I just setup the example from https://github.com/simplabs/ember-cli-simple-auth-example using Cloud9 and I get a 400 Bad Request error when I try to login.
I'm pretty sure this is due to fact that Cloud9 only opens port 80 (as referenced in this note from http://log.simplabs.com/post/90339547725/using-ember-simple-auth-with-ember-cli:
As the OAuth 2.0 authenticator would by default use the same domain
and port to send the authentication requests to that the Ember.js is
loaded from you need to configure it to use http://localhost:3000
instead.
Unfortunately I don't know how I might work around this. Any ideas?
Add the host to the whitelist in the config:
window.ENV['simple-auth'] = {
crossOriginWhitelist: ['http://some.other.domain:1234']
}
More info in the Cross Origin Authorization section of the docs
Related
I have a tt-rss server I host behind a Trafik instance. The host is something like ttrss.example.com and I access it on the web like https://ttrss.example.com. It works just fine anywhere on the internet.
When I try to make a request like
AF
.request(
"\(url)/api",
method: .post,
parameters: ["user": user, "password": password],
encoding: JSONEncoding.default
)
.responseDecodable(of: SessionResponseModel.self) { response in
debugPrint("Response: \(response)")
}
I get an error like
2022-09-29 21:24:36.652181-0400 ttc[89065:7539083] Task <808A492A-D131-448F-ADFD-4EE7158251D9>.<2> finished with error [-1022] Error Domain=NSURLErrorDomain Code=-1022 "The resource could not be loaded because the App Transport Security policy requires the use of a secure connection." UserInfo={NSLocalizedDescription=The resource could not be loaded because the App Transport Security policy requires the use of a secure connection., NSErrorFailingURLStringKey=http://ttrss.example.com:8889/api/, NSErrorFailingURLKey=http://ttrss.example.com:8889/api/, _NSURLErrorRelatedURLSessionTaskErrorKey=(
"LocalDataTask <808A492A-D131-448F-ADFD-4EE7158251D9>.<2>"
), _NSURLErrorFailingURLSessionTaskErrorKey=LocalDataTask <808A492A-D131-448F-ADFD-4EE7158251D9>.<2>, NSUnderlyingError=0x600002b39e60 {Error Domain=kCFErrorDomainCFNetwork Code=-1022 "(null)"}}
As you can see somewhere along the line Alamofire modified my url. Incidentally 8889 is the port my tt-rss server is running at behind Traefik.
My question is: why is Alamofire not just using the url I provide and like... Further resolving the url, but only partially?
I don't think this is an issue with neither tt-rss nor Traefik because both of those things are working just fine on every other part of the internet. There could be some config I am missing in Trafik that Alamofire needs, but beyond that I am not sure what I am doing wrong here.
Edit: I no longer thing this is Alamofire doing this. I believe it's Swift or iOS that's resolving the URL improperly (according to me).
If you read the error, this is an App Transport Security error, meaning the system wasn't able to securely connect based on the default ATS rules. In your case it's because you're not using https at all. You either need to connect using https, or if you can't, enable insecure connections for that domain using the methods indicated in Apple's documentation.
I want to controll authentication with cookies. And In my browser working successfully.
But When I tried to test with postman, Postman doesn't add cookie to new request.
step - I login and response header like that:
But the response cookies tab like that:
And manage cookies window like that:
step - I send a request to unprotected router and I get unauthorized error.
This error started today. I don't remember making any changes to the settings.
Why Im getting this type error. How can I solve this?
I also had this problem, the fix is to remove the secure flag in the cookie when sending cookies from localhost as cookies set as secure can only be sent over HTTPS.
I had this issue when testing a local Laravel Sanctum request to /login.
I had the following .env values set
SESSION_DOMAIN=docker-api-service-name
SANCTUM_STATEFUL_DOMAINS=docker-api-service-name
However these needed to be set to localhost to match the domain of the APP_URL. After this, everything was working fine.
SESSION_DOMAIN=localhost
SANCTUM_STATEFUL_DOMAINS=localhost
Someone mentioned that setting the secure flag to false will solve it, and it will. The explanation however was not entirely correct.
