the REMOTE_USER will be set?
My knowledge of Apache is minimal, so a link to an example will help a lot.
The closest "solution" I saw is this, but it seems that the person circumvented the proper way to do this.
UPDATE
The Postman request is simply to one of the basic services which requires users to be logged in (#login_required decorator in Django)
I've tried with both basic auth and no auth.
The reply is a 401 without additional information.
>curl -i -H 'REMOTE_USER: user' localhost:9000/project/files/
HTTP/1.0 401 Unauthorized
Date: Sun, 17 Dec 2017 13:38:38 GMT
Server: WSGIServer/0.1 Python/2.7.10
Expires: Sun, 17 Dec 2017 13:38:38 GMT
Vary: Cookie
Last-Modified: Sun, 17 Dec 2017 13:38:38 GMT
Location: /accounts/login/?next=/project/files/
Cache-Control: no-cache, no-store, must-revalidate, max-age=0
X-Frame-Options: SAMEORIGIN
Content-Type: text/html; charset=utf-8
Same command with cURL. The Location seems to suggest it tried to redirect to the login page (which should not happen)

Chrome sometimes downloads html instead showing it

I have an Apache server running a website with a symfony 2 login form, two weeks ago some of the users got their computers updated to windows 10, since then, sometimes when they click the login button Chrome downloads this file called "login" i attached instead showing it:
0
HTTP/1.1 200 OK
Date: Thu, 24 Nov 2016 14:41:00 GMT
Server: Apache
X-Powered-By: PHP/5.4.22
Cache-Control: no-cache
X-Debug-Token: 7216b3
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
794
‹ ´Y{oÛ8ÿÛù\]‹Ú#$YNÓ¼ä²n»W`swhZÜE!ÐÒØbB‘*I9I/ýP‡ûûÅnHJ~dSl³ˆƒÆó›g8ÃiúS!ss[)MÅOwRûE8óq : ºÎóò«q`TÁé!i ´8Ýé¥Jò’*
f4f$¶+†§ï&oÈ+#Ñ4öS• Œƒt®Xm˜É¥0 (¸·‹6¦”jsÁ¿§4¦áKÃãàßádzp"«š6å°FòîÍ8žü:rŸ ?…á'6#Üà$9úŒS½ÔËD´ÊÇE?Žck–}]²*šK9çË¢\V±^ˆ
#®ü–èR§iìþ'›}Cy~ä\NrQCÎf,'稆&nǺÚ×µTfM‹kV˜r\À‚åºÁ.a‚Fy¨sÊaœì’ŠÞ°ª©º «(q¼[½ìqãi‰/é‚úYkóÞ‚*2UòZƒêõzc”cÁæÔH58u6GN6·½‡9Üàθ&
%Yq÷3§ùÕÏ ÔíÝ»7^Ó»¿Ë+FïØ?û´¸+¥€;YîþQ£[ó>n¹Cƒ¸ÃfÚÓYf”k°lÖoyF5yÙ_—`0 ÿÁ=½%’Zµ”=Zo(û¯L£Aõ.iì’Y#rë{}$'èÃX²1ý]öãû_§Tí’áà„|Ûõr\GEVÛúǾwÍD!¯#4©äüƒìwOómÇÿº]^K.íù1±v‚“Χí]µ·kTHq[É·l¬ËDEë/
