Remove Request-Context from Response Header - http-headers

Somehow in my request response header "Request-Context" coming and i tried to remove that using in web.config and Response.Headers.Remove("Request-Context"); in global.asax but that header is not getting removed.
In the value of that header I am getting some Appid and I am not sure from where that is coming.
Here is response header of my request.
Cache-Control:no-cache, no-store
Content-Encoding:gzip
Content-Length:140
Content-Type:application/json; charset=utf-8
Date:Tue, 20 Feb 2018 09:48:28 GMT
Pragma:no-cache
Request-Context:appId=cid-v1:b650ed48-297a-4ea2-af46-0a5a5d26a82b
Vary:Accept-Encoding
Any help appreciated. Thanks in Advance.

Request-Context is used for cross-component correlation when 2 of your applications use different instrumentation keys.
In this case, knowing caller or callee appId (passed in the header) allows to build application map and trace correlated telemetry across instrumentation keys
You may set RequestTrackingTelemetryModule.SetComponentCorrelationHttpHeaders to false to prevent header to be added to the response.
You can do it in applicationInsights xml file, just find RequestTrackingTelemetryModule element and add false under it.
Refer link: https://github.com/Microsoft/ApplicationInsights-dotnet-server/issues/739#issuecomment-367774652

Related

VS Code REST Client Extension: How to access nested response headers

I'm trying to access 'nested' headers with the REST Client extension for VS Code.
I defined a GET CSRF_Token request that stores the "Set-Cookie" header inside a #token_response variable.
However the header looks like this:
'csrftoken=aGHuGkRbApH3qAksHHR3uaOKG0eZsYne; expires=Wed, 22 Nov 2023 08:40:05 GMT; Max-Age=31449600; Path=/; SameSite=Lax'
I already tried to access it with something like:
#csrf_token = {{token_response.0.split(';').0.split('=').1}}
and
#csrf_token = {{token_response.//[0].//split(';')[0].//split('=')[1]}}
But this does not seem to be the correct syntax.
Also the documentation does not contain any hints on that yet, sadly.
Now my question is:
Is there a way to only extract the part of the header that contains the value of the "csrftoken" key?
And if so, how?
Here is my code:
# Get CSRF Token
# #name getToken
GET http://{{host}}/api/csrf_token
#token_response = {{getToken.response.headers.Set-Cookie}}
#csrf_token = {{token_response}}
######
# Edit existing xyz
PATCH http://{{host}}/api/xyz/1
content-type: application/json
x-csrftoken: {{csrf_token}}
origin: http://{{host}}
{
"name": "some name"
}
Thanks a lot in advance! :)

SoapUI testing: remove quotation marks from session ID

So, I am new to SoapUI, and working with API's in general, but I am trying to set up an automated test for a REST API in SoapUI (the freeware version).
The first call I make returns a session ID in JSON, which is placed between quotation markslike: "session ID goes here". This key is needed, without quotation marks, in the next API call. I use SOAPUI's "Property Transfer Teststep", and this is working well, apart from the quotationmarks which are still around the session ID, resulting in an error responce by the subsequent call.
Any idea how I can remove the quotation marks? Ive been reading up/Googling on Xpath and JSONPath, which are some of the coding languages I can use in the screen, but I cant see how to use this to remove said quotation marks.
Your help would be greatly appreciated!!
Full RAW Response:
HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/json; charset=utf-8 Expires: -1 Server: Microsoft-IIS/8.5 X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET Date: Tue, 02 May 2017 18:31:48 GMT Content-Length: 38 "48d45ba2-4549-41be-8b31-e85b3c738a03"
you say that the message is returned as "48d45ba2-4549-41be-8b31-e85b3c738a03". Although the message says it is json, that does not mean that SoapUI will interprete it as valid json. Valid JSON like in the question referred to in another answer, starts and ends with curly brackets. Also it should have a key and value pair. Like so:
{
"sessionId":"48d45ba2-4549-41be-8b31-e85b3c738a03"
}
In that case the transfer $.sessionId would yield 48d45ba2-4549-41be-8b31-e85b3c738a03(without quotation marks), and not "48d45ba2-4549-41be-8b31-e85b3c738a03" (with quotation marks).
In attachment there is a project with a mock. It has got one call. If you open the project, you have to launch the mock by clicking play, then you can execute the test case. - https://www.dropbox.com/s/rsgc9q1g45jze5z/StackOverflow_43745255_QuestionQuotationMarks.xml?dl=0. You can save this as XML, then you can open it with SoapUI.
You will see a property transfer step. It has one step that is passed. Then one where you transfer the value without any paramter. It will transfer the message in full. Including the quotation marks.
The sencond transfer is '$'. For a valid json, this would render the same result as for the property transfer without any parameter because '$' represents the root. At least that is how I understand it.
Included you will also find a script:
response = context.testCase.getTestStepAt(0).testRequest.response.getResponseContent()
assert response == '"48d45ba2-4549-41be-8b31-e85b3c738a03"'
stripResponse = response.replace("\"", "")
assert stripResponse == '48d45ba2-4549-41be-8b31-e85b3c738a03'
The stripResponse is the response where the quotation marks are stripped away. You could then proceed to assign this variable to a property of choice, or inject it directly in the headers of a next step.
Sometimes scripting is the way to go.

