Fetch request to localhost with basic auth - javascript

Is it possible for a webpage, like https://example.com perform an http request to localhost?
This is an uncommon situation. Let me explain:
My visitors have a local server running. They can access their server in a request to http://localhost:12039/wallet, which returns a json.
When the visitor opens my page (at example.com) could the JS in that page perform a request to their local server?
To make it even more complicated: the server don't add CORS header and the it also required an Basic Auth.
From postman, everything work as expected. But not from the browser (if not called from localhost)
I did some tests, but it's not working yet.
I'm not able to send the Authorization. When I run this code, there's a prompt from the browser, asking for username and password:
It's really hard to Google this terms. Most of the results are related to localhost calls for your own api during the development.

Related

Cypress: Add cookie to external api calls from localhost frontend

I have an external api deployed to a dev server and a frontend app running on localhost. I need to attach the cookies I get from logging in, to both my localhost and external API domain.
I can see the cookies are indeed there using cy.getCookies({domain: null}), however all external API calls within the react app happen without the cookies. From what I can see, you can only add cookies to the baseUrl requests, but I want to run my tests against a deployed backend (so developers don't need to have a running instance of a local backend, which is whats currently working fine as they are both on localhost)
cy.setCookies(name, value, {domain: localhost})
cy.setCookies(name, value, {domain: external_api_domain})
If there is a request originating from the app to the back-end that needs a specific cookie attached, maybe an intercept can attach them.
This is untested & on-the-fly code, may need adjusting
cy.intercept('POST', my-url, (req) =>
const cookie = cy.getCookies(name).then((cookie) => {
req.headers['Cookie'] = `${cookie.name}=${cookie.value}`;
req.continue()
})
})
Assumptions
I'm assuming the frontend initiates the request that the backend then passes on to another server, and backend gets all info (including cookies) from the frontend request.
Debugging
You can check the backend phase is working with cy.request(). Ultimately you want FE to do it, but in case the problem lie in the FE and not the test cy.request() can be useful.
For ref Cypress request and cookies

Web application Bad Request

I have a web application which uses Spring and Hibernate.
Sometimes I get the following message in browser when I try to access my web application:
Bad Request: Your browser sent a request that this server could not understand.
Size of a request header field exceeds server limit.
Same url works after, I clear all my cookies from browser. I ain't able to figure out what happens and why did i get this bad request ? I tried to search for concrete solution but couldn't find any.

gmail api in oauth 2.0: use javascript to request authentication code from google server

Goal
I am trying to implement a server-side authentication.
I want to request authentication code using javascript on my website, and then pass the auth code back to my server. Then my server can use this code to exchange for refresh token, and access token.
What I have tried
I followed these instructions, and registered my Web application for client ID. It's working perfectly fine, but this is only for client-side authentication, and it returns a access token directly. Then I registered server account for another client ID, and replace the old one with the new one. I was expecting it returned authentication code, but it returned error in the Web console.
Error message
Load denied by X-Frame-Options does not permit cross-origin framing.
Question
Did I use the code in a wrong way, or my registration process might cause the problem?
In this website,
there's no mention of any build-in function for getting the authentication code. Do I have to implement it from a very basic level?

How can I use CAS with a Javascript Client that will be hosted as well as used in Phonegap?

I am writing a Phonegap application that needs to be able to call remote webservices that are secured by CAS. The application will also be hosted on our webfarm (minus the hardware specific parts) as a mobile web site.
Our CAS server is hosted by server1 and our webservices are hosted on server2. The mobile web site is hosted on server2.
Any calls I make from Javascript get a cross-domain error. I realize this isn't an issue for the phone, but it would be nice to avoid it due to development being so much easier when running on the desktop.
Currently, I have a working setup that consists of the following:
Javascript calls a server-side script on server2 over https, including the username and password in the header.
The script calls CAS' RESTful api and gets a ticket granting cookie. The script creates a Set-Cookie header in the response or it reports back with a login error.
Javascript gets the response and creates the cookie (though this cookie is undetectable in Phonegap (nothing in document.cookie), even though it's getting passed around).
Javascript then calls a server-side script which calls a webservice for it, passing the cookie with the request (I had to manually insert the cookie into the request header, even though it automatically was passed in the request from javascript).
The server-side script sends the results to javascript.
Is there a better way to do this? I've seen mention of proxy tickets in CAS, but cannot find enough information to know whether it's what I need or how to use them.
Thank you.

Problems with xmlHttpRequest + cookies + redirect

I am trying to login to a web service using xmlHttpRequest.
The web service in question seems to authenticate using cookies. After analyzing communication with IE browser, I concluded that the sequence is basically the following:
(1) server sends a form requesting username and password.
(2) client sends a POST request containing username and password typed.
(3) server sends a redirect message (HTTP 302) to the same URL with a "Set-Cookie" header containing the session ID
(4) client re-sends the same URL containing the cookie received from the server in redirect message.
(5) server receives session ID and concludes authentication.
I tried to emulate the same sequence using xmlHttpRequest in JavaScript. However, I found a problem.
It seems that xmlHttpRequest does not redirects cookies. I other words, (4) is not happening and authentication is not completed.
To make the problem worse, xmlHttpRequest does not seem to detect redirect events (it this was possible, I could at least set Cookie header before re-sending request). The onreadystatechange() function is called only after all re-direction process is completed.
So, I don't have any solution in mind to resolve this problem and complete authentication.
Also, as it is related a "public" web service, I am not able to change anything in the server side.
Any idea?
As far as I know you can't use xmlHttpRequest to query a url of a server different to the server you are connected to. ¿Could you do it?
In explanation if the page with the javascript code is in yourdomain.com you can't use xmlHttpRequest to call a web service in example.com.
With the previous comments I understood better the situation.
Steps (4) and (5) are only to redirect you to the main page, the real autentication ends in (3), once you get the cookies (using getheaders for example) you are logged in.
Then for every new request you do with the correct cookies the website will see you as the logged in user.
Are you trying to automate a query to the site? Or just automate the login process?

Categories

Resources