We have a curious situation with http referrer and response.
Our application is a J2EE with a WEB and EJB project. Working fine for years.
Recently, from one specific location, when user click to submit, our EJB sysout picked up trace that there was more than one submit (POST request) resulting in a null pointer. Our button have been designed to be disabled after it has been clicked. We are not sure how a subsequent request can possibly happen. In this simulation of the problem, we click once and there is only one user in the system.
Since this only occur when we connect from a particular ISP. We do not experience multiple request from other ISP locations. So we are suspecting that the ISP may have in advertently trigger a resubmit. But we are not sure. What else can we do to trace the root cause of this problem.
Thanks for your help.
Update on 12-Apr
We have installed wireshark to trace the signal from the browser side. We notice that the browser concern makes a "retry" after every 11 or 12 minutes. Would this be a normal browser behaviour?
I think we have found the cause of the problem. It is explained by by this https://blogs.oracle.com/ravello/beware-http-requests-automatic-retries
It is something in the HTTP spec
"If an HTTP/1.1 client sends a request which includes a request body, but which does not include an Expect request-header field with the "100-continue" expectation, and if the client is not directly connected to an HTTP/1.1 origin server, and if the client sees the connection close before receiving any status from the server, the client SHOULD retry the request. W3 Hypertext Transfer Protocol -- HTTP/1.1
Related
Is it possible to check Http status code in Apache configuration as %{REQUEST_STATUS} for instance?
There is no such thing as a "request status", and no way for a server to interact with a browser in the middle of serving an error message.
HTTP is not an interactive protocol; the browser sends a request, the server sends a response, and that's it. So if the browser sends a request, and the application crashes, the server can send a response with 500 and the error details, or a response with 401 requesting the user to log in. Either way, that's the end of the conversation.
When it receives a 401 response, the browser can't say "here's the login details, carry on with the current request", it has to make a new request. It can make an identical request, which might reproduce the error message; but the original error message is gone.
If the requirement is to show a different amount of detail to different users, you need some notion of optional authentication, so that the server can decide immediately whether to include the error details or not, without an extra round-trip to the browser. I would suggest either:
Have a list of IP addresses which the application can check against; if the IP address of the request is in the list, include the error details.
Have a custom login system where you can authenticate and set a "session cookie" in the browser. If the user has an active session cookie, include the error details.
When the Apache server receives a POST request, I want to immediately send back a response, stating that the client should wait and not send anything.
While at the same time client's request will be passed on to a script (either PHP or Perl). And then the script will send back a response to the client.
Is this possible? I know that it is possible for Apache to send a 4xx response header, so that the client would stop sending. But I want to run a script while the client has stopped sending and then have the client redirect to somewhere..
There are a few HTTP status codes that may be of use IF you want to be fully REST-ful and use the HTTP verbs (GET, POST, PUT, DELETE, etc) and status codes
https://www.restapitutorial.com/httpstatuscodes.html
In particular for what I am interpreting as your use case, status code 202 Accepted may be correct for your use:
The request has been accepted for processing, but the processing has
not been completed. The request might or might not eventually be acted
upon, as it might be disallowed when processing actually takes place.
There is no facility for re-sending a status code from an asynchronous
operation such as this.
The 202 response is intentionally non-committal. Its purpose is to
allow a server to accept a request for some other process (perhaps a
batch-oriented process that is only run once per day) without
requiring that the user agent's connection to the server persist until
the process is completed. The entity returned with this response
SHOULD include an indication of the request's current status and
either a pointer to a status monitor or some estimate of when the user
can expect the request to be fulfilled.
So i'm designing a Restful Api that makes calls to other web services aggregates the result and return back to the client. If connection of any of the other web services fails for any reason, what is the best thing to return?
Right now am returning an 500 - Internal Server error to the client but I would like to return more details to the client on what made the request to fail. Would it be redundant to return a 500 http response code with a response body containing a message detailing where the error actually occurred or to just return a 503 - Service Unavailable http response code?
