I'm sending requests to the Google safe browsing API. I believe I'm following their documentation correctly. I've tried regenerating my key.
I'm sending the request below
POST https://safebrowsing.googleapis.com/v4/threatMatches:find?key=AIxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx HTTP/1.1
User-Agent: Fiddler
Host: safebrowsing.googleapis.com
Content-Length: 511
{
"client": {
"clientId": "yourcompanyname",
"clientVersion": "1.5.2"
},
"threatInfo": {
"threatTypes": ["MALWARE", "SOCIAL_ENGINEERING"],
"platformTypes": ["WINDOWS"],
"threatEntryTypes": ["URL"],
"threatEntries": [
{"url": "http://www.urltocheck1.org/"},
{"url": "http://malware.testing.google.test"},
{"url": "http://www.urltocheck2.org/"},
{"url": "http://www.urltocheck3.com/"}
]
}
}
And getting back an empty response which is not what I'm expecting with the URLs supplied and following their example.
HTTP/1.1 200 OK
Content-Type: application/json; charset=UTF-8
Date: Wed, 08 Sep 2021 15:05:59 GMT
Server: scaffolding on HTTPServer2
Cache-Control: private
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Accept-Ranges: none
Vary: Accept-Encoding
Content-Length: 3
{}
https://transparencyreport.google.com/safe-browsing/search?url=malware.testing.google.test
https://developers.google.com/safe-browsing/v4/lookup-api
You need to pass API key
You need to pass MALWARE url": "http://www.urltocheck1.org/"
if it is not malware it will show empty. try the following url
https://testsafebrowsing.appspot.com/s/malware.html with your code. please search and test with other maleware site
Related
Working with YouTube Data API v3
I want to get Access token using this tutorial: https://developers.google.com/youtube/v3/guides/auth/server-side-web-apps
[[CODE]] :
4%2F0AdQt8qiarZnP_RFvafYA-ABLABLA*UpZ6YlB1_Byzrvqfm9iRthXll6F6TfG_f-cGw
[[CLIENT_ID]] :
27501137863BLABLA*sd2918n2gqqclurlegm6j2.apps.googleusercontent.com
[[CLIENT_SECRET]] :
GOCSPX-T0lF1yVLJ*BLABLAGgfL7qvcwB5p
I send a POST request:
screenshot: https://i.imgur.com/9DzF4aK.png
I get a 400 error, What's wrong?:
Status: 400
Pragma: no-cache
Date: Thu, 11 Aug 2022 18:14:44 GMT
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Content-Type: application/json; charset=utf-8
Vary: X-Origin
Vary: Referer
Server: scaffolding on HTTPServer2
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Accept-Ranges: none
Vary: Origin,Accept-Encoding
Transfer-Encoding: chunked
{
"error": "redirect_uri_mismatch",
"error_description": "Bad Request"
}```
Your endpoint is wrong to start with its https://oauth2.googleapis.com/token Thats why you are getting a 404
POST /token HTTP/1.1
Host: oauth2.googleapis.com
Content-Type: application/x-www-form-urlencoded
code=4/P7q7W91a-oMsCeLvIaQm6bTrgtp7&
client_id=your_client_id&
client_secret=your_client_secret&
redirect_uri=https%3A//oauth2.example.com/code&
grant_type=authorization_code
You may want to try watching this Understanding Google OAuth 2.0 with curl or this How to set up Oauth2 in PostMan. although im not sure if what you are using is postman or not.
My request to google healthcare API is not working from OAuth 2.0 playground using refresh token option. I am getting "status": "PERMISSION_DENIED". The requested API has been enabled for many days. Here's the Request and Response details.
POST
/v1alpha2/projects/<project_id>/locations/<location>/datasets?
datasetId=<dataset_id> HTTP/1.1
Host: healthcare.googleapis.com
Content-length: 0
Content-type: application/json
Authorization: Bearer
HTTP/1.1 403 Forbidden
Content-length: 767
X-xss-protection: 0
X-content-type-options: nosniff
Transfer-encoding: chunked
Vary: Origin, X-Origin, Referer
Server: ESF
-content-encoding: gzip
Cache-control: private
Date: Fri, 12 Jul 2019 17:57:39 GMT
X-frame-options: SAMEORIGIN
Alt-svc: quic=":443"; ma=2592000; v="46,43,39"
Content-type: application/json; charset=UTF-8
{
"error": {
"status": "PERMISSION_DENIED",
"message": "Cloud Healthcare API has not been used in project <project_id> before or it is disabled. Enable it by visiting https://console.developers.google.com/apis/api/healthcare.googleapis.com/overview?project=<project_ud> then retry. If you enabled this API recently, wait a few minutes for the action to propagate to our systems and retry.",
"code": 403,
"details": [
{
"#type": "type.googleapis.com/google.rpc.Help",
"links": [
{
"url": "https://console.developers.google.com/apis/api/healthcare.googleapis.com/overview?project=<project_id>",
"description": "Google developers console API activation"
}
]
}
]
}
}
You are using the Alpha endpoint for the Healthcare API, which has been decomissioned by Google. You can see how to make the transition for the Beta API in here: https://cloud.google.com/healthcare/docs/how-tos/transition-guide.
