I am testing foursquare api. Here is the url.
https://api.foursquare.com/v2/checkins/add?venueId=123&shout=Test&broadcast=public,twitter,facebook&oauth_token=something
the problem is when I add shout="test". It works fine. But "test message" isn't working. I mean test[space]message isn't working.I tried with removing spaces,it worked.But,that can't be solution. How can I handle such thing I mean how can I send post request with shout="test messgae" with space include.
Try using shout="test%20message"
%20 is just HTML code for a space
This is another post found on Stack Overflow that provides more detail Encoding URL Query Parameters
Related
I am writing an application in Java that works with the Spotify Web API to get the album artwork of the currently playing album (and maybe other stuff in the future, hence the long list of scopes). Per Spotify's guide, I have to use callbacks in order to get the access token. However, when using the authorization link, Spotify gives me the following intensely helpful and insightful error message.
Spotify Error Message
The code I am using to call open a window is
if(Desktop.isDesktopSupported())
{
String url = "https://accounts.spotify.com/authorize/";
url += "client_id="+SpotifyClientID;
url += "&response_type=code";
url += "&redirect_uri=http%3A%2F%2Flocalhost%3A8888%2Fcallback%2F";
url += "&state="+state;
url += "&scope=playlist-read-private%20playlist-read-collaborative%20user-library-read%20user-read-private%20user-read-playback-state%20user-modify-playback-state%20user-read-currently-playing";
Desktop.getDesktop().browse(new URI(url));
}
Similar questions have been asked, and their issue was their callback URL was not whitelisted; however, I went to the Spotify Dashboard and made SURE http://localhost:8888/callback/ was whitelisted. I've tried using 'http://localhost:8888/callback/' directly in the URL, and I've also tried HTML escaping it, so that it becomes 'http%3A%2F%2Flocalhost%3A8888%2Fcallback%2F' as shown in the code above. Can anyone give me an insight as to why the error message appears instead of the login page?
Figured it out myself. Turns out, I am awesome at links. /s Changed the last '/' in "https://accounts.spotify.com/authorize/" into a '?' so that it would actually receive the parameters I was passing it and it worked perfectly.
I'm start learning java programming, and I want make a simple server application. I read about com.sun.net.httpserver.HttpServer and find a good example on this link: https://github.com/imetaxas/score-board-httpserver-corejava.
I understand how to do Get-request in url, but I don't know how POST works. I think it must be sent a form or data on the server.
I attach the link of project, which I'm learning, in readme the author wrote http://localhost:8081/2/score?sessionkey=UICSNDK - it's not working...
I wrote in url and get sessionkey: "localhost:8081/4711/login --> UICSNDK"
I wrote in url this for Post request: "localhost:8081/2/score?sessionkey=UICSNDK" - not working and in chrome return 404 bad request
3.wrote in url this:"localhost:8081/2/highscorelist"
Please help me, I am beginner.
The difference between GET and POST is that with a GET request the data you wish to pass to the endpoint is done by modifying the url itself by adding parameters to it.
With a POST any data you wish to send to the endpoint must be in the body of the request.
The body of a request is arbitrary data that comes after a blank line in the header The reqiest has the request line, following by any number of header attributes, then a blank line.
The server would need to know what the format of the body of the request was and parse it as appropriate.
Of course 'modern' frameworks like jax-rs allow you to automatically convert request data to objects, so that it is much simpler.
Team,
I have created a search API and made it as GET request. Now when I try to give only a single space in search, it gives me 404 resource not found error. For example:
http://localhost:8080/myproject/myapp/search/ ?pageNo=1&limit=20
As you can see there is a space in the URL after /search/. This URL returns me the error 404. I'm using Spring 4.x version.
Thanks
The URL is invalid with a space between the URL part and the request parameter string '?'. You need to encode the URL to replace characters like space with '%20'.
Try:
String encodedUrl = URLEncoder.encode(url, "UTF-8");
You can also trim all spaces before your query goes to request URL. Not sure that user need to have ability to search by space (nothing).
And using of URLEncoder for strings coming to URL is very recommended.
I am trying to integrate my application with Sagepay, using the Server Integration Protocol. I have written my code in JAVA and currently I am at the point where I'm sending a POST to Sagepay to be redirected to their payment page. However, I get a blank screen which is a result of an Error 400 (Bad Request).
In their documentation, they specifically state that:
The data should be sent as URL Encoded Name=Value pairs separated with & characters and sent to the Sage Pay Server URL with a Service name set to the message
type in question.
The URL that I have constructed is this:
https://test.sagepay.com/gateway/service/vspserver-register.vsp&VPSProtocol=3.00&TxType=PAYMENT&Vendor=foovendor&VendorTxCode=foovendor-1459865650735-78597&Amount=10&Currency=GBP&Description=This+is+the+description&NotificationURL=http%3A%2F%2Fwww.google.com&BillingSurname=foosurname&BillingFirstnames=fooname&BillingAddress1=fooaddress&BillingCity=foocity&BillingPostCode=foopc&BillingCountry=UK&DeliverySurname=fooname&DeliveryFirstnames=foosurname&DeliveryAddress1=fooaddr&DeliveryCity=foocity&DeliveryPostCode=foopc&DeliveryCountry=UK&CustomerEMail=foo%40foo.com
What am I missing?
Thanks for your help!
Your url doesn't setup the query string properly.
Ithink that
register.vsp&VPSProtocol
should be
register.vsp?VPSProtocol
I.E. Question mark instead of ampersand.
Also, you said a post was required, but pasting that url in a browser will send a GET request, won't it ?
I made this minimal JSP:
<%
response.sendRedirect(request.getQueryString());
%>
Obviously it's not very useful, but it is enough to trigger a FindBugs warning I am also getting on my real JSP:
This code directly writes an HTTP parameter to an HTTP header, which
allows for a HTTP response splitting vulnerability
However, I'm pretty sure FindBugs is wrong here. Per the docs getQueryString does not decode the query string, and I don't believe the encoded query string can contain a CRLF because it has to be in the request line. So as far as I can tell, there's no way a CRLF could get in there.
This toy page is going to have a problem if the query string is null, and the string will be interpreted as relative or not which is probably not great, but is there an HTTP response splitting vulnerability here?
If there is, how could we prevent it?
Short answer is YES. But there are more security issues than only response splitting (aka header or CRLF injection). There is also an "unvalidated redirect" issue. An attacker can redirect your customer through your site to some other dangerous site (phishing, exploiting, etc).
The solution is to create a whitelist and check if the current target is inside the whitelist. This prevents both issues. Encoding the value would just be the solution to the response splitting issue but doesn't work against the redirect issue.