Tag: http

Is it possible to add a request header to a CORS preflight request?

browser cors http javascript xmlhttprequest

I have a website that accesses an API from an external server (not the server that serves the website) via a plain XmlHttpRequest (see below). That API requires an API key for accessing the service to be added as request header. However, as these are CORS requests the browser first does a preflight request to…

What security threats when using a crypto library without https?

encryption http javascript

I’m playing with JavaScript and I know that webcrypto API is not available without https but I want encipherment capability between a web server on LAN and a browser. Using https with a self signed certificate will display a ugly warning message to the user that makes it unsuitable for my use case. I&#8…

AWS Upload with multipart/form-data Invalid

amazon-s3 amazon-web-services form-data http javascript

I am sending a file to the presignedPOST url to upload to AWS S3 and in other resources I’ve found, to send a file with form-data is to switch to multipart/form-data to send a file. This is the form data I’ve created is this: this is the field in the form in the PARAMs for the request: Is somethin…

Empty body in fetch POST request

cors fetch-api http javascript node.js

I’m struggling with the fetch API in Javascript. When I try to POST something to my server with fetch method, the request body contains an empty array. But when I use Postman it works. Here is my server-side code in Node.js: Here is my client-side code: The problem is that the req.body is empty on serve…

Load JSON content from a local file with http.get() in Angular 2

angular html http javascript json

I’m trying to load a local JSON file with http.get() in Angular 2. I tried something that I found here on Stack Overflow. It looks like this: This is my app.module.ts where I import the HttpModule and the JsonModule from @angular/http: In my component, I import Http and Response from @angular/http. Then…

JS Fetching batch data with HTTP

fetch-api google-chrome-devtools http javascript

My RESTful service allows batching requests. I’m trying to combine requests into one batch with help of Fetch API: However it returns an error – bad request. I suppose I may combine HTTP requests in wrong way. Is there simpler way of doing this? Where in Network Chrome Dev Tools can I see nested H…

Vue.js Axios bug HTTP request change my array but don’t show change

axios http javascript vue.js vuejs2

I have a very strange problem in vue.js/axios. Scenario 1 : clear my products variable BEFORE send an HTTP request (see “<<<<< SCENARIO 1” mark). Then set products variable with a new array. It works but we see a flicker (due to the HTTP request duration). So I decided to clear the …

Refused to load the script because it violates the following Content Security Policy directive

content-security-policy http javascript

When I tried to deploy my app onto devices with Android system above 5.0.0 (Lollipop), I kept getting these kind of error messages: 07-03 18:39:21.621: D/SystemWebChromeClient(9132): file:///android_asset/www/index.html: Line 0 : Refused to load the script ‘http://xxxxx’ because it violates the fo…

What’s to stop malicious code from spoofing the “Origin” header to exploit CORS?

ajax cors http javascript

The way I understand it, if a client-side script running on a page from foo.com wants to request data from bar.com, in the request it must specify the header Origin: http://foo.com, and bar must respond with Access-Control-Allow-Origin: http://foo.com. What is there to stop malicious code from the site roh.co…

HTTP Content-Type Header and JSON

http http-headers javascript json php

I have always been trying to avoid using most of the HTTP protocol’s properties for the sake of fear of the unknown. However, I said to myself that I’m going to face fear today and start using headers purposefully. I have been trying to send json data to the browser and use it right away. For exam…