I'm creating a chrome extension, and want to be able to get a profile picture from a username. Unfortunately, there isn't an api for the website and there is no correlation between the profile URL and the profile name. I figured I could hijack the search ajax and use it to achieve my goal. Unfortunately, it doesn't seem to be working. I've added the permissions, and it isn't running in a content script, but it's still not working.
$.getJSON("http://www.website.com/user/search",{user:name},function(a){
alert(1);
alert(a.data);
});
It's failing silently, as nothing is happing. Yet, I can't figure out why.
The json I should be receiving from the call (browsed to the site manually) is:
{"error":false,"action":null,"one":true,"data":143217}
Unfortunately it's not working. JSONP isn't an option, as the site obviously has no need of supporting it, so help me please. I don't see what I'm doing wrong.
EDIT: I see the problem. When I try to do the request I'm being redirected to user/search ( no ?user) which fails.
The site you're trying to reach requires authentication before allowing a search to occur. You won't get a response from your ajax request, because the server is looking for a session with login credentials to allow the search to happen. Because your ajax is not authenticated, and does not have the session established, your request doesn't "fail", it is simply getting the server's 302 redirect response.
You would need to 'sign in' to the page you are trying to query in order to establish the session and any necessary variables before you would be able to proceed with your user search.
It could be entirely possible that the website's search API isn't returning the Content-type header as text/json, which is required for $.getJSON to function correctly.
Try simply using $.get and calling JSON.parse on the returned data.
Related
This is a weird situation, I've looked at loads of SO questions and nothing is quite like it. Hopefully I can get some feedback regarding it
I'm creating a new web page in an existing application and am trying to execute a simple PUT api call and for some reason it is showing a status of cancelled on my network tab in chrome dev tools. The server I'm hitting is a VM on my local machine. I can hit the same endpoint from a different existing page in my application and it goes through just fine so I know that there's nothing wrong with the endpoint. Here's some screenshots:
This is what the network tab in chrome dev tools looks like:
This is what I see when I click on the "cancelled" put call:
and this is what shows on the console tab of chrome dev tools:
One thing to note is that in the second screenshot under the General section on the right it doesn't have anything listed for Request Method, Status Code or Remote Address, see this screenshot of the successful api put request I referred to earlier for reference:
The really weird thing is that my database is getting updated with the updated data, so in some way even though the PUT is showing as cancelled it's working to some degree.
The call originates from a vue component on my page and my backend is in PHP if that matters at all.
here is the call in my .js file that executes the PUT:
return await SimpleService.put(`${app.API_URL}/matching/questions/${borrowerId}`,
JSON.stringify(answerData), {contentType: 'application/json'})
So, I recognize that without seeing all the code attached to this it isn't really realistic to ask for a black and white answer but if someone can even just give me some ideas of things to check I would greatly appreciate it.
I've tried to include everything I can think of without including unnecessary things but if any additional information is needed from me to figure this out please let me know.
Phil was right in his comment, here's an explanation from what I understand. When the button was clicked that submitted the api call the default behavior for the button click was executed, which was to re-load the page. Well, when a page is reloaded any in flight network requests are not being tracked anymore, which is why the request was showing as "cancelled" in my console tab. And that also explains why the api call was successful in updating the database, because there wasn't any problem with the actual request. Here's the steps I took to fix my problem:
remove the onClick event from my button that was calling my javascript function that begins the api call process
add this code to the form tag my button lives inside: #submit.prevent="myJavascriptFunctionThatStartsAPICall()"
Adding the .prevent prevents the default behavior of the page reloading from happening thus when the response is returned back to the page the page is still listening for it. Problem solved.
I hope this helps someone else out.
Its just the request status. In backend you should return status code 200 if everything is correct. Chrome thinks that the request got fail because you return a error code like 499 Client Closed Request or 444 No Response.
I'm making log in test in JMeter and i have a problem. I made a HTTP Request as a POST method and it works - I get a JavaScript response (new popup). So the next step is another HTTP Request which return the page after log in. But instead of getting this page in return, I got another page which informs that session doesn't exist.
What is wrong?
Make sure you add HTTP Cookie Manager to your Test Plan
Make sure you detect and handle all dynamic parameters in some cases for security or state management or whatever server expects some extra parameters in addition to credentials and in case of missing or mismatch with expected logic can fail. So the test should look like:
GET request to the login page
Extract dynamic parameters and store them into JMeter Variables
POST request to login page (pass credentials and dynamic parameters)
See How To Use JMeter For Login Authentication guide for more detailed explanation and example.
Add HTTP Header Manager and HTTP Cookie Manager to your test plan. Session IDs needs to be managed.
