FineUploader - "isBrowserPreviewCapable" variable not thrown out by Chrome 40, though it should - amazon-s3

I noticed that in the FineUploader server demos (s3demo-thumbnails-cors.php), there is an area that checks if the browser supports preview. It simply checks this post variable: $_POST["isBrowserPreviewCapable"]
The awkward thing here I'd like to ask is, I'm actually using Chrome 40, and I'm absolutely sure that preview is available for my browser. But in the "upload_success" ajax call sent out by FineUploader, it does NOT contain $_POST["isBrowserPreviewCapable"].
Here is a sample dump of my upload success AJAX call. I was wondering if I had missed some sort of configuration for this:
Remote Address:127.0.0.1:80
Request URL:http://localhost/development/code-base/ci/builds/xyz/en/file/api/notify_successful_upload
Request Method:POST
Status Code:200 OK
Request Headers
Accept:application/json
Accept-Encoding:gzip, deflate
Accept-Language:ja,en;q=0.8,en-US;q=0.6,zh;q=0.4,zh-TW;q=0.2,zh-CN;q=0.2,ko;q=0.2
Cache-Control:no-cache
Connection:keep-alive
Content-Length:614
Content-Type:application/x-www-form-urlencoded
Cookie:PHPSESSID=952ciound37e9dkaf5d1hmmc1; __atuvc=10%7C5; CKFinder_Path=Attachments%3A%2F%3A1; logged_in=9db847c22b2bef66cc06091e355a80e6aff83b7d377; abc_session=a%3A5%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%2244ef7cfb140643bdb09df62f0e9c3561%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A9%3A%22127.0.0.1%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A109%3A%22Mozilla%2F5.0+%28Windows+NT+6.1%3B+WOW64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F40.0.2214.115+Safari%2F537.36%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1424977019%3Bs%3A9%3A%22user_data%22%3Bs%3A0%3A%22%22%3B%7Ddc95cd1bb88507af0eb260abe18f380bbd80e1fd; user_locale=en
Host:localhost
Origin:http://localhost
Referer:http://localhost/development/code-base/ci/builds/xyz/en/file
User-Agent:Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.115 Safari/537.36
X-Requested-With:XMLHttpRequest
Form Data
key:clients/abclient/www/gallery/images/w100/_try_90b313b2-9cea-42f3-8332-e6d13071ded3.png
uuid:c9ed8346-43fb-4116-afe6-18867079524e
name:_try (w100).png
bucket:xyz-production
etag:"b2df53409d64b9e1cb9f1e590d2a4bf6"
file_uuid:c9ed8346-43fb-4116-afe6-18867079524e
file_family_uuid:90b313b2-9cea-42f3-8332-e6d13071ded3
file_storage:s3
file_module:gallery
file_type:images
file_variation:w100
file_name:_try_90b313b2-9cea-42f3-8332-e6d13071ded3.png
file_display_name:_try (w100).png
qqparentuuid:90b313b2-9cea-42f3-8332-e6d13071ded3
qqparentsize:44936
qquuid:c9ed8346-43fb-4116-afe6-18867079524e
Response Headers
Access-Control-Allow-Origin:http://localhost
Connection:Keep-Alive
Content-Length:539
Content-Type:text/html
Date:Thu, 26 Feb 2015 18:57:03 GMT
Keep-Alive:timeout=5, max=94
Server:Apache/2.4.9 (Win64) OpenSSL/1.0.1g PHP/5.5.12
Set-Cookie:user_locale=en; expires=Thu, 26-Feb-2015 20:57:03 GMT; Max-Age=7200; path=/
X-Powered-By:PHP/5.5.12
Any help would be greatly appreciated. Thanks!
Cheers,
Thomas

Fine Uploader does not send the POST variable you are speaking of. The S3 demo on http://fineuploader.com/demos includes a line of code that ensures the parameter is sent with the request.
