HTTPS is required for GCM on iOS? - google-cloud-messaging

I am trying to create an app with Cordova which receives push notifications from my server. Can anyone tell me that I need a https:// connection for the APNS to work or it should work with http:// as well?

All FCM/GCM endpoints are https, the same endpoints are used whether you are sending to Android, iOS or web so you should always use https when sending messages through FCM/GCM.

Based from this documentation, the sample POST request should be https://gcm-http.googleapis.com/gcm/send.
A message request is made of 2 parts: HTTP header and HTTP body.
The HTTP header must contain the following headers:
Authorization: key=YOUR_API_KEY
Content-Type: application/json for JSON; application/x-www-form-urlencoded;charset=UTF-8 for plain text. If
Content-Type is omitted, the format is assumed to be plain text.
The HTTP body content depends on whether you're using JSON or plain
text.
You can follow this tutorial.

Related

Vue--How do I make the <a> tag carry the request header?

How do I make the tag carry the request header? I use the <a> tag to download. And I need to carry a token in the request header.
When you use a tag to download files or link to any document, in general, it is not possible to manipulate extra headers! Browsers will send the typical headers. To solve this problem, following are the alternative solutions.
Your token must be query parameter in the URL so that back-end server can read it.
Or you can use cookies to save the token and browser will ensure that cookies are sent for your request automatically. (For security, ensure that you cookie is HTTP only and rejects CORS requests)
Alternately, if you are not really after downloading the file or simply trying to show on browser, then you can use XHR or fetch where you are free to manipulate headers.

To detect page request and API/XHR call from backend

Have a single entry service which is acting like a facade/proxy service for downstream services. The service will need able to detect if the request is a "page request" or "api/xhr" request to perform error handling (302 redirection or 401).
So far have considered:
To use Accept header and detect text/html follow the following reference, can't tell if this is a good indicator to detect a page request
To introduce a custom header for all "api/xhr" request
To enforce all the "api/xhr" requests to follow a "/api" pattern (troublesome as for certain application the xhr is not a restful api)
Any good suggestions are welcome
Ended up using Option 1
Detect page request using Accept header with value "text/html"
As we do not use ajax for partial view
Usually the non-standard HTTP header X-Requested-With is used. Just the presence of the header should be enough. It has at least one advantage over Accept: It cannot be set on a cross-site request, which helps preventing CSRF.

How to modify the response header based on the content of response body in IBM http server?

I have a scenario in which the IHS server is used as a reverse proxy. Any request from the browser reaches the webserver (ie IHS) and IHS redirects the request to the corresponding URL. Similarly the response will return back to IHS and then to the browser. Now I need to include the user ID in the response header. This user ID which I need to include in the header needs to be obtained from the body of the response.
Please help if this is possible as I am new to IHS.
You can't do this in an Apache-based proxy server. Headers are sent before the body, and the body is not buffered and scanned for content in any standard Apache module.
If you need to set a response header to the logged in user, do it in your application.

How to add HTTP header to URL

I'm working with an API which provides a HTTP header called token with value 12abc3 and my url is https://example.com/view/quote. Is there a way by which I can add the header as a parameter in the url so that I can type it directly on my browser's address bar instead of using cURL orHurl.it??
The only way I can imagine being able to do this would be to write a small HTTP proxy that takes a specially formatted URL and extracts header values out of the URL and re-issues the request for you. I'm not aware of any service to do this automatically for you.
I think it's too late to reply but for those who still finding the solution
you can send your token through url like this
https://yoururl?Authorization=Bearer yourtokenhere

How to ignore invalid requests - Apache

Is there any way to configure Apache to programatically examine a request and cancel the response if the request is invalid. I mean, my intention is to skip responding and just disconnect the client. I'm currently developing a fault-tolerance server fronted by Apache which needs to (stakeholder requirement) ignore answering requests which aren't authorize (I can't even send 401). If I can't use Apache, is there any other way to do it?
Continuation of above comments ...
I dont know how much control you have in JBoss over headers and output sent to the browser, but you can mimic an closed/aborted request like this. From within an application.
Send these Headers, flush and stop all output:
HTTP/1.0 204 No Content
Content-Length: 0
Content-Type: text/html
For example, this is the recommended method the Amazon API suggests as a response to any call that does not want a response.