I'm having difficulties on retrieving data from my server. I activated CORS and set up my call properly(already tested it with postman). I'm sending the post request to my server, method is being hit but when returning and trying to read the response on the client side, the SDK fails.
This is the error I'm getting on the console.
Am I missing something here? do I have to use another plugin for the htttp calls in web environment?
Error information is incomplete, in which line do you get error?
I assume your uri and some other thing are ok.
change filtereDto to:
Map<String,dynamic> filterDto={
'date':'2020-02-07....',
'countryId':'1' // string number
}
And you dont need to :
json.encode(filterDto)
in post call, only filterDto is enough
... body: filterDto ...
I have found the issue. Cors was being enabled on my server side incorrectly. Order activating Cors is critical for configurations to be applied properly in a .Net core app.
This is how is done. First activate Cors and then MVC.
Hope it helps anyone who is struggling with the same thing.
Related
one of my old project/app was working fine for years, very recently client report that app does not working any longer due to API response issue.
it's just a get request to an API with some parameters..
till date (before issues occurs) it returns following response:
,,3,1669179307,0,
but recently it shows following response: (note nothing is changed in the source php/code files since project start)
<html><title>You are being redirected...</title>
<noscript>Javascript is required. Please enable javascript before you are allowed to see this page.</noscript>
<script>var s={},u,c,U,r,i,l=0,a,e=eval,w=String.fromCharCode,sucuri_cloudproxy_js='',S='bT0nP2RUNCcuc3Vic3RyKDMsIDEpICsgJycgKyAKJz9iVGYnLnN1YnN0cigzLCAxKSArICcnICsgCidIcExjJy5zdWJzdHIoMywgMSkgK1N0cmluZy5mcm9tQ2hhckNvZGUoNTYpICsgJ3FAYycuY2hhckF0KDIpKyAnJyArIAonNycgKyAgICcnICsgClN0cmluZy5mcm9tQ2hhckNvZGUoMHg2MykgKyAgJycgKycnKyIyc3VjdXIiLmNoYXJBdCgwKSsiYyIgKyAiNHNlYyIuc3Vic3RyKDAsMSkgKyAiZW0iLmNoYXJBdCgwKSArICAnJyArIAoiM2MiLmNoYXJBdCgwKSArICIiICtTdHJpbmcuZnJvbUNoYXJDb2RlKDk3KSArICJlIi5zbGljZSgwLDEpICsgICcnICsnZCcgKyAgJ0RiJy5zbGljZSgxLDIpKyAnJyArJycrJ3hJMScuY2hhckF0KDIpK1N0cmluZy5mcm9tQ2hhckNvZGUoMHgzMSkgKyAncTAwJy5jaGFyQXQoMikrU3RyaW5nLmZyb21DaGFyQ29kZSgweDYzKSArICIiICsnSHVIZScuc3Vic3RyKDMsIDEpICsiN3N1Ii5zbGljZSgwLDEpICsgIjhzdSIuc2xpY2UoMCwxKSArICdjJyArICAiZHN1Y3VyIi5jaGFyQXQoMCkrJ2EnICsgICIiICsiY3N1Y3VyIi5jaGFyQXQoMCkrImRzZWMiLnN1YnN0cigwLDEpICsgU3RyaW5nLmZyb21DaGFyQ29kZSg0OSkgKyAgJycgKyAKU3RyaW5nLmZyb21DaGFyQ29kZSgweDMzKSArICAnJyArJycrJ2QnICsgICAnJyArIAonMScgKyAgJyc7ZG9jdW1lbnQuY29va2llPSdzdXMnLmNoYXJBdCgyKSsndXN1YycuY2hhckF0KDApKyAnYycrJ3UnLmNoYXJBdCgwKSsncnN1Y3VyaScuY2hhckF0KDApICsgJ2knKycnKydzdWN1cmlfJy5jaGFyQXQoNikrJ2MnKycnKydsc3VjdXJpJy5jaGFyQXQoMCkgKyAnb3N1Jy5jaGFyQXQoMCkgKyd1JysnZHMnLmNoYXJBdCgwKSsnc3AnLmNoYXJBdCgxKSsncnN1Y3UnLmNoYXJBdCgwKSAgKydvJysneHN1Y3VyJy5jaGFyQXQoMCkrICd5Jysnc3VjdXJfJy5jaGFyQXQoNSkgKyAnc3V1Jy5jaGFyQXQoMikrJ3UnKydpJysnJysnZHN1Y3VyJy5jaGFyQXQoMCkrICdfc3UnLmNoYXJBdCgwKSArJzQnKycnKydzdWN1cmMnLmNoYXJBdCg1KSArICc2c3VjJy5jaGFyQXQoMCkrICcwc3VjdXInLmNoYXJBdCgwKSsgJ3N1Y3VyaTUnLmNoYXJBdCg2KSsnc3U0Jy5jaGFyQXQoMikrJ3N1Y3VyNCcuY2hhckF0KDUpICsgJ2YnKycyc3VjdXJpJy5jaGFyQXQoMCkgKyAiPSIgKyBtICsgJztwYXRoPS87bWF4LWFnZT04NjQwMCc7IGxvY2F0aW9uLnJlbG9hZCgpOw==';L=S.length;U=0;r='';var A='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/';for(u=0;u<64;u++){s[A.charAt(u)]=u;}for(i=0;i<L;i++){c=s[S.charAt(i)];U=(U<<6)+c;l+=6;while(l>=8){((a=(U>>>(l-=8))&0xff)||(i<(L-2)))&&(r+=w(a));}}e(r);</script></html>