For example, the following option is configured:
uploadSuccess: {
endpoint: "http://s3-demo.fineuploader.com/s3demo-thumbnails-cors.php?success",
params: {
isBrowserPreviewCapable: qq.supportedFeatures.imagePreviews
}
}

Related

HTTP Caching problem. Request works on and off

I'm facing a weird behaviour on chrome with http get requests that most likely has something to do with cache.
Basically, the same request returns 200 the first time, then if I send the same request again by entering again the URL bar it returns 404. THen again 200. Then 404.
The request looks something like this (by using the dev tools on chrome) I use ## to hide sensitive info
General:
Request URL: ###
Request Method: GET
Status Code: 200 OK
Remote Address: ##############
Referrer Policy: strict-origin-when-cross-origin
Response Headers:
Accept-Ranges: bytes
Cache-Control: max-age=0, no-cache
Content-Length: 75209
Content-Type: application/json
Date: Fri, 10 Sep 2021 10:29:22 GMT
ETag: W/"IDGfBPV6nmAIDGefDH3A0M"
Last-Modified: Wed, 08 Sep 2021 08:36:01 GMT
Server: Jetty(9.4.z-SNAPSHOT)
Request headers
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en,it-IT;q=0.9,it;q=0.8,en-US;q=0.7
Connection: keep-alive
Cookie: ##################
Host: #########
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
If i now press enter in the URL bar issuing the request again i get the following response:
General
Request URL: ####
Request Method: GET
Status Code: 404 Not Found
Remote Address: ######
Referrer Policy: strict-origin-when-cross-origin
Response Headers
Cache-Control: must-revalidate,no-cache,no-store
Content-Length: 347
Content-Type: text/html;charset=iso-8859-1
Date: Fri, 10 Sep 2021 10:29:05 GMT
ETag: W/"IDGfBPV6nmAIDGefDH3A0M"
Server: Jetty(9.4.z-SNAPSHOT)
Request Headers
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en,it-IT;q=0.9,it;q=0.8,en-US;q=0.7
Cache-Control: max-age=0
Connection: keep-alive
Cookie: #################
Host: ####
If-Modified-Since: Wed, 08 Sep 2021 08:36:01 GMT
If-None-Match: W/"IDGfBPV6nmAIDGefDH3A0M"
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
And so on, 200, 404, 200, 404 ...
Differences I noticed are in the Cache-Control header of the response and the new If-Modified-Since and If-None-Match request headers.
The backend server is a proprietary server and between the client there is an Apache Proxy Server.
I know that to get the solution I should provide more data (maybe the httpd configuration) but I'm more like trying to understand what the issue is rather than asking for a magic solution.
I searched on google "Get request works on and off" and all sort of wording variations but had no luck.
If anyone could help me out at least understanding the problem
Thanks
Davide
UPDATE
As Kevin suggested in the comment, shutting down the apache proxy did not change this on/off behaviour. Has to be something within the origin server

Websocket Not working with Some ISP's

Not sure why I am getting this issue, But My Websocket Connection works on specific ISP while fails on others. I know it sounds absurd but it is happening. My websocket connection works on Two ISP while fails on one. I am using Wildfly Application Server serving the WS Connection and Apache WebServer for proxy forwarding.
