"hostname doesn't match" when using requests in PythonAnywhere - ssl

EDIT: I fixed the problem, see links in the answer.
I'm using the XMLHttpRequest AJAX API to send data from different websites to our server in PythonAnywhere.
Something odd happens: depending on the website, either we send successfully or we get this error
POST https://canecto.pythonanywhere.com/api/ 500 (Internal Server Error)
even though the same code is loaded.
I tried to manually open the request and send data via JavaScript console in Chrome but nothing changes.
Here is how the snippet looks like:
var url = "https://canecto.pythonanywhere.com/api/";
var xmlHttpPost = new XMLHttpRequest();
xmlHttpPost.open("POST", url, true);
xmlHttpPost.setRequestHeader("Content-type", "application/json");
var postData = {
page_url: window.location.href,
time_on_page: activeTime,
cookie: cookie,
/* some variables */
};
xmlHttpPost.onreadystatechange = function() {
if (xmlHttpPost.readyState == 4 && XMLHttpRequest.DONE) {
console.log('');
}
};
/* send data */
xmlHttpPost.send(JSON.stringify(postData));
I read here that the problem should not be the client-side JavaScript.
If I inspect on the server side, for the line requests.get(page_url, headers=HEADER, timeout=10)(where I try to access the page) I get this log:
I read on the Python request library that it may be something related to the SSL verification, but I have very little clue about it. I tried to check other similar questions but I have not found the answer.
Has anybody experienced anything similar and successfully solved it?

To whom it still uses Python < 2.7.9: this answer worked for me. SNI is not supported in Python 2, that means you should follow such answer and these requirements to make requests work with SSL certificate verification.

Related

Cross-Origin Request Blocked error in HTTPS request

I have a standard HTTPS Axios request from my Frontend (which is based on Vue), to the our company's API which is on another server(server use SSL sertificate).
testApi() {
axios.get('https://rng-hub2.staging.rng:8001/rng/3/')
.then(function (response) {
// handle success
console.log(response);
})
.catch(function (error) {
// handle error
console.log(error);
})
.finally(function () {
// always executed
});
},
Which cause an error like this:
In Firefox:
In Chrome the error looks like this:
As I was thinking, in browsed developing tools under tab of Netwerk -> Response, I should also see an error, which is true for Chrome, but eventyally is not true for Firefox.
So Chrome shows me:
But in the Firefox I receive my data in exactly right format:
Have any idea how I can retrieve this data correctly and assign it to the response variable in .then section?
About Cross-Origin Request Blocked error: API's server administrator told me, that he have added my IP to the CORS "trusted list". However I'm not sure, because according to this post: https://jonhilton.net/cross-origin-request-blocked/
in my Response Header I should receive an additional header with my local IP like:
Access-Control-Allow-Origin: http://192.168.32.44
But I'm not.
This proxy staff also didn't work:
How to deal with CORS error on Vue CLI 3?
Please give me hint what am I doing wrong
Found the solution. The problem was deeper then I thought. So short answer is: If you are working in local network, with different API servers, they might be certified with inner corporate CA (Certificate authority) to be able to communicate via HTTPS protocol. So what you need is, to ask from your server administrator to give you private_key with which you gonna sign all the request to a specific API. In guzzle its looks like this:
new GuzzleClient(['verify' => '/path/to/self-signed/cert.pem']);

cPanel, Laravel TokenMismatchException with Cookies not being set

I recently moved my laravel application to a production server rather than just developing locally. However since doing so I have been unable to login to the site as I keep running into Illuminate \ Session \ TokenMismatchException.
I never had the issue on the local server, just when I ported it over the production server.
I have looked into the tokens and they never match at all. My code is as follows:
Route::filter('csrf', function()
{
// Check ajax requests for token validity via the header.
// app.js has the code to grab form tokens and put it in
// a header, well validate it here if its a post AJAX
if (Request::ajax() && Request::getMethod() == 'POST')
{
if (Session::getToken() != Request::header('X-CSRF-Token'))
{
throw new Illuminate\Session\TokenMismatchException;
}
} else {
if (Request::getMethod() == 'POST' && Session::token() != Input::get('_token'))
{
throw new Illuminate\Session\TokenMismatchException;
}
}
});
The error occurs when I am trying to compare Session::token() to Input::get('_token)
So my question is, is there something blatantly obvious that I am missing in regards to the difference between tokens on a local server to that of a production server?
Any help on this would be greatly appreciated!
~Additional Information~
From the other sources I've found there are similar issues where the session isn't persisting. I'm already on Laravel 4.1 so the lifetime and expire_on_close are already set to the default of 120 and false. I have also tried changing the session driver to file/database/cookie all with the same outcome.
~Another Update~
Ok, somewhere a bit closer, looking into browser resources, on my local server a cookie is set laravel_session, however on my web server this is not appearing at all. So think this is related it.
I couldn't solve this. In the end though I found that is was related to the use of cPanel, as soon as I used another hosting provider without cPanel the issue has never occured.