hCkv·¸ùmuiŠçÞ4ÓQ1œ
þ|49˜?ß{-÷ãfDËk„éuèV36oÙ´?© Ø
>¢çTÐ9(9®†ç´^
^;\ùAJ®ñÏ3f]­¼å (Ì:6ëÔ8Á‚Ïk²ÎÅ­E††õbÚÅgNôìUÀµ!6¹¸ðå pSÊ™¸"¥‚Ù8ˆi]gDQ]Öq®u\L‹W‡Ù”jÈ’§‚õ(qc|hs‹ìKTÂ_?
L+ú•5U6Ú6§·è³ÙÞ WtÙË-À_¢÷ªÛ°aÙþÐφ»Ì^mMð¨j¸a€ÙÀdÛ´OhðbªY~*ÄËLŠìp§í4eGÛ³ØÃê,nAM•É’$&!ÞˆŒKýÈ#Þù#NÃdïÕèððOsXÞMo1«âÕë3¾«c[O……ŽÉC쎙Ux5Æ7¡ŸkÅ›y”?ÚRf…‚¢slòÒ…µÂŠ¥ª¥†"XÓocST‹yð;‚£›ƒÑwQC·ì°'e‹ž$/oð÷ûø톇ÖÊ$þ«‰Omuå~6Ê»S¾Ôñè°íÑ.ô’è(â1_¶§L¨›Ö’Ï#Ñ1°-ƒ¦…­1`É¡ÀÜ°5üßÝL/·Ãkã²Ýß\b¡
sÆvðÝõwðÔà•¬°6Ãç€)CûrÓ˜¶ÃÂöW¬ß1E<1ƒ‚x+Vö6=<1x—Ø’-rÔ–`É–âQ¬L·Çè÷\ª©¼É’'^Ÿ—÷mÖÔ•”¦ôo£§¿S—ŒF¡{Y±¯Ô>ÒB¯"Ö˜O~8KŽ{¡{rcÂ
Ñ’M%ôÓ߸Kf/C+6Ãî!ªŸþÒ]²Ûu3ÅàoôŸºuî5´¼ÛGg<“úR+Œ &æVû'>óïµR~óž>-ê_Ñ!ø”æWcä½÷øø2}M
Ý`âʱÇÈ>Ň˜S¸±e‹ÁGªæÎï,ón(UT1±©+8„SÛ€J°ˆ½Š’(ÙÛÐÑæ÷¸­±DÔ1l°øQ›¡¨øº/¤ŠWy½æÍœ Ôa™ßãõ°Š¬ #ß;´®cñH1|º‰»tsõGšY;«6MŽX &îŠ×lÑ÷Ý¢gýáµÄ›ïÅÀ–ò}×ÅÁ“d–ðøjŒg/ví<‡™9&ýg}ßåD®‡`!¹åüë_~uµ‘õq l^šïRÿ­]FrÛ:²]¤o¨Ô³~!óÆZg) Åm½‡å”ê(°%tÿwÚ#î{À(–…ýX94uûvo:•Åíi/-Ø‚°bt$çTc©ž·`®•˜Î0›êD»–Ž0sMå€T`J‰hht߃ì¥õ&`;˪yë'î9¤-ŒôU?åfØ^s÷–KãzYí[q[<tVmðòA)©s©„­\9G'´6ËXŒèc2Œ : ºû¬¦b
Ç>=Hû21“Kú—ÝÄ:Ë ©¨B]CeÏò˜´€h_ëp’b~:A»ÈµÝ-ï·ÿ  wúe¯ª²T«îz[)§SàÍ‚iP¶wœ~Ô
UL§±[>M§*^R0Q7둸ó\·íçl5ÑêíÎQdAyc{ó÷mþ°d5\K…¾1‘ïE
¿ý—þ±tK2'ájÔJ¸šxHÂ
¹º6àCÎåØNcðL—žù‰î
n³ 3N|¬%©Jc¿¾¤÷lÒØú½}çúÓÂèqac£ÈýËÿ ÿÿ
a
°•Tüq
0
Only computers using google Chrome that have been updated to windows 10 have this issue. Other computers using Chrome or using Internet Explorer from the same computer works fine.
I have tried to change the response headers of the Content-Type to text/html using the ModHeader extension but the Chrome shows the same content of the file without interpreting it.
I have tried with older versions of Chrome with the same result.
Also I disabled the Apache compression but still sometimes Chrome downloads the page.
The user have disabled the antivirus but the issue keeps the same.
Browsing a similar version of the application hosted in another server works fine.
I don't know if the issue is related to the clients or the server.
Edit:
It looks like the computers have FortiNet installed and it could be breaking the network packages.