Here is the detail of my Request/Response,
General
Request URL:ws://example.com/chat/3
Request Method:GET
Status Code:101 Switching Protocols
Response Headers
Connection:Upgrade
Content-Length:0
Date:Fri, 13 May 2016 13:09:11 GMT
Origin:http://example.com
Sec-WebSocket-Accept:pPjTLv5Dz+/vyjY/SkeMihaXDd0=
Sec-WebSocket-Location:ws://example.com/chat/3
Server:WildFly/9
Upgrade:WebSocket
X-Powered-By:Undertow/1
Request Headers
Accept-Encoding:gzip, deflate, sdch
Accept-Language:en-US,en;q=0.8
Cache-Control:no-cache
Connection:Upgrade
Cookie:mp_c4f10660603c33a8e9307b70e6767539_mixpanel=%7B%22distinct_id%22%3A%20%2215210855b11180-0ffdda567-1821170c-d37aa-15210855b123f2%22%2C%22%24initial_referrer%22%3A%20%22%24direct%22%2C%22%24initial_referring_domain%22%3A%20%22%24direct%22%7D; mf_user=a60cd2cdcfc41836645d949f71ee3127; intercom-id=d1af89ac-9d55-4fef-8a17-3848d8ef0fce; wooTracker=VQf16pMBx4Pu; _ga=GA1.2.544774749.1447732319; JSESSIONID=z4a1hBpQJQz4YCsLivHRRFf8b0dzYzBsT_4PLadB.ip-172-30-0-20; mf_154095de-56ef-4099-9976-f9a298cf0677=8438220eda64d856436d798ca0b9188a|05132367e34aabbf7bcce5b1e8811235b0bd15d4|1463144963483||19|
Host:example.com
Origin:http://example.com
Pragma:no-cache
Sec-WebSocket-Extensions:permessage-deflate; client_max_window_bits
Sec-WebSocket-Key:94OH1SxHvszgJO6Rg31WGA==
Sec-WebSocket-Version:13
Upgrade:websocket
User-Agent:Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.116 Safari/537.36
However, When I tried testing some of the Demo Sites like http://websocket.org/echo.html they are working as expected.
The only difference I found between those connections was header on response from the server Upgrade:websocket whereas my server is returning Upgrade:WebSocket as part of the response. However, I believe that the header are case insensitive and it shouldn't be the issue.
Also, Is it possible to rewrite the Header value for the Response using apache header mod?

recreate this web request in vb net

i?m trying to make automatic image set in pinterest account with WebClient.
I'd like to recreate this http request:
(Request-Line) POST /upload-image/?img=Desert.jpg HTTP/1.1
Host www.pinterest.com
User-Agent Mozilla/5.0 (Windows NT 6.1; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0
Accept text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8
Accept-Language it-IT,it;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding gzip, deflate
X-Requested-With XMLHttpRequest
X-File-Name Desert.jpg
Cache-Control no-cache
X-CSRFToken RqwJCawJyAGYIZfzob51qxrEGj4GJcSA
Referer https://www.pinterest.com
Content-Length 846128
Content-Type multipart/form-data; boundary=---------------------------5431268530037
Cookie _pinterest_cm=TWc9PSY1YlkwcmtVRGlNRzRQZXpiZXJseVl6TnFHYnEvZlhpNDZPcExCQnhKN3UvdUUveWI0c3p4bWJKUmhoZy9YRG9sS3dNZTZFSFNhN2V3VWhJM1JkbUlxbC92VjhHUGFldlRTVVJTNlA1L1M0SDE5QXhLcHVWS2ZrSUh3NTN2ODA0WSZ5dnpJQkVRUmx5TVJGTEdmQm5EVmRGQXNqbDQ9; csrftoken=RqwJCawJyAGYIZfzob51qxrEGj4GJcSA; _pinterest_sess="TWc9PSYvRm93OFNxbGkxWTJ5bzVoZUFudHJVVDI4bndmL2I5SFVIQjZkVk1KWFJ3WDBmNndOWFR0QnBPazltZFRmcnJpcGU5akhQZS8vcEZWTzM5ODJWNVdKS2syekwwc1p1TVVNeEt3Z3NYa1lsMVFXcFpXYUdkRlE1RElQYTBYeXhyQkFkYVFmSHZnVkRyYWhYcURDYzhhWEpuR2dvekE1SlB6cXp4akNNdzJ6QysrR2MzRGNyRXJKczRuRHZDTm1uQkdLMUJrUnF6UjdZakhDUGNVRnQ4T1ZoQUFIQWJSU1VNUHNjUHV5VjlZbk1INU1FMFNhdGJiVFZRdUNDWFNlMGJvcDBFeXk4a3cxT25ROHpSOXFzcTZ6NFBHekFjNkFNQUtnaktQNGQ1VkhnNDdlSXNQTGhmTzhDWm5UaDNoZzdqbEFHQWQ1RjJXWVo5bjNXVkVUWnVUWXNiL1JLTFdqNDBvMWllT0VyRDRNN1lXN0diQmlWRjdGdWF5UGUzYkNLYlMvamJUSVFwcFZoVVVUL2ROVkFIQUNYODQxR3R5eDFrQ0VpTGhmaGZ1Y2VOdGt6aUdLQmtCTkRYdkpkVGhmLzMvMnVOWHAwQVdZWEs2alE4eTUwd3E1SlJPRWFDc3VKTXByb2tISm8rcldRQT0mejAwN0hvdlRhbU8zYmNJT0lsSm9PSldheGpJPQ=="; sessionFunnelEventLogged=1; __utma=229774877.448600758.1436737610.1436739423.1436745191.3; __utmz=229774877.1436737610.