I'm making a POST request from a Chrome extension that appears identical to the one that submitting the form manually would do. I've submitted both and compared the body and headers and they seem to be identical.
The POST made via the browser form results in a 302 redirect. The POSTed entry is created and the user ends up on an edit screen for it.
The POST made via the extension results in a 500 error.
I'm filtering many of the headers sent by the extension to match those made by the browser, in case the server is looking for certain things that tip off a request as being non-native.
Hoping to exhaust all options before contacting the devs of the system being POSTed to. Any obvious things that could be happening server-side to block this request?
Here's the POST request made via the browser form:
Request Headers
Host: myhost.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:53.0) Gecko/20100101 Firefox/53.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 901
Referer: https://myhost.com/referer
Cookie: app2=cookieredacted
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
Request Body
record[user_name]=aasldkjflasdjf
record[new_password]=ljl;jl;kjklj
record[first_name]=ethan
record[middle_name]
record[last_name]=lastnm
record[name_suffix]
record[gender]=M
record[dob]=07/28/77
record[ssn]=654656546
record[group_number]
record[misc_number]
record[mothers_maiden_name]
record[active]=N
record[active]=Y
record[has_paper_chart]=0
record[notes]
record[address1]=234+htha+st
record[address2]
record[city]=euge
record[county_of_residence]
record[state]=OR
record[zip]=98754
record[country]
record[tel1]=5155555555
record[tel1_status]=4
record[tel2]
record[tel2_status]
record[cell]
record[cell_status]
record[email]=ethan#foo.com
record[preferred_contact]=home_tel
record[house]
record[room]
record[bed]
record[classroom]
Response Headers
Server: nginx/1.6.2
Date: Sun, 09 Jul 2017 01:06:12 GMT
Content-Type: text/plain
Transfer-Encoding: chunked
Connection: keep-alive
Status: 302 Found
Location: /entry/edit
And from the extension:
Request Headers
Accept:text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding:gzip, deflate, br
Accept-Language:en-US,en;q=0.5
Cache-Control:no-cache
Connection:keep-alive
Content-Length:920
Content-Type:application/x-www-form-urlencoded
Cookie:app2=cookieredacted; gsScrollPos-2545=
Host:myhost.com
Pragma:no-cache
Referer:https://myhost.com/referer
Upgrade-Insecure-Requests:1
User-Agent:Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.50 Safari/537.36
Request Body
new_password_stub:"FoECbiRN"
record[active]:"Y"
record[address1]:"123 N 5th St"
record[address2]:""
record[bed]:""
record[cell]:""
record[cell_status]:""
record[city]:"Eugene"
record[classroom]:""
record[country]:""
record[county_of_residence]:""
record[dob]:"9/28/91"
record[email]:"ethan#foo.com"
record[first_name]:"Foo"
record[gender]:"M"
record[group_number]:""
record[has_paper_chart]:0
record[house]:""
record[last_name]:"Bar"
record[middle_name]:""
record[misc_number]:""
record[mothers_maiden_name]:""
record[name_suffix]:""
record[new_password]:"FoECbiRN"
record[notes]:""
record[preferred_contact]:"home_tel"
record[room]:""
record[send_notifications]:0
record[ssn]:"222222222"
record[state]:"OR"
record[tel1]:"5155555555"
record[tel1_status]:2
record[tel2]:""
record[tel2_status]:""
record[user_name]:"BarFoo2017"
record[zip]:"97401"
Response Headers
Cache-Control:no-cache
Connection:keep-alive
Content-Length:5110
Content-Type:text/html; charset=utf-8
Date:Sun, 09 Jul 2017 02:09:33 GMT
Server:nginx/1.6.2
Set-Cookie:mysite_session_id=; max-age=0; expires=Thu, 01 Jan 1970 00:00:00 -0000
Status:500 Internal Server Error
Thanks to wOxxOm for this one -
The extension was posting an extra field record[send_notifications] which was causing the 500 error.
Related
I'm tryng to perfom a simple ajax post request to retrieve some data from a website.
In detail i'm trying to contact a page that a website recall to have some informations.
So i have the main website and a page that it calls to retrive data.
