In the default Cornerstone theme I see that there is a blog.html file that pulls a number of blog posts. But what if I want to pull blog posts from outside of that page? For instance, what if I wanted to show a list of latest posts, or posts with a specific tag on an individual post, or a completely different page?
I saw that there's an api endpoint for blog articles here https://developer.bigcommerce.com/api-reference/marketing/store-content-api/blog-posts/getallblogposts and I'm attempting to get that data with this ajax query
$.ajax({
url: `https://api.bigcommerce.com/stores/store-hash/v2/blog/posts`,
dataType: 'json',
method: 'POST',
cache: false,
headers: {
'X-Auth-Client': 'client-code',
'X-Auth-Token': 'token',
Accept: 'application/json',
'Content-Type': 'application/json',
'Access-Control-Allow-Origin': 'http://localhost:3003',
'Access-Control-Allow-Credentials': 'true',
},
}).done((data) => {
console.log(data);
});
But wouldn't this method be unacceptable because it would present my api keys to the front end?
Is there a safe way to get a list of all blog articles from outside the blog page?
Related
I have a working servlet that tests properly with Postman, but I can't get the request to execute from the front end. The fact that Postman can execute the servlet with either a Get or a Post tells me the problem is likely with the front-end code.
Does anyone see where the misconfiguration is in this block? The Basic key and cookie are copied from Postman, there is no CORs problem.
const response = await axios.get(url, null, {
headers: {
'Access-Control-Allow-Origin': '*',
'Accept': '*/*',
'Content-type': 'application/json',
'Access-Control-Allow-Methods': 'GET, POST, OPTIONS, PUT, PATCH, DELETE',
'Access-Control-Allow-Headers': 'Origin, Content-Type, X-Auth-Token',
'Authorization': 'Basic YWRtaW46YWRtaW4='
},
withCredentials: true,
Cookie: "cq-authoring-mode=TOUCH;",
params: {
path: rootPath,
maxCount: sourceMax
}
}).catch(err => {
console.log(err)
}, () => {
console.log(response)
}).then(res => {
console.log(res)
})
This is most likely the CSRF filter which rejects some requests that don’t contain a CSRF token. By default it checks only POST, PUT and DELETE requests.
It’s weird that it also checks your request, which seems to be a GET. Either your filter is configured differently or you sending a Content-type header – which describes the request body content type – makes axios switch the request from GET to POST (because GETs don’t have a request body and, thus, don’t need to declare their content type).
The CSRF filter can be configured in various ways and can exclude certain requests from filtering by path or user-agent:
You could also request a token from the /libs/granite/csrf/token.json endpoint and then send it along in your request. One way to do this is via the query, as the :cq_csrf_token param.
I am working on a project making a Kanban board using the Github API v3.
I have no problem with get methods, but when it comes to post methods i get a 404 response, and from what i read in the documentation, this seems to be a authentication error.
I am using personal token for authentication, and have successfully posted through postman, but when i try to post through my own application i get the error.
Link to project if anyone's interested : https://github.com/ericyounger/Kanban-Electron
Below is the code used for posting to github.
Might there be a problem with my code below? Or might it be settings in relation with the token?
postIssue(json){
let packed = this.packPost(json);
return Axios.post(`https://api.github.com/repos/${this.user}/${this.repo}/issues`, packed);
}
packPost(json) {
return {
method: "POST",
headers: {
"Authorization": `token ${this.tokenAuth}`,
"Content-Type": "application/json"
},
body: JSON.stringify({title: json.title})
};
}
This is what i receive:
{message: "Not Found", documentation_url: "https://developer.github.com/v3/issues/#create-an-issue"}
message: "Not Found"
documentation_url: "https://developer.github.com/v3/issues/#create-an-issue"
Console log error message
Without seeing any detailed logs, my first attempt would be to set body to not send the string representation of the body
body: {title: json.title}
This did the trick :)
postIssue(json){
const headers = {
'Content-Type': 'application/json',
'Accept': 'application/vnd.github.v3.raw',
"Authorization": `token ${this.tokenAuth}`,
};
return Axios.post(`https://api.github.com/repos/${this.user}/${this.repo}/issues`, json , {headers: headers});
}
this is my very first time using Dialogflow, so probably my mistake is very stupid.
here is my problem:
1) I created a sample agent "small-talk'.
2) I enabled the Webhook in the fulfilment section. I setup the URL of the web server making the request and the auth (username, password) of the that web server.
3) I uploaded a simple webpage on that web server with an API request that looks like this one below (this is the sample json referenced in their guide):
axios({
method: 'POST',
url: 'https://api.dialogflow.com/v1/query?v=20150910',
headers: {
'Authorization': 'Bearer ad7829588896432caa8940a291b66f84',
'Content-Type': 'application/json',
},
body: {
"contexts": [
"shop"
],
"lang": "en",
"query": "I need apples",
"sessionId": "12345",
"timezone": "America/New_York"
}
})
.then((response) => {
console.log(response);
})
.catch((error) => {
console.log(error);
})
I keep getting this error:
Cannot parse json. Please validate your json. Code: 400"
The only thing I can thing of, is that I noticed that Dialogflow is now working with the API V2 enabled by default in the agent settings and it seems there is no selection to V1 available anymore. But maybe this has nothing to do with my problem.
Thanks in advance!
Solved it!
In the json request, instead of
body: {...}
I replaced it with
data: {...}
Probably it was obvious, but I am an absolute newbie on these things!
By the way, Google has shutdown Dialogflow V1 starting from 12th July 2021 as per this URL - https://cloud.google.com/dialogflow/docs/release-notes#June_15_2021
In case you are getting http response code 400 (bad request), it means that it is time to migrate :-)
I want to scrap some data with CasperJS from one popular site. I have already scraped successfully some data with pool of proxies. Now I'm worried about HTTP REQUEST headers, coming with my HTTP Request.
I know there a lot information about me, and my servers - so is there exist some way to delete or modify outgoing HTTP headers.
You can add custom headers to casperjs with the headers property. You should be able to alter headers that you are concerned about.
Example: http://casperjs.org/api.html#casper
casper.open('http://some.testserver.com/post.php', {
method: 'post',
data: {
'title': 'Plop',
'body': 'Wow.'
},
headers: {
'Accept-Language': 'fr,fr-fr;q=0.8,en-us;q=0.5,en;q=0.3'
}
});
I've got everything working up until Step 2 of the OAuth process where you request the actual token. I'm using a very simple jQuery Post request and constantly getting Access Control Origin errors. I've tried contentType: 'application/json' and everything else I know to try.
It's just not working and I'm not sure the problem. I've confirmed all the variables are set properly before the request. Simple post request...
var url = 'https://[STORENAMEVARIABLE].myshopify.com/admin/oauth/access_token';
var data = JSON.stringify({ client_id: apiKey, client_secret: secret, code: code });
$.ajax({
type: 'POST',
url: url,
data: data,
success: function(data) {
debugger;
},
error: function(data) {
debugger;
}
});
Any ideas what I'm doing wrong?
You need to make your OAuth requests from a server. This is the Javascript cross-domain security kicking in.
If you are using Rails you can use omniAuth and it'll take care of the whole OAuth dance for you. Otherwise you'll have to search around but most popular language have an OAuth library that you can just plug in.