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); c_dpr=1; __utmc=229774877; _b="ARLbRMvYKUdKiaBWDA2Oxko87z7iIN4MuGnJALvZK8vehgzT11AKeoa13PH4l9VjVMU="; _pinterest_pfob=disabled; __utmb=229774877.3.9.1436745219732; __utmt=1
Connection keep-alive
Pragma no-cache
I have try this code, but i can't obtain Content-Length and Content-Type.
Dim wc As New WebClient
wc.UseDefaultCredentials = True
wc.Credentials = New NetworkCredential("pippomio#yahoo.com", "88Y71nR3764")
wc.Headers.Add("Host", "www.pinterest.com")
wc.Headers.Add("User-Agent", "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.56 Safari/536.5")
wc.Headers.Add("Accept", "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8")
wc.Headers.Add("Accept-Language", "it-IT,it;q=0.8,en-US;q=0.5,en;q=0.3")
wc.Headers.Add("Accept-Encoding", "gzip, deflate")
wc.Headers.Add("X-Requested-With", "XMLHttpRequest")
wc.Headers.Add("X-Requested-With", "XMLHttpRequest")
wc.Headers.Add("X-File-Name", "Hydrangeas.jpg")
wc.Headers.Add("Cache-Control", "no-cache")
wc.Headers.Add("X-CSRFToken", token)
wc.Headers.Add("Referer", "https://www.pinterest.com")
wc.Headers.Add("Connection", "keep-alive")
wc.Headers.Add("Pragma", "no - cache")
Dim Response As Byte() = wc.UploadFile("https://www.pinterest.com/upload-image/?img=Hydrangeas.jpg", "POST", "Hydrangeas.jpg")
In wich way can I do this request in vb net?
Thanks
First, I recommend you to check this and this tutorial to learn how to send/receive HTTP requests on correct way.
Second, you should not re-do any web browser actions in your program since it is usually not a good practice as the frontend architecture should be subject an unexpected change any time. Instead of this, you should check Pinterest API, especially the Users API which can help you to achieve your plans. Usually API interfaces are not a subject of random changes, they are more reliable than replaying front-end operations and more stable, has more capabilities to the load.
(Pinterest API seems working only from Firefox, if you get an empty area at right side with a big "None" text, then browse the link from Firefox - it seems can handle the page)

Implementing logging out with Windows Authentication as it's done in SharePoint: without closing the browser

I'm developing a SOA-oriented Intranet application using WCF. I have to implement User Authentication with Windows Authentication.
When we use Windows Authentication there is no possibility to really sign out without closing the browser. Only when you close the browser and open it again you get the browser prompt to enter user credentials. In my application I need user to be able to sign out without closing the browser.
Nevertheless, it seems like there is some trick to change that behavior and if not really sign out than imitate it at least. It's implemented in SharePoint.
There are two options: "Sign Out" and "Sign in as a different user". "Sign Out" doesn't really sign out: it shows the prompt to close the browser. If you don't and just re-enter the address of your application than it's logged in as if nothing happened.