Secure will indeed only work over secure connections (HTTPS). However, it will also work over HTTP if it's done in localhost: https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies#restrict_access_to_cookies
This question might be stupid, but I'm a beginner and I can't disable authentication on ngrok. I was having problems with CORS PUTs so, following this https://github.com/inconshreveable/ngrok/issues/196, I decided to use "disable_options_auth" but I can't seem to figure out how. I tried this on the configuration file:
tunnels:
demo:
proto: http
addr: 8080
inspect: false
auth: disable_options_auth
The linked GitHub issue mentions that ngrok didn't alter its config file auth parameter to accept a value of disable_options_auth:
... if this [accepting CORS preflight requests without auth while enforcing auth on all other requests] is the behavior you want, that you should implement the authentication yourself in your application.
If you just want to disable auth entirely that should make CORS preflight requests work, and you can do that by simply removing the auth parameter from your config altogether.
Currently we are using HAProxy for load-balancing, but we are thinking to use it for API data caching also along with Varnish. As far as I have investigate I have came across that we can validate a request for cache using HTTPBasicAuthentication
if (! req.http.Authorization ~ "Basic Zm9vOmJhcgo=")
{
error 401 "Restricted";
}
But my authentication is dynamic, I need to check my db whether this request is valid or not. SO this thing wont work for me. What I am looking is
In my Validate The Request I want to pass the request to my backend server and if it returns 200 I want to go forward and check the data in my cache otherwise return Unauthorised access. Let me know the way to implement this
You can authorise requests in Varnish. There are enough VMODs to implement that easily: cURL, Digest, Redis/Memcache/..., etc (see https://www.varnish-cache.org/vmods). That approach is the basic idea behind products like Varnish Paywall or the recently presented Varnish API Engine.
I am working through some samples in the ActiveMQ-Apollo installation and playing around with the examples/websocket.
In this file, Stomp.js is being used to establish connection:
client = Stomp.client(url);
The example works fine and I am able to see the messages being sent and received. The issue, is that Stomp uses default WebSocket which may not be available at times. So, I wanted to integrate with SockJS client library. According to the example for StompJS on this page (http://jmesnil.net/stomp-websocket/doc/) it should be possible with this code:
<script src="http://cdn.sockjs.org/sockjs-0.3.min.js"></script>
<script>
// use SockJS implementation instead of the browser's native implementation
var ws = new SockJS(url);
var client = Stomp.over(ws);
[...]
</script>
The above code appears to execute correctly, however, later I see the following errors:
XMLHttpRequest cannot load ws://mylocaldomain.com:61623/info. Cross origin requests are only supported for HTTP. sockjs-0.3.js:807
Uncaught Error: NetworkError: DOM Exception 19
Then, I see the debug window show this message:
Opening Web Socket...
Whoops! Lost connection to undefined
I am serving the page from mylocaldomain.com:80, and the ActiveMQ Apollo server is running on the same machine, but listening on port 61623. I have also grabbed the latest version of StompJS (from dist directory on github) as well as SockJS directly from cdn.sockjs.org.
I tried this example on latest Chrome and Firefox (on OSX) and the same thing occurs. No connection is established.
Again, going back to the standard example which ships with the Apollo works fine, but I would like to find out why StompJS over StockJS is failing.
Has anyone seen this issue?
Thanks.
-AP_
You need to modify the ActiveMQ-Apollo web configuration to support Cross-Origin-Resource-Sharing (CORS) as described here:
Enabling CORS
W3C CORS Specification
Basically the server needs to do the following things:
Support the HTTP OPTIONS request (aka CORS pre-flight request) that is sent by browsers for Cross Domain requests. This includes responding to the OPTIONS request with:
Access-Control-Allow-Origin header (for example: "*" which means allow all origins)
Access-Control-Request-Method header (for example: "GET, POST, PUT, DELETE, OPTIONS")
Access-Control-Allow-Headers (for example: "X-Requested-With,Origin,Content-Type, Accept")
The handling of HTTP OPTIONS can typically be done using a single Web Filter matching filter pattern "/*".
See also "cors_origin" WebSocket connector URL query parameter supported by ActiveMQ Apollo 1.7