i have been working on trello api so my issue is that i have to save a token in database.
response is in post message :
window.opener.postMessage("token generated here ", "http://www.servername.com")
1. how to fetch token from post message.
2.i have tried code from this link :http://stackoverflow.com/questions/3332532/how-can-i-do-cross-domain-postmessage. but is not working.
3. https://developer.mozilla.org/en-US/docs/Web/API/window.postMessage this link i also go through .
snapshots step by step here is
step 1: authentication with oath :http://postimg.org/image/5cwazfvfv/
step 2: when i press allow button to get token i recieve this window and here
url: http://postimg.org/image/f3y34m2dz/
As I know, postmessage is asynchornious. Consequently, it's hard to capture which message is returned to which source parent/window. I think we can consider 2 things as below:
It's reasonable define how to determine which target window (instead of "*" indicator). In my case, we can temporary use like that: frameA.contentWindow.postMessage(msg, frameA.src). However, my solution still face problem if we need to support many frame has the same href.
The second thing is needed to point out which target page will received/handle returned value from frame. As above thing, my solution is rely on origin property of event object (used for Chrome/Safari browser for instance. In case other versions/browser, we need use corresponding property).
Related
A company is asking me to do an Angular assignment. They provide the following instructions, but the API URL doesn't work:
Create a single page angular application and use the following API to retrieve sports results and sort into a table of results that are displayed. Each sport result contains several data and always includes the publication time.
Method: POST
Content-Type: application/json
Url: https://ancient-wood-1161.getsandbox.com:443/results
Tasks:
-Display the sports results in reverse chronological order on the page.
-Add a filter to the page to display only certain types or events (e.g. f1Results)
-How can you confirm the code works?
-Bonus: Implement the rest call asynchronously
You can click the URL https://ancient-wood-1161.getsandbox.com:443/results right now and see that it doesn't work - it returns {"errors":[{"message":"Error processing request"}]} and in Angular it gives me a standard CORS error.
I asked the company to please send a working URL and/or update the API to accept requests from everywhere. Their response was:
*guy's name* confirmed it worked. It is a post and the content type is json.
Can you use a POST request to GET data?
Absolutely. Take for example your avg Login Request that returns an access token for instance. It is going to be a POST as POST also has a bit more security than GET given that the payload is in the body rather than the URL string.
As for their excuse of it not working, try it in postman and see if the same issue still occurs. If it still does then ask them where did they test their API as if it is on prem then no duh the CORS would work. It is most likely not a company you would want to work for.
Yes, you can. On some cases it may be necessary, since GET doesn't take a body while POST does. So it can get you around things like URL length limits.
I'm making log in test in JMeter and i have a problem. I made a HTTP Request as a POST method and it works - I get a JavaScript response (new popup). So the next step is another HTTP Request which return the page after log in. But instead of getting this page in return, I got another page which informs that session doesn't exist.
What is wrong?
Make sure you add HTTP Cookie Manager to your Test Plan
Make sure you detect and handle all dynamic parameters in some cases for security or state management or whatever server expects some extra parameters in addition to credentials and in case of missing or mismatch with expected logic can fail. So the test should look like:
GET request to the login page
Extract dynamic parameters and store them into JMeter Variables
POST request to login page (pass credentials and dynamic parameters)
See How To Use JMeter For Login Authentication guide for more detailed explanation and example.
Add HTTP Header Manager and HTTP Cookie Manager to your test plan. Session IDs needs to be managed.
Thanks!! It helps with log in but I have simmilar problem going further. After log in I can see a desktop with some icons. Clicking on one of this icon open a PopUp in JavaScript. I looked at POST methods - one of them has a JS code which open this PopUp as a POST response. I added it to my Test Plan. But instead of getting a js response like " new Window ({...." I receive object.SessionTimeOutAlert()". I think that this is a common problem. But now I have HTTP Header Manager and HTTP Cookie Manager and nothing....
I have the same issue. The authentication cookie was not sent and the request body shows "unauthenticated_session=deleted" under Cookie Data instead of the token values.