Is it possible to remove a Pragma no-cache response header once it has been set by SetCacheability method?

I have an MVC4 GET action method that returns a FileStreamResult. A requirement exists to only use SSL and to not allow caching of the served document so SSL it is and I've also used the OutputCache filter with the following properties:
[OutputCache(NoStore = true, Duration = 0, VaryByParam = "None", Location = OutputCacheLocation.None)]
This behaves as expected and produces the following response headers:
Cache-Control: no-cache, no-store
Expires: -1
Pragma: no-cache
All was well until asked to also support IE8 and as many here have also encountered the documents just won't download with both no-cache set and SSL in the mix. The workaround for IE8 and below is to add some registry setting which is not really viable, or to remove the no-cache headers which breaks a fundamental requirement.
I experimented with Fiddler and IE8 and was able to download a document if I just removed the pragma: no-cache header but left the Cache-Control header intact. This didn't appear to leave a copy of the document in my temporary internet files but I might need to test this some more.
With this information in mind I thought it might be a simple task to remove the pragma using a filter on the action but it seems no matter what I do I cannot change whatever the OutputCache is going to set. I've even removed the OutputCache attribute and used:
Response.Cache.SetCacheability(HttpCacheability.NoCache)
Using this method alone ensures I get the same cache settings as before but they are not set at the point of this method call. This merely sets up the cache policy which gets applied at some point in the response pipeline but I just don't know where.
Does anyone know if there is a way of hooking into the response pipeline to alter the cache headers as they are being written?
EDIT
I've added a simple custom IHttpModule into the pipeline that looks for and removes any pragma header in the response NameValueCollection and whilst the cache-control is set the pragma is not there. Does this mean that IIS 7.5 is inserting the pragma itself based upon what it sees in the cache-control perhaps? I know for sure I have not set anything beyond defaults for a simple web site.
EDIT
Checked the Cache-Control header value within the module and it is set private so the cache headers haven't been applied to the response yet. So it would appear the cache headers get added after modules are executed perhaps?
I was troubleshooting this same issue and ran into the same issue removing the pragma header. When .NET renders a Page object, it outputs the cache headers. The cache handling is controlled by an HttpModule. I've tried several ways to remove the pragma header, but to no avail.
One method I haven't tried yet that looks like it might work, but also looks like a PITA is to implement a filter on the Response output stream via Response.Filter = new MyCustomFilter(...).
Prior to this I tried checking the headers in various locations, but the output cache processing had not been executed yet and pragma header did not exist and so could not be removed. Notably the HttpApplication event PreSendRequestHeaders did not work.
Some other options include implementing your own OutputCache module instead of using the built-in framework version, or somehow overriding the System.Web.HttpCachePolicy class where the pragma header is rendered.
The pragma header is rendered as part of the HttpCacheability.NoCache option:
if (httpCacheability == HttpCacheability.NoCache || httpCacheability == HttpCacheability.Server)
{
if (HttpCachePolicy.s_headerPragmaNoCache == null)
HttpCachePolicy.s_headerPragmaNoCache = new HttpResponseHeader(4, "no-cache");
this._headerPragma = HttpCachePolicy.s_headerPragmaNoCache;
if (this._allowInHistory != 1)
{
if (HttpCachePolicy.s_headerExpiresMinus1 == null)
HttpCachePolicy.s_headerExpiresMinus1 = new HttpResponseHeader(18, "-1");
this._headerExpires = HttpCachePolicy.s_headerExpiresMinus1;
}
}
The only pragmatic option I've found is to set the cache-control to private and also set a short expiration for the URL. It doesn't address the root cause on either end, but it does end up with almost the same desired effect.