However, "Sign in as a different user" DOES "log out" somehow. That is, after you pressed this button, you get browser prompts to enter your credentials when you try to access your application (WITHOUT closing browser).
In all internet discussions it's clearly said (e.g. here) that it's NOT possible to log out using Windows Authentication. It seems like it's imitated in SharePoint by means of cookies. But I haven't succeeded in reverse engineering of this approach. Could you, please, suggest to me the way I can reproduce the SharePoint behavior in my services.
I'm attaching the SharePoint request/response headers (from Chrome), maybe it can help you come out with some ideas (sorry for the large amount of text; and read ptth as http). Thanks!
1) Logged In User accessing any page:
Request URL:ptth://tfs.somecompany.ru/sites/DefaultCollection/SomeProject/Dashboards/ProjectDashboard_wss.aspx
Request Method:GET
Status Code:200 OK
Request Headers
Accept:text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Encoding:gzip,deflate,sdch
Accept-Language:ru-RU,ru;q=0.8,en-US;q=0.6,en;q=0.4
Cache-Control:max-age=0
Connection:keep-alive
Cookie:TSWA-Session-Vars=TFS-701396601=1055156467&TFS-1638157380=1950326154; WSS_KeepSessionAuthenticated={46ec4974-b52c-4cc7-b157-84059d748740}
Host:tfs.somecompany.ru
If-Modified-Since:Wed, 26 Mar 2014 11:11:26 GMT
User-Agent:Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.154 Safari/537.36
Response Headers
Cache-Control:private, max-age=0
Content-Encoding:gzip
Content-Length:44579
Content-Type:text/html; charset=utf-8
Date:Wed, 26 Mar 2014 11:11:51 GMT
Expires:Tue, 11 Mar 2014 11:11:51 GMT
Last-Modified:Wed, 26 Mar 2014 11:11:51 GMT
MicrosoftSharePointTeamServices:14.0.0.6029
Server:Microsoft-IIS/7.5
Set-Cookie:WSS_KeepSessionAuthenticated={46ec4974-b52c-4cc7-b157-84059d748740}; path=/
Set-Cookie:WSS_KeepSessionAuthenticated={46ec4974-b52c-4cc7-b157-84059d748740}; path=/
Set-Cookie:TSWA-Session-Vars=TFS-701396601=1055156467&TFS-1638157380=1950326154; path=/; HttpOnly
Set-Cookie:WSS_KeepSessionAuthenticated={46ec4974-b52c-4cc7-b157-84059d748740}; path=/
SPRequestGuid:db76867e-a1ff-4223-80e6-4502141c064a
Vary:Accept-Encoding
X-AspNet-Version:2.0.50727
X-Powered-By:ASP.NET
X-SharePointHealthScore:3
2) Logged In User pressed "Sign Out":
Request URL:ptth://tfs.somewebsite.ru/sites/DefaultCollection/SomeProject/_layouts/SignOut.aspx
Request Method:GET
Status Code:200 OK
Request Headers
Accept:text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Encoding:gzip,deflate,sdch
Accept-Language:ru-RU,ru;q=0.8,en-US;q=0.6,en;q=0.4
Authorization:NTLM TlRMTVNTUAADAAAAGAAYAHwAAABUAVQBlAAAAAAAAABYAAAAEAAQAFgAAAAUABQAaAAAAAAAAADoAQAABYKIogYDgCUAAAAPL374PDZPX/Ete2OZtlmRrXYAcgBvAGQAawBpAG4AYQBCAEEAUgBCAEEAUgBBAC0AUABDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGR7rq4bit1H6OVC92tC/skBAQAAAAAAAE2zoPTkSM8Bp+dONwKxjtkAAAAAAgAeAFcASQBOAC0AOQBEAEMAUwBLAEUARgBHAEQAVABFAAEAHgBXAEkATgAtADkARABDAFMASwBFAEYARwBEAFQARQAEAB4AVwBJAE4ALQA5AEQAQwBTAEsARQBGAEcARABUAEUAAwAeAFcASQBOAC0AOQBEAEMAUwBLAEUARgBHAEQAVABFAAcACABNs6D05EjPAQYABAACAAAACAAwADAAAAAAAAAAAQAAAAAgAAAKREwkIhbBrQIu6920WSfsswbog8za6HpVEzgQnD0JbgoAEAAAAAAAAAAAAAAAAAAAAAAACQA0AEgAVABUAFAALwB0AGYAcwAuAGMAcgBvAHMAcwBpAG4AZgBvAHIAbQAuAHIAdQA6ADgAMAAAAAAAAAAAAAAAAAA=
