I have a website that accesses an API from an external server (not the server that serves the website) via a plain XmlHttpRequest (see below). That API requires an API key for accessing the service to be added as request header. However, as these are CORS requests the browser first does a preflight request to check if that server supports
Tag: http
What security threats when using a crypto library without https?
I’m playing with JavaScript and I know that webcrypto API is not available without https but I want encipherment capability between a web server on LAN and a browser. Using https with a self signed certificate will display a ugly warning message to the user that makes it unsuitable for my use case. I’ve also tried to embedded an iframe
AWS Upload with multipart/form-data Invalid
I am sending a file to the presignedPOST url to upload to AWS S3 and in other resources I’ve found, to send a file with form-data is to switch to multipart/form-data to send a file. This is the form data I’ve created is this: this is the field in the form in the PARAMs for the request: Is something going
Empty body in fetch POST request
I’m struggling with the fetch API in Javascript. When I try to POST something to my server with fetch method, the request body contains an empty array. But when I use Postman it works. Here is my server-side code in Node.js: Here is my client-side code: The problem is that the req.body is empty on server side. Answer The issue
Load JSON content from a local file with http.get() in Angular 2
I’m trying to load a local JSON file with http.get() in Angular 2. I tried something that I found here on Stack Overflow. It looks like this: This is my app.module.ts where I import the HttpModule and the JsonModule from @angular/http: In my component, I import Http and Response from @angular/http. Then I have a function called loadNavItems(), where I try
JS Fetching batch data with HTTP
My RESTful service allows batching requests. I’m trying to combine requests into one batch with help of Fetch API: However it returns an error – bad request. I suppose I may combine HTTP requests in wrong way. Is there simpler way of doing this? Where in Network Chrome Dev Tools can I see nested HTTP requests? Answer Your code does
Vue.js Axios bug HTTP request change my array but don’t show change
I have a very strange problem in vue.js/axios. Scenario 1 : clear my products variable BEFORE send an HTTP request (see “<<<<< SCENARIO 1” mark). Then set products variable with a new array. It works but we see a flicker (due to the HTTP request duration). So I decided to clear the products variable IN the request. Scenario 2 :
Refused to load the script because it violates the following Content Security Policy directive
When I tried to deploy my app onto devices with Android system above 5.0.0 (Lollipop), I kept getting these kind of error messages: 07-03 18:39:21.621: D/SystemWebChromeClient(9132): file:///android_asset/www/index.html: Line 0 : Refused to load the script ‘http://xxxxx’ because it violates the following Content Security Policy directive: “script-src ‘self’ ‘unsafe-eval’ ‘unsafe-inline'”. 07-03 18:39:21.621: I/chromium(9132): [INFO:CONSOLE(0)] “Refused to load the script ‘http://xxx’ because
What’s to stop malicious code from spoofing the “Origin” header to exploit CORS?
The way I understand it, if a client-side script running on a page from foo.com wants to request data from bar.com, in the request it must specify the header Origin: http://foo.com, and bar must respond with Access-Control-Allow-Origin: http://foo.com. What is there to stop malicious code from the site roh.com from simply spoofing the header Origin: http://foo.com to request pages from
HTTP Content-Type Header and JSON
I have always been trying to avoid using most of the HTTP protocol’s properties for the sake of fear of the unknown. However, I said to myself that I’m going to face fear today and start using headers purposefully. I have been trying to send json data to the browser and use it right away. For example, if I have