mp4 video not playing on mobile devices

This problem seems related to our server configuration.
I have a video that I want to play with HTML5 video on a website. I use video.js for playback.
The problem is: the video works on my localhost, but it does not work on the production server.
I tried two different servers and they work flawlessly.
I Really need it to work on this specific server (it has a load balancer and more punch to handle the load we are expecting)
I am stumped; I don't know why it does not work on this server, I expect it to be an apache config issue because it works on the other servers.
I looked at the response headers, they are identical (see below). The movie encoding should be allright as well as they are playing on mobile devices on the test servers.
TEST SERVER (works):
HTTP/1.1 200 OK
Date: Tue, 03 Sep 2013 08:16:29 GMT
Server: Apache
Last-Modified: Mon, 26 Aug 2013 09:05:00 GMT
ETag: "baa32-4ceeb0-4e4d60d0e0700"
Accept-Ranges: bytes
Content-Length: 5041840
Cache-Control: public
Content-Type: video/mp4
PRODUCTION SERVER (does not work):
HTTP/1.1 200 OK
Date: Tue, 03 Sep 2013 08:28:07 GMT
Server: Apache
Last-Modified: Mon, 02 Sep 2013 12:18:39 GMT
ETag: "956c0-4ceeb0-4e565927d85c0"
Accept-Ranges: bytes
Content-Length: 5041840
Cache-Control: public
Content-Type: video/mp4
Can anyone give any leads what might be happening here?
Any leads are greatly appreciated.
I found the cause of the problem.
It was related to Request-Range headers.
(See http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.35.2 for more information about Request-Range headers)
We had Request-Range headers disabled for security reasons. It turns out that this breaks video playing functionality for IOS devices (desktop and android browsers still worked - tested Firefox and Chrome as well as Android - Chrome)
Allowing Request-Range solved the issue.

Analysis of HTTP header

Hello I want to analyze & understand at first place and then optimize the HTTP header responses of my site. What I get when I fetch as Google from webmasters is:
HTTP/1.1 200 OK
Date: Fri, 26 Oct 2012 17:34:36 GMT // The date and time that the message was sent
Server: Apache // A name for the server
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" // P3P Does an e-commerse store needs this?
ETag: c4241ffd9627342f5f6f8a4af8cc22ed // Identifies a specific version of a resource
Content-Encoding: gzip // The type of encoding used on the data
X-Content-Encoded-By: Joomla! 1.5 // This is obviously generated by Joomla, there wont be any issue if I just remove it, right?
Expires: Mon, 1 Jan 2001 00:00:00 GMT // Gives the date/time after which the response is considered stale: Since the date is set is already expired, this creates any conflicts?
Cache-Control: post-check=0, pre-check=0 // This means site is not cached? or what?
Pragma: no-cache // any idea?
Set-Cookie: 5d962cb89e7c3329f024e48072fcb9fe=9qdp2q2fk3hdddqev02a9vpqt0; path=/ // Why do I need to set cookie for any page?
Last-Modified: Fri, 26 Oct 2012 17:34:37 GMT
X-Powered-By: PleskLin // Can this be removed?
Cache-Control: max-age=0, must-revalidate // There are 2 cache-controls, this needs to be fixed right? which one is preffected? max-age=0, must-revalidate? post-check=0, pre-check=0?
Keep-Alive: timeout=3, max=100 // Whats that?
Connection: Keep-Alive
Transfer-Encoding: chunked // This shouldnt be deflate or gzip ??
Content-Type: text/html
post-check
Defines an interval in seconds after which an entity must be checked for freshness. The check may happen after the user is shown the resource but ensures that on the next roundtrip the cached copy will be up-to-date.
http://www.rdlt.com/cache-control-post-check-pre-check.html
pre-check
Defines an interval in seconds after which an entity must be checked for freshness prior to showing the user the resource.
Pragma: no-cache header field is an HTTP/1.0 header intended for use in requests. It is a means for the browser to tell the server and any intermediate caches that it wants a fresh version of the resource, not for the server to tell the browser not to cache the resource. Some user agents do pay attention to this header in responses, but the HTTP/1.1 RFC specifically warns against relying on this behavior.
Set-Cookie: When the user browses the same website in the future, the data stored in the cookie can be retrieved by the website to notify the website of the user's previous activity.[1] Cookies were designed to be a reliable mechanism for websites to remember the state of the website or activity the user had taken in the past. This can include clicking particular buttons, logging in, or a record of which pages were visited by the user even months or years ago.
X-Powered-By: specifies the technology (e.g. ASP.NET, PHP, JBoss) supporting the web application.This comes under common non-standard response headers and can be removed.
Keep-Alive It is meant to reduce the number of connections for a website. Instead of creating a new connection for each image/css/javascript in a webpage many requests will be made re-using the same connection.
Transfer-Encoding: The form of encoding used to safely transfer the entity to the user. Currently defined methods are: chunked, compress, deflate, gzip, identity.