How to bypass the Sails body parser for multi-part form uploads

I am facing a problem on Sails.js (0.9.16) with POST requests sent from a JAVA client.
On the client side I built a POST request (with enctype : multipart/form-data) sending a text file.
On the server side, I created a controller with a method (action) getRequest which looks like :
getRequest: function (req, res, next) {
//var busboy = require('connect-busboy');
console.log('req: ', req);
return res.send(200);
}
But I have the following error on my sails.js console:
Error: 'Unable to parse HTTP body :: { [error: Expected CR Received 10] status: 400 }
So I saw on the Web that Express/Connect included with Sails.js was not appropriate to handle multipart data, has anybody already faced my problem and succeed to use an other middleware like busboy or formidable to handle these kind of request?
Thanks in advance.
Best
Loïc
I've been trying to solve this problem as well. Looks like skipper from the sails team is the way to go. https://github.com/balderdashy/skipper
The docs appear to be decent w/ examples for sails 0.10.0 & 0.9.x.
See this thread on GitHub https://github.com/balderdashy/sails/issues/1521 for more info and background.
Hope this helps. FYI - The google group for sails is active.
Graham

IIS 7 Serves GET request correctly to browser but throws timeout exception for API request

I am running a very simple Web application (Asp.Net MVC3) on Win 7 IIS.
I have a very simple HTTP GET API which returns hello world.
Calling:
http://localhost/helloworld
Returns:
Hello World!
This works perfectly over a browser.
But when I write an app which tries to pull this URL using a webclient, I get the following error:
{"Unable to read data from the transport connection: The connection was closed."}
My Code is as follows
WebClient web = new WebClient();
var response = web.DownloadString("http://localhost/helloworld");
My IIS Settings are as follows
What should I be looking at? I have been at this for hours and I have run out of options to try! Any help will be really appreciated!
Thanks.
I suspect it's because WebClient does not send some of the HTTP headers:
A WebClient instance does not send optional HTTP headers by default. If your request requires an optional header, you must add the header to the Headers collection. For example, to retain queries in the response, you must add a user-agent header. Also, servers may return 500 (Internal Server Error) if the user agent header is missing. http://msdn.microsoft.com/en-us/library/system.net.webclient(v=vs.80).aspx
Try using HttpWebRequest instead. http://msdn.microsoft.com/en-us/library/system.net.httpwebrequest.aspx
I finally figured out what the issue was and instead of it being an IIS specific issue - which I was leaning towards, it turned out to be an issue with the code that I wrote.
Adding details here incase someone else runs into a similar problem.
I had the following method in my code which I was using to send the response of the request as a JSON object.
private void sendJsonResult(string result) {
Response.StatusCode = 200;
Response.Headers.Add("Content-Type", "application/json; charset=utf-8");
Response.Flush();
Response.Write(result);
Response.End();
Response.Close(); // <-- This is the problem statement
}
On digging around a bit, I found out that we should not be doing a Response.Close().
A better explanation of this is here.
Once I removed that line, it started working perfectly - both in my consuming app as well as the web browser, etc.
If you will read the link above, you will clearly understand why we should not be using a Response.Close() - so I will not go into that description. Learnt a new thing today.

Blackberry User-Agent and https Redirect url

I tried to access a HTTPS connection by entering the value in browser, it seems to work fine and redirects me to expected page/output. But when I tried the same using the code, I am unable to get the result. I tried of setting the UserAgent as (Mozilla/5.0 (BlackBerry; U; BlackBerry 9800; en-GB) AppleWebKit/534.1+ (KHTML, like Gecko) Version/6.0.0.141 Mobile Safari/534.1+). But no luck. I am getting trusted connection alert, when i click continue i get response code 302.How can i implement secure connection certificate to disable trusted connection alert.
I am used to httpsconnection to open url it returns the response code 302.Again i checked with
if (rc == HttpConnection.HTTP_TEMP_REDIRECT
|| rc == HttpConnection.HTTP_MOVED_TEMP
|| rc == HttpConnection.HTTP_MOVED_PERM) {
String location = conn.getHeaderField("location").trim();
System.out.println("location========"+location);
try {
Url = location;
newhttpConn = (HttpConnection) Connector.open(Url, Connector.READ_WRITE);
newhttpConn.setRequestMethod(HttpConnection.POST);
newhttpConn.setRequestProperty("User-Agent",
System.getProperty("browser.useragent"));
} catch (Exception e) {
System.out.println( e.toString());
}
But no use i am getting same 302 from redirect url.
EDITED:
Also please give some ideas to get the functions equivalent to HTTPClient to be work in HTTPSConnection. How can i get those functionalities. If there is no possibility to use Httpclient in blackberry then how can i utilize Blackberry https connection equivalent to Httpcleint (or) to get the automatic redirect using HTTPS Connection?
When connector.open(url) excutes i am getting like this
SSL:->CH
SSL:<-SH
SSL:<-SC
SSL:<-SHD
TLS:->CKE
SSL:->CCS
TLS:->F
TLS:<-F
in output console then wrong response displayed.
I am getting trusted connection alert, when i click continue i get response code 302.
This is a fully expected behaviour.
302 means the requested resource is on some other URI. In other words server instructs you to execute a redirect. You should investigate connection headers and in the one named "Location" you will find a new URI to continue with. Close/finalize you current connection and start a new one for the just got redirect URI.
UPDATE:
Usually good servers respond with HTTP 302 after a successful POST. This is a known Post/Redirect/Get pattern to prevent users from posting the same data twise on browser page refresh (user may press F5 in a desktop browser). So if the page you are accessing via POST is designed for usual browsers, then this may just mean your POST was successful and you don't need to execute a redirecting request. At least, if you need the response for some result evaluation then don't redirect using a POST, this time use a GET.