Connection:keep-alive
Cookie:RSExecutionSession%3a%2fTfsReports%2fDefaultCollection%2fSomeProject%2fDashboards%2fBurndown=5po1uhfmxxnmnh45wshyam45; RSExecutionSession%3a%2fTfsReports%2fDefaultCollection%2fSomeProject%2fDashboards%2fBurn+Rate=wpajy3yqku1obhrhpuowv555; WSS_KeepSessionAuthenticated={46ec4974-b52c-4cc7-b157-84059d748740}; TSWA-Session-Vars=TFS-701396601=1055156467&TFS-1638157380=1950326154
Host:tfs.somewebsite.ru
Referer:ptth://tfs.somewebsite.ru/sites/DefaultCollection/SomeProject/Dashboards/ProjectDashboard_wss.aspx
User-Agent:Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.154 Safari/537.36
Response Headers
Cache-Control:private
Content-Encoding:gzip
Content-Length:3455
Content-Type:text/html; charset=utf-8
Date:Wed, 26 Mar 2014 11:17:21 GMT
MicrosoftSharePointTeamServices:14.0.0.6029
Persistent-Auth:true
Server:Microsoft-IIS/7.5
Set-Cookie:WSS_KeepSessionAuthenticated=; path=/
SPRequestGuid:bffcf018-5667-4682-8a16-f3851cd2be98
Vary:Accept-Encoding
X-AspNet-Version:2.0.50727
X-Powered-By:ASP.NET
X-SharePointHealthScore:3
3) After pressing "Sign out" enter: ptth://tfs.somewebsite.ru/sites/DefaultCollection/SomeProject/Dashboards/ProjectDashboard_wss.aspx
(access is granted)
Request URL:ptth://tfs.somewebsite.ru/sites/DefaultCollection/SomeProject/Dashboards/ProjectDashboard_wss.aspx
Request Method:GET
Status Code:200 OK
Request Headers
Accept:text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Encoding:gzip,deflate,sdch
Accept-Language:ru-RU,ru;q=0.8,en-US;q=0.6,en;q=0.4
Connection:keep-alive
Cookie:RSExecutionSession%3a%2fTfsReports%2fDefaultCollection%2fSomeProject%2fDashboards%2fBurndown=5po1uhfmxxnmnh45wshyam45; RSExecutionSession%3a%2fTfsReports%2fDefaultCollection%2fSomeProject%2fDashboards%2fBurn+Rate=wpajy3yqku1obhrhpuowv555; TSWA-Session-Vars=TFS-701396601=1055156467&TFS-1638157380=1950326154; WSS_KeepSessionAuthenticated=
Host:tfs.somewebsite.ru
User-Agent:Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.154 Safari/537.36
Response Headers
Cache-Control:private, max-age=0
Content-Encoding:gzip
Content-Length:47367
Content-Type:text/html; charset=utf-8
Date:Wed, 26 Mar 2014 11:20:48 GMT
Expires:Tue, 11 Mar 2014 11:20:48 GMT
Last-Modified:Wed, 26 Mar 2014 11:20:48 GMT
MicrosoftSharePointTeamServices:14.0.0.6029
Server:Microsoft-IIS/7.5
Set-Cookie:WSS_KeepSessionAuthenticated={46ec4974-b52c-4cc7-b157-84059d748740}; path=/
Set-Cookie:WSS_KeepSessionAuthenticated={46ec4974-b52c-4cc7-b157-84059d748740}; path=/
Set-Cookie:TSWA-Session-Vars=TFS-701396601=1055156467&TFS-1638157380=1950326154; path=/; HttpOnly
Set-Cookie:WSS_KeepSessionAuthenticated={46ec4974-b52c-4cc7-b157-84059d748740}; path=/