I discovered that page using the google inspection section, in particular in the xhr section of network field of the inspector.
In my code i used all the headers and the payload data that are used by the website to contact the page.
This is the code that i'm using to reach my goal:
var XMLHttpRequest = require("xmlhttprequest").XMLHttpRequest;
var url = 'https://www.remax.pt/Webservices/MainWebService.asmx/GetCityList';
var body = {"SiteRegionID":"12","RegionID":"12","RegionRowID":"78","ProvinceID":"0",
"LanguageCode":"ITA","MinInternetCount":"0","SearchType":"","OfficeAgent":"0",
"EncodingLanguage":"PTG","OfficeAgentId":"0"};
var xhr = new XMLHttpRequest();
xhr.onload = function () {
var data = xhr.responseText;
if (xhr.readyState == 4 && xhr.status == "200") {
console.table("results: "+data);
} else {
console.error("error: "+data);
}
}
xhr.open("POST", url, true);
xhr.setRequestHeader('Content-Type', 'application/json; charset=UTF-8');
//xhr.setRequestHeader("Content-Type","text/html");
xhr.setRequestHeader("Access-Control-Allow-Origin","*");
xhr.setRequestHeader("accept", "application/json, text/javascript, */*; q=0.01");
xhr.setRequestHeader("authority", "www.remax.pt");
xhr.setRequestHeader("scheme", "https");
xhr.setRequestHeader("path", "/Webservices/MainWebService.asmx/GetCityList");
xhr.setRequestHeader("accept-language","it-IT,it;q=0.9,en-US;q=0.8,en;q=0.7");
//xhr.setRequestHeader('accept-encoding', 'gzip, deflate, br');
//xhr.setRequestHeader("host", "https://www.remax.pt");
//xhr.setRequestHeader('referer', 'https://www.remax.pt/PublicListingList.aspx');
//xhr.setRequestHeader('content-length', '192');
//xhr.setRequestHeader('cookie','__cfduid=dc7dd48ccff40ee4f85840bfc35685b311531384150; PersonalizationMap=; PersonalizationGallery=SelectedCountryID=12; GtTransLang=ITA; SLINGSHOT=LanguageCode=it-IT; SessionId=1ac0ec84-6a03-4965-ba90-7eb686f66bf5; ASP.NET_SessionId=rgia1pblms2abf11ypsbiqgz; GtTrans=ENU; LastSearch=SiteRegionID=12&TransactionTypeUID=260&RegionID=12&RegionRowID=78&LocationText=Porto&LocationValue=YR78&PriceCurrency=EUR&ComRes=2; PersonalizationRegion=#mode=list&tt=260&cr=2&r=78&cur=EUR&la=All&sb=PriceIncreasing&page=1&sc=12&sid=a81a1d1d-ee36-4236-a72e-31343349c574; PersonalizationDate=2018-7-24 10:0:30');
xhr.setRequestHeader("user-agent", "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36");
xhr.setRequestHeader("x-requested-with", "XMLHttpRequest");
xhr.send(JSON.stringify(body);
Actually i never receive an answer. I think that the flow of operations never enter in the onLoad section because the string that there are in if and else sections are never printed.
I wanna specify that some headers are commented because i had an answer of this type:
Refused to set unsafe header 'nameHeader'
So i decided to do not use them for the moment.
I tried to change some headers or add something new but the problem remains and honestly i don't have idea if it is a problem of syntax of some fields or if i need other things to perform an acceptable request.