Your response code should depend on what you can do with the request. If clients can expect in this case to receive partial information and a message indicating what remote data feeds are unavailable, then send back a 200. I would not include HTTP codes or failing URIs in that response, just the names of the providers that are unavailable, and possibly a reason why. If you do, you may find yourself broken when you need to add non-URI-based providers. If you must, then make sure to include a "type" and require clients to use it. This will partially future-proof you, but expect that many clients will ignore the type and break if you add new types later.
If clients can't do anything with partial data, then you should return a 503 because your service is unavailable. It happens to be unavailable because a remote server it relies on is down. That's no different than returning a 503 because your own database is down. Your API can't return something because something it needs isn't available right now, but will be again later. You should include in the body of the response the reason for the outage, and may include a Retry-After header if you have any idea as to when the remote server might be available again.
A 404 is not appropriate because it means that the resource being requested does not exist - an error by the client. The resource does exist, it just can't be returned right now, because your server can't build it.
A 409 is not appropriate because there is no conflict that the user can resolve.
A 206 is not appropriate because it is to be used when the request includes a Range header, and there's no indication these requests do.
Since your aggregation is basically not finding what it seeks, perhaps HTTP 404 Not Found is appropriate.
If not all remote calls fail, so there at least are some relevant results, you could return HTTP 200 OK with an additional status informing that some remote sources currently are unavailable.
I would not return HTTP 503, as this code implies that your service is temporarily unavailable - and you therefore suggest the client retries later. HTTP 503 is typically returned when a server is restarting and is not quite ready to serve requests.
Whenever I try to call Magento's rest resources via PHP, I get an HTTP 500 Internal Server Error. My link is, in accordance to Magento's REST API, http://mymagento.com/api/rest/products.
Everything is set up properly and whenever I try to access it via the browser, the response is a page with the XML data I want. Same thing goes for the RESTClient plugin for Firefox.
I also get the internal server error whenever I try to do an authorised request as a customer.
Does anyone know why this is happening? I ran out of ideas an hour ago or so.
If you just got that problem (only) then,
500 errors in the HTTP cycle
Any client (e.g. your Web browser or our CheckUpDown robot) goes through the following cycle when it communicates with the Web server:
Obtain an IP address from the IP name of the site (the site URL
without the leading 'http://'). This lookup (conversion of IP name to
IP address) is provided by domain name servers (DNSs).
Open an IP socket connection to that IP address.
Write an HTTP data stream through that socket.
Receive an HTTP data stream back from the Web server in response.
This data stream contains status codes whose values are determined by
the HTTP protocol. Parse this data stream for status codes and other
useful information.
This error occurs in the final step above when the client receives an HTTP status code that it recognises as '500'. (Last updated: March 2012).
Fixing 500 errors - general
This error can only be resolved by fixes to the Web server software. It is not a client-side problem. It is up to the operators of the Web server site to locate and analyse the logs which should give further information about the error.
I am writing one Web Application using XUL. In that Iam using AJAX XMLHttpRequest Object for sending request to server. When I use GPRS connection to send the request to the server from my web application the request is not going, but readyState has changed to 4 and status=0. If the request is not going out how the readyState is Changing.
The same Code working fine in local network. If I send the request to server from the browser using GPRS it is working fine. Can any body help me out in solving this problem.
Thanks in Advance.
the request is not going
How do you determine that?
Do you use the HTTP scheme? If so, status == 0 is an issue, (google says there are known quirks in Firefox).
status == 0 is also returned when the request is using a non-HTTP protocol. So if you're making a file:// request accidentally, it would explain all the symptoms...
[edit 2009-09-07]
Also found this issue: https://bugzilla.mozilla.org/show_bug.cgi?id=488605
aborted XMLHttpRequests have status==0 since Firefox 3.
[edit] I'm not /quite/ sure, but I think that cross-domain requests that are not allowed also end up with status == 0.