getting directly only the contents after the first nth character in vb.net

Is there any way we could get directly say the 1000 characters after the first 5000 characters, skipping everything before that after sending in an HTTP request to an HTTPS page using either GET or POST in VB.NET?
The reason why I ask this question is because in one of the webpage I am trying the get through my program, the website is sending response data in chunks with the first chunk containing some javascript garbage that I have no interest in, the only data I care is in the second chunk and
I have no idea how to get the second chunk after receiving the first one since it is within the same HTTP request
It would save some time and Internet traffic if I can skip the first chunk that I do not need.
Is that possible or I am just day dreaming?
Many thanks!
ADDED:
Here is how a typical header of the response I am getting from the webpage I am trying to get:
Date: Mon, 20 Jun 2011 13:21:56 GMT
Set-Cookie: JSESSIONID=1AF1AF9EF936E1CB2FA85B750EDC67C4; Path=****some path******; Secure
Content-Type: text/html; charset=ISO-8859-1
Transfer-Encoding: chunked
Set-Cookie: **********some cookie***************
path=/
Vary: Accept-Encoding, User-Agent
Not sure if that helps, but as you can see, the chunk size is not visible to me, there is no "Trailer" in the header as well.
Fun little problem. Look at RANGE in the following GET request.
GET /file.txt HTTP/1.1
Host: localhost
Range: bytes=5000-6000
Connection: Close
Edit: Found a HTTP example.
Here is an example in PHP. (Sorry I couldn't find any VB.NET examples).

Are Duplicate HTTP Response Headers acceptable?

I have not found any specification about whether duplicate HTTP response headers are allowed by the standard, but I need to know if this will cause compatibility issues.
Say I have a response header like this:
HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.4; JBoss-4.0.3SP1 (build: CVSTag=JBoss_4_0_3_SP1 date=200510231054)/Tomcat-5.5
Cache-Control: no-cache
Cache-Control: no-store
Location: http://localhost:9876/foo.bar
Content-Language: en-US
Content-Length: 0
Date: Mon, 06 Dec 2010 21:18:26 GMT
Notice that there are two Cache-Control headers with different values. Do browsers always treat them as if they are written like "Cache-Control: no-cache, no-store"?
Yes
HTTP RFC2616 available here says:
Multiple message-header fields with the same field-name MAY be present
in a message if and only if the entire field-value for that header
field is defined as a comma-separated list [i.e., #(values)]. It MUST
be possible to combine the multiple header fields into one
"field-name: field-value" pair, without changing the semantics of the
message, by appending each subsequent field-value to the first, each
separated by a comma. The order in which header fields with the same
field-name are received is therefore significant to the interpretation
of the combined field value, and thus a proxy MUST NOT change the
order of these field values when a message is forwarded
So, multiple headers with the same name is ok (www-authenticate is such a case) if the entire field-value is defined as a comma-separated list of values.
Cache-control is documented here: http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.9 like this:
Cache-Control = "Cache-Control" ":" 1#cache-directive
The #1cache-directive syntax defines a list of at least one cache-directive elements (see here for the formal definition of #values: Notational Conventions and Generic Grammar)
So, yes,
Cache-Control: no-cache, no-store
is equivalent to (order is important)
Cache-Control: no-cache
Cache-Control: no-store
Note that the HSTS RFC6797 contradicts the RFC2616 (violating the "if and only if" language) by defining the behavior for multiple instances of the STS header, though it is not populated with comma-separated values:
"If a UA receives more than one STS header field in an HTTP
response message over secure transport, then the UA MUST process
only the first such header field."