for completeness i insert the 4 fields that i found in the inspector tool that specify the parameters passed by the website to call the page:
GENERAL:
1. Request URL:
https://www.remax.pt/Webservices/MainWebService.asmx/GetCityList
2. Request Method: POST
3. Status Code: 200
4. Remote Address: 104.25.40.105:443
5. Referrer Policy: no-referrer-when-downgrade
RESPONSE HEADERS:
List item
cache-control: private, max-age=0
cf-ray: 43f532b9e9886260-LIS
content-encoding: br
content-type: application/json; charset=utf-8
date: Tue, 24 Jul 2018 09:00:44 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
status: 200
x-aspnet-version: 4.0.30319
x-ua-compatible: IE=9, IE=8
REQUEST HEADERS:
authority: www.remax.pt
method: POST
path: /Webservices/MainWebService.asmx/GetCityList
scheme: https
accept: application/json, text/javascript, /; q=0.01
accept-encoding: gzip, deflate, br
accept-language: it-IT,it;q=0.9,en-US;q=0.8,en;q=0.7
content-length: 192
content-type: application/json; charset=UTF-8
cookie: __cfduid=dc7dd48ccff40ee4f85840bfc35685b311531384150; PersonalizationMap=; PersonalizationGallery=SelectedCountryID=12; GtTransLang=ITA; SLINGSHOT=LanguageCode=it-IT; SessionId=1ac0ec84-6a03-4965-ba90-7eb686f66bf5; ASP.NET_SessionId=rgia1pblms2abf11ypsbiqgz; GtTrans=ENU; LastSearch=SiteRegionID=12&TransactionTypeUID=260&RegionID=12&RegionRowID=78&LocationText=Porto&LocationValue=YR78&PriceCurrency=EUR&ComRes=2; PersonalizationRegion=#mode=list&tt=260&cr=2&r=78&cur=EUR&la=All&sb=PriceIncreasing&page=1&sc=12&sid=a81a1d1d-ee36-4236-a72e-31343349c574; PersonalizationDate=2018-7-24 10:0:30
origin: https://www.remax.pt
referer: https://www.remax.pt/PublicListingList.aspx
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36
x-requested-with: XMLHttpRequest
REQUEST PAYLOAD:
{"SiteRegionID":"12","RegionID":"12","RegionRowID":"78","ProvinceID":"0","LanguageCode":"ITA","MinInternetCount":"0","SearchType":"","OfficeAgent":0,"EncodingLanguage":"PTG","OfficeAgentId":0}
I'm sending POST data with AJAX:
const form = d.getElementById('form');
form.addEventListener('submit', SendData);
function SendData(e) {
e.preventDefault();
var data = e.target.getElementsByTagName('input')[0].value.trim();
var xhr = new XMLHttpRequest();
xhr.addEventListener('load', function(event){
console.log(event.target.responseText);
});
xhr.addEventListener('error', function(event){
console.log(event.target.statusText);
});
xhr.open('POST', '/db', true);
xhr.send('data=' + data);
}
But when I use IE11, server receives data only once in every two requests:
1:
POST http://localhost:99/db HTTP/1.1
Accept: */*
Referer: http://localhost:99/
Accept-Language: ru
Content-Type: text/plain;charset=UTF-8
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like
Gecko
Host: localhost:99
Content-Length: 13
Connection: Keep-Alive
Cache-Control: no-cache
data=01234567
2:
POST http://localhost:99/db HTTP/1.1
Accept: */*
Referer: http://localhost:99/
Accept-Language: ru
Content-Type: text/plain;charset=UTF-8
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like
Gecko
Host: localhost:99
Content-Length: 13
Connection: Keep-Alive
Cache-Control: no-cache
I noticed, when I use Fiddler for debugging, server receives data every time. Couldn't anybody explain to me this behavior, and how to fix it?
Did you try to use jQuery ajax functionality? This has the advantage that it is working across browsers flawlessly, and needs only one syntax. I know, that most people do not like to use additional frameworks, but this one simplifies coding a lot.
e.g.:
$.ajax({
url:'https://my.server.com/myscript.php,
type:'post',
data: {
var1: "x",
var2: "y",
},
success: function(data) {
// here goes the data, returned from your php script e.g.
}
});
I'm trying to setup Fine-uploader s3 with cross domain signing. I've been struggling with it for two weeks now, going through every article on the internet and still can't get this to work. I'm, with exaggerating, very frustrated. I've started questioning every line of code and I get nowhere..
I keep receiving the following errors in the browser console:
XHR finished loading: OPTIONS "https://myserver.com/vendor/fineuploader/php-s3-server/endpoint-cors.php?v4=true".
util.js:241 [Fine Uploader 5.15.6] Invalid policy document or request headers!
XHR finished loading: POST "https://myserver.com/vendor/fineuploader/php-s3-server/endpoint-cors.php?v4=true".
util.js:241 [Fine Uploader 5.15.6] Policy signing failed. Invalid policy document or request headers!
