We have recently been blocked whist accessing the GoogleSheets API V4.
On calling the batchUpdate endpoint we are being served a 503 and the html body is a captcha challenge.
Does anyone know how we can remove this block on our API access?
Related
This question already has an answer here:
Google Maps - calling the API directly from javascript vs using the SDK
(1 answer)
Closed 12 days ago.
If my website origin is notexample.com, and If I load library from example.com/script.js, can this script make fetch request to example.com and not get CORS prevention error?
I attempted to make the request, but I was met with a CORS error. I am quite curious as to how Google went about implementing its API. With Google Maps, for example, you are unable to directly request an API endpoint or else you will receive a CORS error. However, if you use Google Maps client library that is loaded from Google servers/domain, you are able to make the request successfully. It's an interesting security measure that Google has taken, and it's something that I'd like to take some time to research further.
The origin of the script (https://example.com) is irrelevant, because cross-origin script embedding is always allowed:
Here are some examples of resources which may be embedded cross-origin:
JavaScript with <script src="…"></script>. [...]
What matters is the Web origin in which that script is loaded. If you load that script in the context of https://notexample.com and the script sends a (cross-origin) request to https://example.com, the Same-Origin Policy will kick in.
And unless https://example.com is configured for CORS to allow requests from https://notexample.com, things will not work as expected.
I am looking at my Google App Engine dashboard, I have a .NET Core Web API deployed and am processing somewhere between 5-10 requests per second, but I am also reporting a handful of 400 errors from the GCP HTTP Load Balancer and I don't know why. I look at the Google Load Balancer logs and I also see a bunch of 400 errors on my primary POST endpoint. This only happens on the POST endpoint. I try to see the full body of the HTTP Request but I can't seem to find it, it looks like Google doesn't log it by default.
I have a .NET Core API running on Google App Engine Flex connected to Google Cloud SQL running PostGresSQL.
How can I get more detail either from the Load Balancer to find out exactly what requests are coming in and what is happening? I have attached a sample of the requests/400 status responses below.
Thanks in advance.
See Google App Engine Requests VS 400 errors graph
See HTTP 400 Errors with HTTP Load Balancer
My VueJS application relies on a Java backend. This Java backend serves all REST endpoints for providing the data.
When a user performs a checkout the backend responds with a redirect url and redirects the user to that URL. This is done simply like that:
window.location.href = redirectUrl;
As soon as the payment process is finished on the external page the payment provider redirects the user to a return_url which in this case is my VueJS front-end. However the external system sends the return_url in a POST request directly to the front-end which cannot be processed in the as there is no endpoint listening.
What would be an approriate way handling this? As far as I know, VueJS doesn't have any possibility accepting POST requests.
TLDR; It is the responsibility of any external payment gateway system or similar system like OAuth/OpenID to redirect to the calling app via simple browser redirects (via HTTP 302 and 303). So, you should ask/configure external payment provider to follow the standard workflow.
In theory, you should never encounter this problem as POST is typically an Ajax request. Imagine you are on external payment page and when the payment succeeds, external JS is making the POST call and hence the payment page should then take responsibility of redirecting to the appropriate page by reading the reponse.
Now, the second possibility is that payment page is using traditional FORM submission via POST method type and giving back response as JSON or equivalent body. In this case, you should have a server side script (on your ui-server) that would listen for this call and then load the front-end application built with Vue.
If your UI is being served by Java back-end, then it should be simple job of having a Servelet or JSP.
I have recently moved from HTTP to HTTPS but I'm getting security warnings because the pictures from ebay API are still transferring over HTTP. Does any API user know of a way to get gallery url or picture url over HTTPS?
I have tried making a call through HTTPS like this https://open.api.ebay.com/xxxxx but obviously it won't work. Is there a parameter option for returning HTTPS link?
A returned data in a successful call from GetSingleItem API is like this:
<GalleryURL>
http://thumbs1.ebaystatic.com/pict/xxxxx.jpg
</GalleryURL>
<PictureURL>
http://i.ebayimg.com/00/s/ODUwWDgwMA==/z/xxxx.JPG?set_id=xxxx
</PictureURL>
I have had the same issue, I used galleryURL property of SearchItem object returned by ebay Finding API, but found that even galleryURL provides insecure link to image, the same image available on if I replace http with https.
My question is an extension of this one.
I am using JavaScript to post videos to the v2 YouTube API, via Plupload (HTML5 runtime). I am using OAuth2 to get authorized tokens and a CORS request to set the metadata. I am able to upload videos successfully, but the 302-coded response returned by YouTube gets lost. I am not able to retrieve the ID of the uploaded video, which would ordinarily be present as a GET parameter of the URL redirected to as part of the 302 response.
After uploading the video, how can I get the ID of the video?
It seems like xhr.getResponseHeader(location) would give it to me, but it is undefined with Plupload. Is this because Plupload is overriding the default XMLHttpRequest object and only exposing certain attributes? If I used vanilla XMLHttpRequest objects, would it work OK? Can the 302 be intercepted in all browsers?