crossdomain not allow in openfire for http request - openfire

I try to connect by jquery library to openfire chat server on domain:7070/http-bind
Openfire not allow me to connect and in result
"giving error Cross-Origin Request Blocked: The Same Origin Policy
disallows reading the remote resource at
http://192.168.10.125:7070/http-bind. (Reason: CORS request failed)."

Ankit, in your openfire admin console, check whether you have enabled CORS option.
In admin console, Go to Server Settings ---> Http Binding
Also attaching a snap for your reference.

Related

How to see CONNECT tunnel information when issuing requests from composer in Fiddler?

When I use intercept requests in Fiddler, I can inspect CONNECT tunnels. But when I try to issue request from Fiddler's composer, there is no CONNECT session. Is it possible to inspect CONNECTs when issuing requests from Composer?
CONNECT is a special protocol command that is only used in combination with a http proxy. If a proxy receives a CONNECT command from the client this means "please establish a connection to the endpoint included in the CONNECT command".
If you use Fiddler composer the request is sent directly to the server without using Fiddler as a proxy. Thus you won't see a CONNECT command. If you want to see a CONNECT request then you have to use an external tool that uses Fiddler as https proxy.

OpenAM plugin for Apache reverse-proxy fails after sometime

We have OpenAM plugin for Apache Http server.
Here Apache Http server works as reverse-proxy.
OpenAM plugin validates user requests for authentication and authorisation then forwards the requests to service.
This works fine for some days. But suddenly, OpenAM plugin fails to authenticate and authorise and requests directly goes to service.
Only fix is to restart the Apache HTTP server.
But this is not the correct fix. We would like to find the real route cause of this problem and fix. There is no logging reported from http server.
Thanks.
There is no logs reported. Totally clueless. It is happening once in two days or >so.
You should set the Agent level to message and check the debug.log (in agent root --> instances --> debu --> debug.log) and trace the requests in the agent log files that are not working. There may also be relevant information in the system logs in the agent root log folders.
But suddenly, OpenAM plugin fails to authenticate and authorise and requests
directly goes to service.
What HTTP status code is returned during this period? By default, if the Agent cannot communicate to AM for policy advice (unless it has preconfigured fallback not enforced URLs) will be to 403 each request. You'd really need to check your debug and apache access logs to look at these requests hitting the reverse proxy (or whether they hit them at all).

Azure app can't connect to external API - Https to Http

My Azure application needs to connect to an API that is deployed on a remote server. The Azure app uses https, while the API uses http. To avoid a mixed content issue, I changed my API address to https. But now I receive the following error:
Failed to load resource: net::ERR_SSL_PROTOCOL_ERROR
So in summary, using http for my API gives me a Mixed Content error, and using https for my API gives me an SSL-related error.
Does anyone have experience providing an SSL certificate to an API thats already been deployed? Any advice would be greatly appreciated. Thank you.

The HTTP request was forbidden with client authentication scheme 'Anonymous'. Hitting URL on IE and then calling through web service fixes it

I am trying to call a WCF web service from my .net application which is a web api. I get the error below:
The HTTP request was forbidden with client authentication scheme 'Anonymous'. ---> System.Net.WebException: The remote server returned an error: (403) Forbidden.
This error is seen until I open IE on the same server where my web api is hosted through IIS, and then I browse to the WCF service URL, it prompts me with the certificate name that I have for the WCF service in my trusted certificate store. Once I click OK on the certificate popup in IE, it goes successfully to the wsdl of the service. After that if I make a call from my webapi it proceeds successfully. But every day it fails until I do that. I know there is something wrong with my certificate setup, but I am not sure how to fix it. Any help is appreciated.

Two-legged authorization with apache http server

I have an api (running in a jetty instance) where I use two-legged oauth protocol to give access to the clients. I wrote a simple java client (using oauth-signpost) to connect to the api and the connection is successful.
I would like to put the api behind an apache http server. The apache http server is configured to forward request to api.
The following works:
(without oauth) Client ---> Apache HTTP Server --> Jetty
(with oauth) Client ---> Jetty
The following doesn't work:
(with oauth) Client ---> Apache HTTP Server ---> Jetty
I receive the following error message
"Invalid signature for signature method HMAC-SHA1"
Has any of you faced this issue? Is it possible to sign the request but without the hostname and port?
Thank you.
I had a similar problem. The problem I found was that the OAuth signature and the OAuth header block need to have the Jetty URL, not the Apache URL.
I had to modify my code to pass along two URLs. The URL I was sending the request to (Apache) and the URL of the resource on the final system (Jetty URL).