As you can see in the screenshot above two identical requests are fired to the Occ Endpoints pages (this behaviour appears on every page load), i'd like to understand the purpose behind this behaviour, because there's definetly a thought process behind this doubled payload
I think this is a known bug that is being looked at: https://github.com/SAP/spartacus/issues/6900
Related
I have a WCF service with multiple endpoints which I call from AJAX/JS. Everything is working fine, except if I go to my log table.
I store every call to this wcf service in a table and I've noticed that, if the verb used to call the methods is PUT or DELETE, the method is called twice. Of course, it has no impact on data since PUT and DELETE are supposed to be idempotent (and I made the corresponding stored procedures to act as such).
Digging this problem, I have changed PUT to POST in one method and it was then only called once. Changed it back to PUT, and it was called twice again. So it can't be related to the DataContracts, as I have read in another post. I have used SVCTraceViewer and nothing unexpected appeared, except for the double calls of course.
I must also add that
1) WebDav Publishing is NOT installed
2) I've checked in IIS and svc handlers have all verbs authorized
Still, I'm more and more convinced it's a IIS issue, but I don't know where to look.
Any advice would be welcome.
Thanks for the time you've spent reading this post... and thinking of an solution to my problem.
OK, found it. Thought I would post the answer : I was using Response status code 204 for put and delete successful requests. However it seems that code 204 asks the page to remain and actually request the same url a second time. Changed it to 202 : problem solved.
Best regards to stack o.
I am working at a GPL botanical collection manager (bauble), and I am linking to some reference sites like the wikipedia, the plant list, and similar sites.
all the above handle requests as GET and for each of them I'm generating an URI which I am connecting to a gtk.LinkButton.
is it possible to link to sites only handling requests as POST? I'm wondering because I had to link to tropicos, and initially I had not found the way they handle GET requests.
I'm not working with pygtk any more. and I guess that if I still needed this (I don't), I should consider this: »By default, Gtk.LinkButton calls Gtk.show_uri_on_window() when the button is clicked. This behaviour can be overridden by connecting to the Gtk.LinkButton ::activate-link signal and returning True from the signal handler.«
I am struggling (in some sense) to determine which HTTP method is more appropriate for rebooting a remote resource: GET or PUT?
On one hand, it seems more semantic to call http://tools.serviceprovider.net/canopies/d34db33fc4f3?reboot=true because one might want to GET a representation of a freshly rebooted canopy.
On the other hand, a reboot is not 'safe' (nor is it necessarily idempotent, but then a canopy or modem is not just a row in a database) so it might seem more semantic to PUT the canopy into a state of rebooting, then have the server return a 202 to indicate that the reboot was initiated and is processing.
I have been reading up on HTTP/1.1, REST, HATEOAS, and other related concepts over the last week, so I am still putting the pieces together. Could a more seasoned developer please weigh in and confirm or dispel my hunch?
A GET doesn't seem appropriate because a GET is expected, like you said, to be "safe". i.e. no action other than retrieval.
A PUT doesn't seem appropriate because a PUT is expected to be idempotent. i.e. multiple identical operations cause same side-effects as as a single operation. Moreover, a PUT is usually used to replace the content at the request URI with the request body.
A POST appears most appropriate here. Because:
A POST need not be safe
A POST need not be idempotent
It also appears meaningful in that you are POSTing a request for a reboot (much like submitting a form, which also happens via POST), which can then be processed, possibly leading to a new URI containing reboot logs/results returned along with a 303 See Other status code.
Interestingly, Tim Bray wrote a blog post on this exact topic (which method to use to tell a resource representing a virtual machine to reboot itself), in which he also argued for POST. At the bottom of that post there are links to follow-ups on that topic, including one from none other than Roy Fielding himself, who concurs.
Rest is definitely not HTTP. But HTTP definitely does not have only four (or eight) methods. Any method is technically valid (even if as an extension method) and any method is RESTful when it is self describing — such as ‘LOCK’, ‘REBOOT’, ‘DELETE’, etc. Something like ‘MUSHROOM’, while valid as an HTTP extension, has no clear meaning or easily anticipated behavior, thus it would not be RESTful.
Fielding has stated that “The REST style doesn’t suggest that limiting the set of methods is a desirable goal. [..] In particular, REST encourages the creation of new methods for obscure operations” and that “it is more efficient in a true REST-based architecture for there to be a hundred different methods with distinct (non-duplicating), universal semantics.”
Sources:
http://xent.com/pipermail/fork/2001-August/003191.html
http://tech.groups.yahoo.com/group/rest-discuss/message/4732
With this all in mind I am going to be 'self descriptive' and use the REBOOT method.
Yes, you could effectively create a new command, REBOOT, using POST. But there is a perfectly idempotent way to do reboots using PUT.
Have a last_reboot field that contains the time at which the server was last rebooted. Make a PUT to that field with the current time cause a reboot if the incoming time is newer than the current time. If an intermediate server resends the PUT, no problem -- it has the same value as the first command, so it's a no-op.