I'm using the php server provided by fineuploader on github to sign documents. Here I've set my constants and modified
'access-control-allow-origin: https://myserver.com' and 'access-control-allow-credentials: true'.
My javascript uploader script client-side looks like this.
var uploader = new qq.s3.FineUploader({
element: document.getElementById("uploader"),
debug: true,
request: {
endpoint: 'BUCKET_NAME.s3-accelerate.amazonaws.com',
accessKey: 'ACCESS_KEY'
},
cors: {
//all requests are expected to be cross-domain requests
expected: true,
//if you want cookies to be sent along with the request
sendCredentials: true
},
objectProperties: {
bucket: 'BUCKET_NAME',
host: 's3-accelerate.amazonaws.com' // only needed for version 4 signatures
},
signature: {
endpoint: 'https://myserver.com/vendor/fineuploader/php-s3-server/endpoint-cors.php',
version: 4
},
uploadSuccess: {
endpoint: 'https://myserver.com/vendor/fineuploader/php-s3-server/endpoint-cors.php?success'
},
iframeSupport: {
localBlankPagePath: '/success.html'
},
validation: {
allowedExtensions: ["jpeg", "jpg", "png"],
acceptFiles: "image/jpeg, image/png",
sizeLimit: 10000000,
itemLimit: 1
},
retry: {
enableAuto: true // defaults to false
},
paste: {
targetElement: document,
promptForName: true
}
});
This is my header information
Request URL:https://MYSERVER.com/vendor/fineuploader/php-s3-server/endpoint-cors.php?v4=true
Request Method:OPTIONS
Status Code:200 OK
Remote Address:MY_IP
Referrer Policy:no-referrer-when-downgrade
Response Headers
view source
Access-Control-Allow-Credentials:true
Access-Control-Allow-Headers:Content-Type
Access-Control-Allow-Methods:OPTIONS
Access-Control-Allow-Origin:https://MY_WEBSITE.com
Connection:keep-alive
Content-Encoding:gzip
Content-Type:text/html; charset=UTF-8
Date:Wed, 31 Jan 2018 17:45:06 GMT
Host:127.0.0.1:8000
Server:nginx/1.10.3 (Ubuntu)
Transfer-Encoding:chunked
X-Powered-By:PHP/7.0.22-0ubuntu0.16.04.1
Request Headers
view source
Accept:*/*
Accept-Encoding:gzip, deflate, br
Accept-Language:da-DK,da;q=0.9,en-US;q=0.8,en;q=0.7
Access-Control-Request-Headers:content-type
Access-Control-Request-Method:POST
Connection:keep-alive
Host:aeoeaa.club
Origin:https://MY_WEBSITE.com
User-Agent:Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36
Query String Parameters
view source
view URL encoded
v4:true
And
Request URL:https://MYSERVER/vendor/fineuploader/php-s3-server/endpoint-cors.php?v4=true
Request Method:POST
Status Code:200 OK
Remote Address:MY_IP
Referrer Policy:no-referrer-when-downgrade
Response Headers
view source
Access-Control-Allow-Credentials:true
Access-Control-Allow-Origin:https://MYWEBSITE.com
Connection:keep-alive
Content-Type:application/json
Date:Wed, 31 Jan 2018 17:45:07 GMT
Host:127.0.0.1:8000
Server:nginx/1.10.3 (Ubuntu)
Transfer-Encoding:chunked
X-Powered-By:PHP/7.0.22-0ubuntu0.16.04.1
Request Headers
view source
Accept:application/json
Accept-Encoding:gzip, deflate, br
Accept-Language:da-DK,da;q=0.9,en-US;q=0.8,en;q=0.7
Connection:keep-alive
Content-Length:461
Content-Type:application/json; charset=UTF-8
Host:MYSERVER.com
Origin:https://MYWEBSITE.com
Referer:https://MYWEBSITE.com/pages/testpage
User-Agent:Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36
Query String Parameters
view source
view URL encoded
v4:true
Request Payload
view source
{expiration: "2018-01-31T17:50:06.323Z",…}
conditions
:
[{acl: "private"}, {bucket: "MY_BUCKET_NAME"}, {Content-Type: "image/jpeg"},…]
expiration
:
"2018-01-31T17:50:06.323Z"
Everything should be working but I still get the same error. I don't want any of the complicating features. I just want a simple upload to s3. But this seems impossible. I'll gladly supply more info. Anything to get this done. I'll even send a bottle of wine to the one solving it. Nothing I do helps..
