Hi I have some problems trying to handle http requests on my own and show them on screen using webview
Using the
shouldInterceptRequest
function in WebViewClient
So far, things are fine. I handle the matter well and receive cookies from the response headers and send them again in the next request.
But I'm having problems processing post requests
As the server expects some information from me in the request body, such as the password, email, and some other parameters that differ from one site to another.
Now my problem is how do I know what parameters are required from the server, such as the browser, as the browser handles these requests with ease and dwarfs sending all the required parameters
I tried to monitor requests via DevTools in PC chrome and I saw what parameters are required to login in only one site
I managed to get these parameters with javascript via
wb.loadUrl("javascript:const formData = new FormData(document.querySelector('form')); for(var pair of formData.entries()){INTER.putForms(pair[0],pair[1]); }");
I made a javainterface and put in it a putforms function that receives the information and puts it in a hashmap
Now I have solved the problem in one site, what about the rest of the sites? This method is not easy at all, I have to know how the browser deals with these requests
Please Help
Related
So, I'm currently developing an app for a service which has a json-based (unfortunately) read only API. Retrieving content is no problem at all, however the only way to post content is using a form on their site which location is a PHP script. The service is open source so I know which fields the form expects, but whatever I send, it always results in a BAD REQUEST.
I captured the network traffic inside my browser and as far as I can see, the browser constructs a multipart form request, however when I copy the request and invoke it again using a REST client, a BAD REQUEST gets returned.
Is there a way to construct a http request in Android that simulates a form post?
If it's readonly I think you wouldn't be able to make requests with POST (it's assume for editing or adding things).
If you let me make you an advise, I recommend you using this project as a Library.
https://github.com/matessoftwaresolutions/AndroidHttpRestService
It makes you easy deal with apis, control network problems etc.
You can find a sample of use there.
You only have to:
Build your URL
Tell the component to execute in POST mode
Build your JSON
As I told you, I don't know even if it will work.
I hope it helps!!!
The server sending JSON to the API is a Tomcat server in the Gradle packages (it is built in Java).
I am having trouble's making an API call with Angular. I know my API is working because I can view it on "Postman."
var app = angular.module("todo", []);
app.controller("AppCtrl", function($http){
$http.get("192.168.5.100:8080/aggregators/datafile")
.success(function(data){
console.log(data)
})
})
When I run it I get the following error:
XMLHttpRequest cannot load %3192.168.5.100:8080/aggregators/datafile. Cross origin requests are only supported for HTTP.
The problem you're running into is that you can't make cross origin requests from the browser without CORS or using JSONP.
Postman operates outside of the context of the browser (as if you had issued a cURL request, if you're familiar with cURL).
This is for security reasons.
So, how do you implement JSONP? It really depends on the server, but in general, your resource would look for a GET request that had a pre-determined querystring parameter (normally callback for simplicity):
http://192.168.5.100:8080/aggregators/datafile?callback=mycallback
How do you make a JSONP call?
The server wraps the JSON in that callback, causing it to look something like the following:
mycallback({json:object});
This Stack Overflow answer goes into more detail.
The callback is the function the browser should hit when the request is executed, and that's what allows for cross-domain requests.
Now, on to CORS.
CORS is a system for allowing the browser to communicate with the server to determine whether or not it should accept a cross domain request. It's a bit complicated, but in general it involves settings up certain Headers on your API Server; and then executing an Ajax request in a particular fashion (for JQuery, use the withCredentials property for $.ajax). The server checks where the request is from, and if it's a valid source, it let's the browser know and the browser allows the request (I'm being simplistic).
MDN has a thorough explanation of CORS that is worth reading.
is it possible to create a mini HTTP server that acts as a proxy where i can recieve any requests from a webview and it will pass that request to my http proxy server running inside the app that can then view the raw contents of that request(http headers, bodies etc) and handle it from my own proxy?
I can see that the apahce libraries only contain objects that allow you to create requests and handle responses but not how i can create a mini http server.
Thanks
I don't understand the question fully so here's the question I am going to be answering.
Is it possible to create a HTTP server that allows me to view the source code of a web page.
The answer is: yes.
Since I don't really develop for Android phones, I'm only going to list out what you should do.
So first of all you want to accept a connection from a client. Then you might want to send it back a HTML page containing a form with a website URL field. If you set the method to POST, you will be able to make the URL of any length. Now your server needs to know how to receive the HTTP POST request. I don't really know the HTTP well enough to tell you how the request-response is encoded.
I have a jquery plugin and I'm using jsonp for crossdomain call to a jsp file.
I want to strict the jsp return values only to specific websites in our database.
To achieve this I need to somehow get the ip or url of the website the jsonp call triggered and not the client/user ip. I've tried the referer value in the http header but this will not work with IE and I guess this is not the best solution either.
How can I securely now who is calling my jsp file with my plugin, from his website?
Thanks in advance.
The simplest answer would be to issue each website a unique key or other identifier that they include in their request. You parse this identifier and flex your response appropriately.
However with a request originating from the client browser, you would have to be careful and would have to evaluate what you mean by how "securely" you need the request to be handled. (since the untrusted client would be making the request it would be a simple task to harvest and reuse such an identifier)...
Referrer (if present) could be used as a double check, but as you pointed out, this is unreliable and coming from an untrusted client computer, this portion of the request could be faked as well.
If we could assume some server side processing by the website owners, you could have them implement a proxy for the jsonp call (which would ensure such a token would never fall into the hands of the browser)... but we'd have to know if such a safeguard would really be worth it or not :)
I have a java web application running on WebSphere 7. The application uses form authentication method and part of the application accesses some protected resources using ajax requests. However, when the user's session expires, I am getting the login page in place of the content that is supposed to be refreshed by the ajax request.
Is there a good way to handle this problem? WebSphere returns a response status 200 with the login page so I cannot rely on that.
Maybe there is a way to tell the server that basic authentication should be used in certain circumstances but I don't know how.
I also thought of checking first if the session is new by making a request to unprotected resources first then return a certain status but it looks like a code smell solution...
This is how I handled it in a similar situation. In our case, the AJAX response is always JSON. When the login expires, the authentication filter always sends a login form in HTML. So I check the content-type like this,
if ((this.getHeader('Content-type') || '').include('application/json'))
If it's not JSON, I simply redirect to another protected page, which will trigger a full screen login and then that page will direct user back to the AJAX page.
You can send back some unique response or some error code(make sure you wont get this error code as valid response in any case) when the user session is not there to the Ajax call from WebSphere. And in the Ajax call method, on process response, check whether its error code.If its error code, redirect him to login page or do what ever and other case will be the valid data.