Also note that in addition to the change in the Request URL
/v1beta1/projects/<project_id>/locations/<location>/datasets
the response now is a long-running operation:
https://cloud.google.com/healthcare/docs/reference/rest/v1beta1/projects.locations.datasets.operations
When fetching the userProfiles.get method, it does return a UserProfile object but it doesn't seem to return the verifiedTeacher attribute.
Here is my response from the Google API Playground here:
HTTP/1.1 200 OK
Content-length: 297
X-xss-protection: 1; mode=block
X-content-type-options: nosniff
X-goog-trace-id: 112a56fbf6e2b530785ebb084b9ab298
Transfer-encoding: chunked
Vary: Origin, X-Origin, Referer
Server: ESF
-content-encoding: gzip
Cache-control: private
Date: Sun, 21 Jan 2018 12:36:21 GMT
X-frame-options: SAMEORIGIN
Alt-svc: hq=":443"; ma=2592000; quic=51303431; quic=51303339; quic=51303338; quic=51303337; quic=51303335,quic=":443"; ma=2592000; v="41,39,38,37,35"
Content-type: application/json; charset=UTF-8
Content-location: https://classroom.googleapis.com/v1/userProfiles/me
{
"photoUrl": "https://lh3.googleusercontent.com/-XdUIqdMkCWA/AAAAAAAAAAI/AAAAAAAAAAA/4252rscbv5M/photo.jpg",
"emailAddress": "3gtest#xxxxx.sa.edu.au",
"id": "106492323808275670",
"name": {
"fullName": "Staff3 gTest",
"givenName": "Staff3",
"familyName": "gTest"
}
}
Can anyone give me some tips to try to get the verifiedTeacher attribute returned from this API as described in the documentation?
Thanks
I'm using Postman to test pulling a list of issues from my Github
In command line I can do the following
curl -i -H 'Authorization: token <mytoken>' \
https://api.github.com/user/issues
which I think it returning an empty block:
HTTP/1.1 200 OK
Server: GitHub.com
Date: Tue, 04 Oct 2016 22:01:26 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 5
Status: 200 OK
X-RateLimit-Limit: 5000
X-RateLimit-Remaining: 4988
X-RateLimit-Reset: 1475621615
Cache-Control: private, max-age=60, s-maxage=60
Vary: Accept, Authorization, Cookie, X-GitHub-OTP
ETag: "db74aad51113746c20473c4cf2b08bde"
X-OAuth-Scopes: gist, notifications, repo, user
X-Accepted-OAuth-Scopes:
X-GitHub-Media-Type: github.v3
Access-Control-Expose-Headers: ETag, Link, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval
Access-Control-Allow-Origin: *
Content-Security-Policy: default-src 'none'
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
Vary: Accept-Encoding
X-Served-By: cee4c0729c8e9147e7abcb45b9d69689
X-GitHub-Request-Id: 520E2ADF:3E4D:3650D52:57F426B6
[
]
So I am testing it in Postman, but whilst I can do a simple token GET request, i'm getting the following in Postman
{
"message": "Not Found",
"documentation_url": "https://developer.github.com/v3"
}
I had missed adding the scope for the Application Token I had setup
https://developer.github.com/v3/oauth/
I use a very simple jquery.ajax() call to fetch some HTML snippet from a server:
// Init add lines button
$('body').on('click', '.add-lines', function(e) {
$.ajax({
type : 'POST',
url : $(this).attr('href')+'?ajax=1&addlines=1',
data : $('#quickorder').serialize(),
success : function(data,x,y) {
$('#directorderform').replaceWith(data);
},
dataType : 'html'
});
e.preventDefault();
});
On the PHP side i basically echo out a HTML string. The jQuery version is 1.8.3.
The problem is in IE10: While it works fine there on Server A which runs on Apache it fails on Server B which runs on Nginx + PHP-FPM: If i debug the success handler on Server B I get a undefined for data. In the Network tab of the IE developer tools I can see the full response and all headers. It may affect other IE versions, but i could only test IE10 so far.
Here are the two response headers:
Server A, Apache (works):
HTTP/1.1 200 OK
Date: Thu, 25 Apr 2013 13:28:08 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 1268
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Server B, Nginx + PHP-FPM (fails):
HTTP/1.1 200 OK
Server: nginx/1.1.19
Date: Thu, 25 Apr 2013 13:41:43 GMT
Content-Type: text/html; charset=utf8
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Encoding: gzip
The body part looks the same in both cases.
Any idea what could cause this issue?
Please also check the Content-Type Header, since Apache and Nginx are sending different values:
Content-Type: text/html; charset=UTF-8
vs.
Content-Type: text/html; charset=utf8
Update your Nginx config, add this line:
charset UTF-8;