I am trying to login to backend service which redirects to different url after login using form data. When I try to login using rest client (postman), the request was successful but not when I try same using angular 2 ionic. I am not sure why its not working.
successful request from postman
General
Request URL:http://127.0.0.1:9000/auth/login
Request Method:POST
Status Code:303 See Other
Remote Address:127.0.0.1:9000
Response Headers
view source
Cache-Control:no-cache, no-store, must-revalidate
Content-Length:0
Date:Thu, 02 Mar 2017 02:55:26 GMT
Expires:0
Location:/auth/onLogin
Pragma:no-cache
Set-Cookie:PLAY_SESSION=e7685926e8ced464e3d4ea8e99b7bc9254170095-pa.u.exp=1489632926758&pa.p.id=password&pa.u.id=test%40example.com; Path=/; HTTPOnly
Request Headers
view source
Accept:*/*
Accept-Encoding:gzip, deflate
Accept-Language:en-US,en;q=0.8
Authorization:Basic dGVzdEBleGFtcGxlLmNvbTp0ZXN0MTIzNDU2
Cache-Control:no-cache
Connection:keep-alive
Content-Length:257
Content-Type:multipart/form-data; boundary=----WebKitFormBoundaryFfkhCAVy78Bq9fBz
Cookie:PLAY_SESSION=b79f66a47d1a22dd009cc0768fcb8054a2c547c8-pa.u.exp=1489630742877&pa.p.id=password&pa.u.id=test%40example.com
Host:127.0.0.1:9000
Origin:chrome-extension://fhbjgbiflinjbdggehcddcbncdddomop
Postman-Token:5cef52b4-dae9-dcde-d79d-d03949cf8a3b
User-Agent:Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.106 Safari/537.36
Request Payload
------WebKitFormBoundaryFfkhCAVy78Bq9fBz
Content-Disposition: form-data; name="email"
test#example.com
------WebKitFormBoundaryFfkhCAVy78Bq9fBz
Content-Disposition: form-data; name="password"
test123456
------WebKitFormBoundaryFfkhCAVy78Bq9fBz--
Using angular 2 with ionic
Code
public login() {
let headers = new Headers({ 'Content-Type': 'multipart/form-data' });
let options = new RequestOptions({ headers: headers });
var input = new FormData();
input.append('email', 'test#example.com');
input.append('password', 'test123456');
this.http.post('http://127.0.0.1:9000/auth/login', input, headers)
.map((res:Response) => {
var location = res.headers.get('Location');
console.log(res.headers.get('Location'));
}).subscribe(data => {
console.log(data);
});
}
Response
Request URL:
http://127.0.0.1:9000/auth/login
Request Method:
POST
Status Code:
303 See Other
Remote Address:
127.0.0.1:9000
Referrer Policy:
no-referrer-when-downgrade
Response Headersview source
Cache-Control:
no-cache, no-store, must-revalidate
Content-Length:
0
Date:
Fri, 03 Mar 2017 00:38:51 GMT
Expires:
0
Location:
/auth/onLogin
Pragma:
no-cache
Set-Cookie:
PLAY_SESSION=fe2e8c471e089531c12c9cbb0ec9fa346d3cc735-pa.u.exp=1489711131007&pa.p.id=password&pa.u.id=test%40example.com; Path=/; HTTPOnly
Request Headersview source
Accept:
*/*
Accept-Encoding:
gzip, deflate
Accept-Language:
en-US,en;q=0.8
Connection:
keep-alive
Content-Length:
257
Content-Type:
multipart/form-data; boundary=----WebKitFormBoundarysNcuRPNzpXf8OHKP
Host:
127.0.0.1:9000
Origin:
http://localhost:8100
Referer:
http://localhost:8100/
User-Agent:
Mozilla/5.0 (Linux; Android 5.0; SM-G900P Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3027.3 Mobile Safari/537.36
Request Payload
------WebKitFormBoundarysNcuRPNzpXf8OHKP
Content-Disposition: form-data; name="email"
test#example.com
------WebKitFormBoundarysNcuRPNzpXf8OHKP
Content-Disposition: form-data; name="password"
test123456