I resolved it by adding additional forward slashes in path by trial and error method. Some endpoints (javascript based http requests) work with // and some with /// or ////. Weird but works for me.
Is there a way to retrieve details of GET requests of a web page using JavaScript? I don't mean parameters of the current page's URL but out-going GET requests.
Example:
If you open google's start page with firefox and toggle developer-tools, in the network tab you can see a number of GET request such as that for the logo which is something like https://www.google.com/images/branding/googlelogo/1x/googlelogo_color_272x92dp.png
I want to retrieve this URL on console tab using JavaScript. Is it possible to retrieve it via an object attached to the DOM (document) or BOM (window)?
The reason for my question is: I am in an test automation environment where developer-tools are not available. Only JavaScript is available and I need to check the URL of a GET request issued by the current page. I just mentioned developer-tools because it is the simplest way to reproduce the problem (and the easiest way to verify, if a solution works). But it is more about Firefox/HTTP than test automation as such.
I don't think it's possible within devtools, but you may be able to use normal JS to make a global event handler (if it's jQuery) or if using normal JS, replace the XmlHttpRequest object with a duckpunched object that logs the result, as described here.
Could anyone clarify how the GA actions _gaq.push(['_link', <href>]); and _gaq.push(['_linkByPost', <form>]); work?
I'm not interested on how to use them as presented in the documentation. I understand those scenarios. I want to know more about what they do when called.
Edit:
I suspect how this works but I need some confirmation from someone that fiddled with this longer than me. I want to know what the process is in each of the cases in small steps. I know that it changes the sent data in order to overwrite to cookie on the target site, but I need to know exactly the actions that happen (in terms of JavaScript on the sending page) after you do the push.
I would also like to know if I could use _gaq.push(['_link', <href>]); from anywhere in my code to change the page.
Thank you,
Alin
We will assume _gaq.push(['_setAllowLinker', true]); used on any needed page.
What _gaq.push(['_link', <href>]); does:
Appends the __utm<x> cookies to <href>. You need to return false in the onclick of the anchor so that the original link does not follow through.
Changes the browser location to the newly formed URL.
What _gaq.push(['_linkByPost', <form>]); does:
Changes the action attribute of <form> so that it includes the __utm<x> cookies.
What happens on the target page:
The GA script on the target page checks the received parameters and if the __utm<x>s are sent it overwrites its own cookies with these. This results in identifying the user as being the same on that left your original page.
As a bonus _gaq.push(['_link', <href>]); can be used in (almost) any situation window.open(<href>); can be used.
They pass the cookie information from one domain to another; in the instance, it does this by appending a query string on the next page; with _linkByPost, it sends the cookie information as GET parameters on the form action along with your POST data.
If _setAllowLinker is set to true on the target page, the cookie information sent will overwrite the default Google Analytics cookies on the target page, and will allow for linked, consistent session information between the two, as the cookies will ensure that consistent data is shared.
EDIT:
No, you can't call it from anywhere in your page, unless you bind it to an onclick of where you'd like it called.
I'm using jQuery's ajax methods to interact with the Twitter REST API.
Their API is a bit annoying, in that some actions will return a 401 HTTP status code. In that case, I just want it to fail, instead of displaying a login box.
I've tried just providing an incorrect user:pass pair in the URL, in case that might suppress the dialog and just get me an error response, but that failed to help.
This question asked exactly the same question, but the answer instead worked out how to not trigger the 401 in the first place.
(In particular this is annoying because it's a bug on their part that's requesting authentication -- the users/show method isn't supposed to be asking for it in the first place.)
Look into suppress_response_codes
It is explained about 1/4 way down the page here:
https://dev.twitter.com/docs/things-every-developer-should-know
From the Twitter documentation (incase it is moved again):
suppress_response_codes: If this
parameter is present, all responses
will be returned with a 200 OK status
code - even errors. This parameter
exists to accommodate Flash and
JavaScript applications running in
browsers that intercept all non-200
responses. If used, it's then the job
of the client to determine error
states by parsing the response body.
Use with caution, as those error
messages may change.