here is curl screenshot:
And here is the postman screenshot:
and when i check the URL in browser it shows the expected result, though when i check the devtool (network tab), it looks like page is loaded two times.. 1st one provide error (HTML/js) response (read marked) 2nd one provide the expected response (green marked), so, it looks like when it's called directly by curl/postman/c#... fails.. but as browser can do redirect it passed.
here is the browser screenshot:
i am sorry, i added several screenshot to give better idea what is happening.
and here is the URL in question:
https://simpleclienttracking.com/membershipmanager/remotelogvisit.php?locID=1&orgID=1&deptID=1&barcode=8346420
now my question, is how can i use the API code/file to get the direct response as i was getting earlier? do i need to pass any header? update/modify server htaccess file or what?
To test the error in deep, i have tried another URL from another hosting provider, in that case i am passing post request to an URL, and this server response slightly different thing, but looks like core is same, redirect!
here is the response from new/another server:
<script>document.cookie = "humans_21909=1"; document.location.reload(true)</script>
so, it's looks like hosting providers has applied some kind of security for direct URL access?
thanks in advance for any upcoming help
best regards
So here is my Cors initialization code:
app.UseCors(builder =>
builder.AllowAnyMethod().AllowAnyHeader().AllowAnyOrigin());
And yet when I run PATCH I get the following error in Chrome 83:
Access to fetch at 'https://api-dev.myproject.com/api/mp' from origin 'https://users-dev.myproject.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
Here is the code that is calling the api (from React):
const response = await fetch(API_URL() + `/mp`, {
method: 'PATCH',
body: `"${JSON.stringify(mpForm.values)}"`,
headers: {
Authorization: 'Bearer ' + apiToken,
'Content-type': 'application/json'
}
});
What could be going wrong here? Most API requests to this domain are just fine. It's just this one at the moment.
UPDATE
Just in case you are experiencing this exact issue, the root cause of this problem was the body line:
body: `"${JSON.stringify(mpForm.values)}"`,
and the issue was resolved by refactoring the API to work with a body like this instead:
body: JSON.stringify(mpForm.values),
The reason this was a problem was that the stringify function embedded double quotes in the return value, resulting in a string like this being passed:
'"{"foo":"bar"}"'
which then caused the CORS error.
Your CORS configuration looks correct, if some requests work, but not others then there is potential that the issue is not at the API end at all.
In the API startup.cs, make sure that CORS is configured before all other configurations.
app.UseCors(builder => builder
.AllowAnyOrigin()
.AllowAnyMethod()
.AllowAnyHeader()
This code is valid, though not very secure, it will satisfy browser CORS protocols globally for your app
Make sure that throughout your API there is no conflicting CORS config, look for individual CORS config on the controllers or methods for the request that is failing.
