We are trying to access a local self-hosted WCF service from the browser.
The WCF service is located at http://localhost/myWcf.
The browser is running a website which is located at https://some.www.com.
We have enabled CORS and added CORS header to the hosted WCF. Access to the WCF service is done using jQuery’s $.ajax call. All browsers are working fine when not using SSL and we’re getting to the “success” callback.
When switching to SSL, IE is the only one that fails to make the request – “Access is denied”. We moved the website to the trusted sites section and basically allowed everything there and still no go. We’re using IE11/10 and we've tried previous versions through its emulator. None of them allows us to make that request.
We can address a picture that located in http from https like this:
<img src="http://asdasd">
but we try to use javascript it fails:
var img = new Image();
img.src="http://asdasd";
What are we missing? Is it really impossible to make a cross domain request from https to http in IE?
Check jsonp:
var script = document.createElement('script');
script.id = 'dynScript';
script.type='text/javascript';
script.src = 'http://localhost/myWcf';
document.getElementsByTagName('head')[0].appendChild(script);
JSONP is a great away to get around cross-domain scripting errors.
Related
I'm trying to deploy my web api behind nginx.
My web API is always start with http://<host>/api/<controllerName>
But I use Nginx reverse proxy to handling test and prod server request
The request to test server http://<host>/api/<controllerName>/<action> turn to http://<host>/test/api/<controllerName>/<action>
Everything is OK so far except I use RedirectToActionResult in some action. It still redirect to url to http://<host>/api/<controllerName>/<action> format. Is there any way I could adjust RedirectToActionResult to redirect with prefix like http://<host>/test/api/<controllerName>/<action>?
Or I have to modify the whole API server url with prefix path.
You can set ASPNETCORE_PATHBASE=/test in your Environment.
And in your Startup.cs, you can add below code.
var pathBase = Environment.GetEnvironmentVariable("ASPNETCORE_PATHBASE");
app.UsePathBase(new PathString(pathBase))
Related Post:
ASP.Net Core Reverse Proxy with different root
I have two cloud services up and running.
frontend (URL: https://frontend-abc-ez.a.run.app/)
backend (URL: http://backend-abc-ez.a.run.app/)
Frontend is calling the backend through a nuxt.js server middleware proxy to dodge the CORS problematics.
The call is coming through - I can see that in the backend log files. However the response is not really coming back through because of CORS. I see this error in the console:
Mixed Content: The page at 'https://frontend-abc-ez.a.run.app/' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://backend-abc-ez.a.run.app/login'. This request has been blocked; the content must be served over HTTPS.
What I find weird is that I configured the backend url with https but it is enforced as http - at least that is what the error is telling me. Also I see a /login path segment in the unsecure URL. Why is that? I never explicitly defined that endpoint. Is it the security layer proxy of the run service itself?
Anyway - I need to get through this properly and am having a hard time to understand the source of the problem.
For some reason as I rechecked the applications today in the morning everything went fine. I have really no idea why it is working now. I did not change a thing - I waited for the answers here before I'd continue.
Very weird. But the solution so far seems to be waiting. Maybe Cloud Run had some troubles.
I am writing a test JSP-Servlet page that calls an HTTP API. But when I run the call in Chrome browser it is converting the call to HTTPS and the call fails. The API is not mine and the developer of the API insists that the call has to be on HTTP.
So is there a way to allow this API call using HTTP and prevent Chrome from converting it to an HTTPS call?
Note: I checked the Web and all are saying to change the browser settings. But we will not be able to tell each and every user of our site to do so!
Add this Script on top of your JSP File!
<script>
if (location.protocol == "https:") {
location.protocol = "http:";
</script>
Note:
First, location.protocol checks Url
and the second location.protocol will change it to http.
This will redirect your Client. If he visits your website as https: it will redirect him as http:
I'm brand new to Express Gateway and I'm trying to set up a basic API Gateway to link up some micro services. When I try and proxy to a specific end point https://my-service.net/status (not the real URL), I get this error
[EG:policy] warn: unable to verify the first certificate
I can access the URL 'https://my-service.net/status' in the browser just fine.
When I switch out the serviceEndPoint URL it works fine (e.g. to https://httpbin.org), so it seems like there's something different with my URL in terms of the SSL/authentication config.
Any ideas? Many thanks.
My gateway.config.yml -->
So the SSL setup allows me to access the page from a browser (Chrome), but at the command line (e.g. through my Express Gateway which is served by NPM and running locally on port 8080) it fails.
Sorry for posting basic question but please give me your advise.
I have to write iOS application which communicates with web application deployed on Tomcat server.
The web application requires client-app to call the "logon" servlet with username and password to get JSESSIONID. Once client get JSESSIONID, the web application allows to invoke other servlets.
But I couldn't figure out how to manage the session to invoke these servlets.
Would you please introduce me the examples/tutorials to learn how to invoke these kind of servlets?
Thank you in advance.
Here's a decent example of making an http request from iOS:
iOS: How to make a secure HTTPS connection to pass credentials?
There's nothing magic about making the call to a j2ee tomcat server - it's just an HTTP request, so any way you can make an HTTP request will work for you.
Maybe this one too:
Can I make POST or GET requests from an iphone application?
edit: ahh, looks like this is the one you want:
http://developer.apple.com/library/mac/#documentation/Cocoa/Conceptual/URLLoadingSystem/Tasks/UsingNSURLConnection.html
The JSESSIONID is nothing special. If your application is set up to handle cookies coming back from your HTTP request then the JSESSIONID will come back as a cookie in the header. Otherwise you will be issued a redirect to a URL with the JSESSIONID in it. From there, if you handle cookies, the JSESSIONID will be passed automatically with each request with all of the other cookies. Otherwise you'll have to put it into the URL of each request manually.
Download the liveheaders plugin for Firefox and try hitting your servlet with the webbrowser and you can see how the JSESSIONID gets passed around. Next, turn off cookies in Firefox and you can see how it's passed around in the URL and you can see the redirect that Tomcat issues if you watch the headers in liveheaders.