SPRequestGuid:ad83778b-7689-4f7e-b789-9d005e5e9c6a
Vary:Accept-Encoding
X-AspNet-Version:2.0.50727
X-Powered-By:ASP.NET
X-SharePointHealthScore:3
4) Logged In User pressed "Sign in as Different User":
("logging out" happens - browser shows me the prompt to enter credentials)
Request URL:ptth://tfs.somewebsite.ru/sites/DefaultCollection/SomeProject/_layouts/closeConnection.aspx?loginasanotheruser=true&Source=http%3A%2F%2Ftfs%2Esomewebsite%2Eru%2Fsites%2FDefaultCollection%2FSomeProject%2FDashboards%2FProjectDashboard%5Fwss%2Easpx
Request Method:GET
Status Code:200 OK
Request Headers
Accept:text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Encoding:gzip,deflate,sdch
Accept-Language:ru-RU,ru;q=0.8,en-US;q=0.6,en;q=0.4
Connection:keep-alive
Cookie:RSExecutionSession%3a%2fTfsReports%2fDefaultCollection%2fSomeProject%2fDashboards%2fBurndown=5po1uhfmxxnmnh45wshyam45; RSExecutionSession%3a%2fTfsReports%2fDefaultCollection%2fSomeProject%2fDashboards%2fBurn+Rate=wpajy3yqku1obhrhpuowv555; loginAsDifferentAttemptCount=; previousLoggedInAs=; WSS_KeepSessionAuthenticated={46ec4974-b52c-4cc7-b157-84059d748740}; TSWA-Session-Vars=TFS-701396601=1055156467&TFS-1638157380=1950326154
Host:tfs.somewebsite.ru
Referer:ptth://tfs.somewebsite.ru/sites/DefaultCollection/SomeProject/Dashboards/ProjectDashboard_wss.aspx
User-Agent:Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.154 Safari/537.36
Query String Parametersview sourceview URL encoded
loginasanotheruser:true
Source:ptth://tfs.somewebsite.ru/sites/DefaultCollection/SomeProject/Dashboards/ProjectDashboard_wss.aspx
Response Headers
Cache-Control:private
Content-Encoding:gzip
Content-Length:683
Content-Type:text/html; charset=utf-8
Date:Wed, 26 Mar 2014 11:29:27 GMT
MicrosoftSharePointTeamServices:14.0.0.6029
Server:Microsoft-IIS/7.5
Set-Cookie:WSS_KeepSessionAuthenticated={46ec4974-b52c-4cc7-b157-84059d748740}; path=/
SPRequestGuid:01cc0f78-c5af-48b0-a54a-ba214ccf3c0c
Vary:Accept-Encoding
X-AspNet-Version:2.0.50727
X-Powered-By:ASP.NET
X-SharePointHealthScore:3
5) After pressing "Sign in as Different User" enter: ptth://tfs.somewebsite.ru/sites/DefaultCollection/SomeProject/Dashboards/ProjectDashboard_wss.aspx
(access is denied - browser shows me the prompt to enter credentials again and after I press cancel I get the response)
Request URL:ptth://tfs.somewebsite.ru/sites/DefaultCollection/SomeProject/Dashboards/ProjectDashboard_wss.aspx
Request Method:GET
Status Code:401 Unauthorized
Request Headers
Accept:text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Encoding:gzip,deflate,sdch
Accept-Language:ru-RU,ru;q=0.8,en-US;q=0.6,en;q=0.4
Cache-Control:max-age=0
Connection:keep-alive
Cookie:loginAsDifferentAttemptCount=0; RSExecutionSession%3a%2fTfsReports%2fDefaultCollection%2fSomeProject%2fDashboards%2fBurndown=5po1uhfmxxnmnh45wshyam45; RSExecutionSession%3a%2fTfsReports%2fDefaultCollection%2fSomeProject%2fDashboards%2fBurn+Rate=wpajy3yqku1obhrhpuowv555; TSWA-Session-Vars=TFS-701396601=1055156467&TFS-1638157380=1950326154; WSS_KeepSessionAuthenticated={46ec4974-b52c-4cc7-b157-84059d748740}; previousLoggedInAs=WIN-9DCSKEFGDTE+AFw-MyUserName; loginAsDifferentAttemptCount=1