Check the client end, although your client code looks OK, the body is injected from a variable, to troubleshoot any client to server issues you need to either log the full request in plain text, or retrieve it from the network traffic inspection tools in your web browser at runtime.
If most queries to your API resolve correctly and it is only one or two that fail, this is a good indicator that there is a problem at the client end, you should probably start here.
Update:
OP's issue was not directly related to CORS at all, it is however a good reminder of two important lessons:
Malformed requests the Web API may fail before generating the correct response to an OPTIONS request, and if the OPTIONS request does not respond according to spec, the browser will report this as a CORS denial issue first, supressing the real erroneous response from the API
In posting issues to forums for advice on resolving errors, providing code that causes errors only paints part of the picture. You need to include logs that show the runtime values as well as the actual error message.
For debugging any Web API issues between client and server, you should always look at the actual HTTP Request and Response content and headers for the affected call, you can see the network trace using your browser dev tools, however if you need to regularly debug issues like this in production you should consider request trace logging either at the client or the server side.
You cannot combine 'allow any origin' with authorization. It's a security risk. Rather than allowing any origin, you can echo back the origin of the request, though you should be aware that doing is so brings some security risk - you're allowing auth tokens from any domain. It's better to configure CORS properly with the allowed domains.
Please see the accepted answer for this question: C# WEB API CORS does not work for one way to configure the backend in this scenario, avoiding the use of Access-Control-Allow-Origin:*.
After much troubleshooting, we were able to determine that the root cause of the issue was the body of the request. The stringify method was embedding double-quotes inside a string that was enclosed in double-quotes.
Why this caused a CORS error remains unclear to me, but it is likely a red herring.
Fixing the body resolved the issue.
I would be interested to understand the chain of events that led to a CORS error in the browser. But otherwise we have now resolved this.
Very new to this. I am using a wsdl. Generating the web reference and .net builds the classes in references.cs. Now is there any way I can get the soap request going out though any c# methods in my code?
Getting at System.Xml.Serialization.XmlSerializer.Serialize error in prod but absolutely working fine in UAT. No body has no clue on why? Can someone pls provide insights on getting the soap request going out ?
You can use tool fiddler to track the request and responce
I am getting this error:
Client found response content type of 'text/html', but expected 'text/xml.
I am adding web reference for live search. When i build the project its Successful. But after that once i enter some text in textbox & enter search button it gives this error. I am Using my local machine & Using .net 2.0 with C#.
Plz help me...
Thanks In Advance...
As Matt said, it's probably an error page coming back.
Either use a proxy like Fiddler or a network sniffer like WireShark to see what the raw response is - that should help you get to the bottom of what's going on.
Generally that error means that the service has sent back an (HTML) error message rather than the XML SOAP response that your client was expecting.
For web services that you control it's really easy to find the problem, because you can invoke the webmethods by hand in your browser. To diagnose it when it's someone else's service is a little trickier. You might be able to trace into the code for your web reference and inspect the text of the response before the exception is thrown.
I have found Fiddler to be highly useful in debugging http client server issues.
It is a proxy that allows you to intercept and even change the content of the request and response.
In your actual code, replace the line:
searchRequest.AppID = "APP ID you generated from ...";
with the actual AppID, which should be a long alpha-numeric sequence.
Has anybody else had trouble with getting the .Net Framework source code? Google doesn't have anything to say about this error message, and neither does the CodePlex issue tracker.
Here is the command I'm using to get the source code for the modules that make up mscorlib.dll. Am I doing something obviously wrong?
NetMassDownloader.exe -o source -f "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll"
The 400 Bad Request error is an HTTP status code that means that the request you sent to the website server was somehow malformed therefore the server was unable to understand or process the request.
Resolution
Check for errors in the URL. The most common reason for a 400 Bad Request error is because the URL was typed wrong or the link that was clicked on points to a URL with some kind of mistake in it.
Though it's rare, the 400 Bad Request error could be an issue with the web site's server that you are trying to access.
Download it in another computer and copy/paste that folder to your own computer. I've got a similar problem with the tool, and that was my workaround.