You might want to get the current time from the server you're rebooting, unless you know that everyone is reasonably time-synced.
Or you could just use a times_rebooted count, eliminating the need for a clock. A PUT times_rebooted: 4 request will cause a reboot if times_rebooted is currently 3, but not if it's 4 or 5. If the current value is 2 and you PUT a 4, that's an error.
The only advantage to using time, if you have a clock, is that sometimes you care about when it happened. You could of course have BOTH a times_rebooted and a last_reboot_time, letting times_rebooted be the trigger.
I get confused when and why should you use specific verbs in REST?
I know basic things like:
Get -> for retrieval
Post -> adding new entity
PUT -> updating
Delete -> for deleting
These attributes are to be used as per the operation I wrote above but I don't understand why?
What will happen if inside Get method in REST I add a new entity or inside POST I update an entity? or may be inside DELETE I add an entity. I know this may be a noob question but I need to understand it. It sounds very confusing to me.
#archil has an excellent explanation of the pitfalls of misusing the verbs, but I would point out that the rules are not quite as rigid as what you've described (at least as far as the protocol is concerned).
GET MUST be safe. That means that a GET request must not change the server state in any substantial way. (The server could do some extra work like logging the request, but will not update any data.)
PUT and DELETE MUST be idempotent. That means that multiple calls to the same URI will have the same effect as one call. So for example, if you want to change a person's name from "Jon" to "Jack" and you do it with a PUT request, that's OK because you could do it one time or 100 times and the person's name would still have been updated to "Jack".
POST makes no guarantees about safety or idempotency. That means you can technically do whatever you want with a POST request. However, you will lose any advantage that clients can take of those assumptions. For example, you could use POST to do a search, which is semantically more of a GET request. There won't be any problems, but browsers (or proxies or other agents) would never cache the results of that search because it can't assume that nothing changed as a result of the request. Further, web crawlers would never perform a POST request because it could not assume the operation was safe.
The entire HTML version of the world wide web gets along pretty well without PUT or DELETE and it's perfectly fine to do deletes or updates with POST, but if you can support PUT and DELETE for updates and deletes (and other idempotent operations) it's just a little better because agents can assume that the operation is idempotent.
See the official W3C documentation for the real nitty gritty on safety and idempotency.
Protocol is protocol. It is meant to define every rule related to it. Http is protocol too. All of above rules (including http verb rules) are defined by http protocol, and the usage is defined by http protocol. If you do not follow these rules, only you will understand what happens inside your service. It will not follow rules of the protocol and will be confusing for other users. There was an example, one time, about famous photo site (does not matter which) that did delete pictures with GET request. Once the user of that site installed the google desktop search program, that archieves the pages locally. As that program knew that GET operations are only used to get data, and should not affect anything, it made GET requests to every available url (including those GET-delete urls). As the user was logged in and the cookie was in browser, there were no authorization problems. And the result - all of the user photos were deleted on server, because of incorrect usage of http protocol and GET verb. That's why you should always follow the rules of protocol you are using. Although technically possible, it is not right to override defined rules.
Using GET to delete a resource would be like having a function named and documented to add something to an array that deletes something from the array under the hood. REST has only a few well defined methods (the HTTP verbs). Users of your service will expect that your service stick to these definition otherwise it's not a RESTful web service.
If you do so, you cannot claim that your interface is RESTful. The REST principle mandates that the specified verbs perform the actions that you have mentioned. If they don't, then it can't be called a RESTful interface.
Understanding that my problem could have a very vast scope of possibilities, I'll accept the answer that points me to something that I might have missed.
My software's client is facing this issue of page stopping loading in the middle and that too happens randomly. As usual, this does not happen in out network even with guys doing VPN from remotest parts of the world. The page is only 14 KB.
Its a web-based software that serves HTML via Apache over HTTPS. Client is using IE8 browsers.
We did network trace and found that not only number of bytes differ from our end to the trace at client's end, even encrypted packet sequence also differ (after a while in the stream). But that happens for successful request too!
Has someone experienced similar issue? What could corrupt the stream?
PS: I'm not too optimistic on getting answer here and going to post it to serverfault anyway. If someone thinks its off-topic, please feel free to close it.
It may be the operation aborted scenario which throws an error in IE7, but stops processing silently in IE8.
The HTML file is being parsed, and encounters a script block. The script block contains inline script which creates a new element and attempts to add it to the BODY (document.body.appendChild(newElem)) element before the closing BODY tag has been encountered by the parser. Note that if I removed the highlighted DIV element, then this problem would not occur because the script block’s immediate parent would be BODY, and the script block’s immediate parent is immune to this problem.
Unfortunately the operation aborted dialog was always thrown at the top-level of a web page, even if the problem occured in an iframe. In fact, in most scenarios that we encountered, ad injection in an iframe was usually the root cause of this error. After the user dismissed the error dialog, Internet Explorer would navigate away from the page.