Host:tfs.somewebsite.ru
User-Agent:Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.154 Safari/537.36
Response Headers
Content-Length:0
Date:Wed, 26 Mar 2014 11:33:15 GMT
MicrosoftSharePointTeamServices:14.0.0.6029
Server:Microsoft-IIS/7.5
SPRequestGuid:0d9863b0-9243-4762-bdb3-1ea49bec57e7
WWW-Authenticate:NTLM
X-Powered-By:ASP.NET
Update 27.03.14
Found a way to imitate this behavior in Chrome and Opera without Cookies or anything. I just implement LogOut service operation like this:
public void LogOff()
{
WebOperationContext.Current.OutgoingResponse.StatusCode = HttpStatusCode.Unauthorized;
WebOperationContext.Current.OutgoingResponse.Headers.Add("WWW-Authenticate", "NTLM");
}
Check this link. Still have problems in Firefox though (doesn't prompt for authentication at all, always returns 401) and IE (doesn't log off, just refreshes the page, that's it).

Safari complains: Origin file:// is not allowed by Access-Control-Allow-Origin

My JavaScript Ajax program works fine with FireFox.
It even works OK on iPad!
But when I run it on Safari on Windows 7 - I get the above error.
I am attaching the HttpRequest header and respond.
First the FF data- see below -
I think - not sure - that it shows that the site I am accessing is not blocking me.
Next is the Safari data- see below -
I think that the problem is that Safari adds to the request header a
Origin:file://
I am not sure that this is the problem and I did not find a way to force Safari not to add it.
Thanks for your help
Ori
Here is the FF Data
Response Headers
Date Thu, 04 Aug 2011 19:08:58 GMT
Server Apache/2.2.3 (Linux/SUSE)
Keep-Alive timeout=15, max=100
Connection Keep-Alive
Transfer-Encoding chunked
Content-Type text/html
Request Headers
Host www.arabdictionary.huji.ac.il
User-Agent Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.18) Gecko/20110614 BTRS35926 Firefox/3.6.18
Accept text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8
Accept-Language en-us,en;q=0.5
Accept-Encoding gzip,deflate
Accept-Charset ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive 115
Connection keep-alive
Content-Type application/x-www-form-urlencoded; charset=UTF-8
Content-Length 50
Pragma no-cache
Cache-Control no-cache
Safari data
Request URL:http://www.arabdictionary.huji.ac.il/cgi-bin/arabic_results.pl
Request Headers
Content-Type:application/x-www-form-urlencoded
DNT:1
Origin:file:// <<<<<<<<<<<<<<<<< I think that this is my problem <<<<<<<<<<<<<
User-Agent:Mozilla/5.0 (iPad; U; CPU OS 4_3_3 like Mac OS X; en-us) AppleWebKit/533.17.9 (KHTML, like Gecko) Version/5.0.2 Mobile/8J2 Safari/6533.18.5
Form Data
String:%d4%d4
searchType:byElement
act:dosearch
<<<<<<<<<<< No more data - no Response >>>>>>>>>>>>>>>>>>>>>