------WebKitFormBoundarysNcuRPNzpXf8OHKP--
and when it redirects to /auth/onLogin
Request URL:
http://127.0.0.1:9000/auth/onLogin
Request Method:
GET
Status Code:
500 Internal Server Error
Remote Address:
127.0.0.1:9000
Referrer Policy:
no-referrer-when-downgrade
Response Headersview source
Content-Length:
7959
Content-Type:
text/html; charset=utf-8
Date:
Fri, 03 Mar 2017 00:38:51 GMT
Request Headersview source
Accept:
*/*
Accept-Encoding:
gzip, deflate, sdch
Accept-Language:
en-US,en;q=0.8
Connection:
keep-alive
Content-Type:
multipart/form-data; boundary=----WebKitFormBoundarysNcuRPNzpXf8OHKP
Host:
127.0.0.1:9000
Origin:
http://localhost:8100
Referer:
http://localhost:8100/
User-Agent:
Mozilla/5.0 (Linux; Android 5.0; SM-G900P Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3027.3 Mobile Safari/537.36
Have you tried adding the withCredentials: true after your header?
Like this:
return this.http. post(
'http://127.0.0.1:9000/auth/login',
{
headers: this.headers,
withCredentials: true
},
)
I've been stuck at this for a while now. I have ajax request here:
$.ajax({
url: UPDATE_USER_INFO_URL ,
type: "POST",
dataType: "json",
contentType: "application/json",
data: JSON.stringify({user:'user'}),
success: function (data, textStatus) {
if(data["statusCode"] && data["statusCode"] == 1) {
_callback(1,data);
}
else {
_callback(0,data);
}
},
error: function (jqXHR, textStatus){
_callback(0, {});
}
});
If I set UPDATE_USER_INFO_URL to a specific URL, fiddler show nothing in the body. If I set UPDATE_USER_INFO_URL to something else (even invalid URL), it does put {user:'user'} in the body in fiddler.
With original UPDATE_USER_INFO_URL:
POST http://10.35.50.26:8080/SelfServiceWs/user/session/upduserinfo HTTP/1.1
Accept: application/json, text/javascript, ; q=0.01
Content-Type: application/json
X-Requested-With: XMLHttpRequest
Referer: http://10.35.50.26:8080/SelfService/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Host: 10.35.50.26:8080
Connection: Keep-Alive
Pragma: no-cache
Cookie: JSESSIONID=0BF9D9CCCE9030E60AB0BCE5F6562CD8
Authorization: Negotiate TlRMTVNTUAABAAAAl4II4gAAAAAAAAAAAAAAAAAAAAAGAbAdAAAADw==
Content-Length: 0
Chage url to /SelfServiceWs/abcdef
POST http://10.35.50.26:8080/SelfServiceWs/abcdef HTTP/1.1
Accept: application/json, text/javascript; q=0.01
Content-Type: application/json
X-Requested-With: XMLHttpRequest
Referer: http://10.35.50.26:8080/SelfService/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Host: 10.35.50.26:8080
Content-Length: 15
Connection: Keep-Alive
Pragma: no-cache
Cookie: JSESSIONID=9E79779805579A7964E03AAD76DF043B
{"user":"user"}
I have many other ajax calls, all are working as expected.
It must be little thing that I am missing.
I figured this out.
I have an authentication servlet filter to url /user/ssoauth, unexpectedly (to me), it made eveything call to URL under /user path (including /user/session/upduserinfo) to send out Authorization header. Moved filter to /user/auth/ssoauth stop client to send authorization header when calling user/session/upduserinfo and fix the problem.
<filter-mapping>
<filter-name>SecurityFilter</filter-name>
<url-pattern>/user/ssoauth</url-pattern>
</filter-mapping>
cause every client call to URL after /user to send Authorization header.
I learned something new today!
try this
data: JSON.stringify({'user':'user'}),