Thanks!! It helps with log in but I have simmilar problem going further. After log in I can see a desktop with some icons. Clicking on one of this icon open a PopUp in JavaScript. I looked at POST methods - one of them has a JS code which open this PopUp as a POST response. I added it to my Test Plan. But instead of getting a js response like " new Window ({...." I receive object.SessionTimeOutAlert()". I think that this is a common problem. But now I have HTTP Header Manager and HTTP Cookie Manager and nothing....
I have the same issue. The authentication cookie was not sent and the request body shows "unauthenticated_session=deleted" under Cookie Data instead of the token values.
I resolved it by adding additional forward slashes in path by trial and error method. Some endpoints (javascript based http requests) work with // and some with /// or ////. Weird but works for me.
I am trying to use a web service in iOS to replicate the functionality of this form. I am running into a problem though. Anytime I send a post to it, I get an error saying
<html><head>
<title>410 Gone</title>
</head><body>
<h1>Gone</h1>
/prod/bwckschd.p_get_crse_unsechas been permanently removed from this server.</p>
</body></html>
When I goto this page and select Spring 2013, it takes me to this page. The problem is, the page 2 only loads if you went through page one to get there. How does the website know whether you went through there or not? I dug around and found it sends a POST request with the value p_calling_proc=bwckschd.p_disp_dyn_sched and p_term=201320(for spring 2013). When I send page2 this POST command I get the same results as if I just visited page 2 without visiting page 1: "/prod/bwckgens.p_proc_term_datehas been permanently removed from this server." I then thought I should behave more like a web browser and initially send a GET request to page one. When I receive a response, I should send a POST request with the aforementioned data filled in. When I do this, I still get the same error. Is there something I am not taking into account? All I want to do is send GET/POST requests so I can get a list of the classes being offered.
The second page basically sends a POST request to this page with the following variables:
term_in=201320&sel_subj=CS&sel_day=dummy&sel_schd=dummy&sel_insm=dummy&sel_camp=dummy&sel_levl=dummy&sel_sess=dummy&sel_instr=dummy&sel_ptrm=dummy&sel_attr=dummy
Can someone help me figure out how to replicate this behavior? I know very little about web development and feel like I am missing a key point here which is hindering me from finishing this app. Thanks.
Most likely the first page sets a cookie that the second page checks.
If I am logged into facebook.com, I expect a call to FB.getLoginStatus will return a status='not_authorized'. Instead it returns status='unknown', even if I pass true for the 'force' parameter.
If I call FB.login, and then call FB.getLoginStatus, I get status='connected'. Makes sense.
If I call FB.login, reload the page, and then call FB.getLoginStatus, I get status='unknown'. Does not make sense. If I add 'true' as the second parameter (i.e. force), I still get status='unknown'. (I expect status='not_authorized' in this case.)
There doesn't seem to be a way to get status='not_authorized' in practice.
Am I doing something wrong? Is this a bug in FB.getLoginStatus or its documentation?
Here is a minimal test page:
http://pastebin.com/NqiBXni2
Context:
I am writing a website widget that displays posts for a public Facebook page. (This can be accessed without prompting the user via an app access token.) Each post has a "Like" / "Unlike" link. In order to determine whether to display "Like" or "Unlike", I need to know what the browsing user's Facebook ID is so that I can check whether it is in the post's list of likes.
Maybe you have third party cookies disabled.
And to elaborate slightly on David's answer, Facebook describes this as a "by design" result when 3rd party cookies are disabled.
Unfortunately, I'm not sure of the most graceful way of handling this -- at least in my site, I need an oath token to load some data.
I had similar issue, even when the 3rd party cookie is not disabled. What I did to bypass is: if I get 'unknown' response, I will call FB.login and inside that call the FB.loginStatus again. This time, FB returned correct value.
Are you use http or https?
DO NOT use http be your DEV HOST!
Just use https and it works for me.
I'm using jQuery's ajax methods to interact with the Twitter REST API.
Their API is a bit annoying, in that some actions will return a 401 HTTP status code. In that case, I just want it to fail, instead of displaying a login box.
I've tried just providing an incorrect user:pass pair in the URL, in case that might suppress the dialog and just get me an error response, but that failed to help.
This question asked exactly the same question, but the answer instead worked out how to not trigger the 401 in the first place.
(In particular this is annoying because it's a bug on their part that's requesting authentication -- the users/show method isn't supposed to be asking for it in the first place.)
Look into suppress_response_codes
It is explained about 1/4 way down the page here:
https://dev.twitter.com/docs/things-every-developer-should-know
From the Twitter documentation (incase it is moved again):
suppress_response_codes: If this
parameter is present, all responses
will be returned with a 200 OK status
code - even errors. This parameter
exists to accommodate Flash and
JavaScript applications running in
browsers that intercept all non-200
responses. If used, it's then the job
of the client to determine error
states by parsing the response body.
Use with caution, as those error
messages may change.