In my project I use Apache's HttpComponents to connect to a server. The following code creates the HttpClient.
HttpParams params = new BasicHttpParams();
params.setParameter("http.language.Accept-Language", "de-de,de;q=0.8,en-us;q=0.5,en;q=0.3");
HttpProtocolParams.setUserAgent(params, "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.19 (KHTML, like Gecko) Chrome/18.0.1003.1 Safari/535.19 Awesomium/1.7.1");
DefaultHttpClient client = new DefaultHttpClient(params);
But when I execute a request, the Accept-Language field is not sent. Just the following:
2013/04/06 20:52:07:129 MESZ [DEBUG] headers - >> GET /ws/search.json?text=&levelmin=0&levelmax=80&offset=1 HTTP/1.1
2013/04/06 20:52:07:129 MESZ [DEBUG] headers - >> Host: tradingpost-live.ncplatform.net
2013/04/06 20:52:07:129 MESZ [DEBUG] headers - >> Connection: Keep-Alive
2013/04/06 20:52:07:129 MESZ [DEBUG] headers - >> User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.19 (KHTML, like Gecko) Chrome/18.0.1003.1 Safari/535.19 Awesomium/1.7.1
2013/04/06 20:52:07:129 MESZ [DEBUG] headers - >> Cookie: s=abcdefg
Is it a bug or did I do something wrong? I just want to have a "global" accept-language field (for all requests I send from one client).
Any help would be welcome
I was not able to fix that problem, but here's a workaround for anyone issuing the same problem:
Create a central method like
void prepareHttpRequest(HttpRequest request){
request.addHeader("Accept-Language", "de-de,de;q=0.8,en-us;q=0.5,en;q=0.3");
}
You have to do that for every POST-or GET-request you do. I know that it's not very elegant, but my only solution,
Related
I am working on a project that's quite old written in java. External audit happened for the code and they pointed out two modifications needed to be done regarding CRSF token ie. to periodically rotate the token and not have the same token for whole session and mask the token as when using the burpsuite tool the token is visible. I found some ideas for rotating the token and working on it but didn't find any helpful information about masking the token. Can anyone help me with some ideas about how to mask the token. Just to clarify the it appears for some reports when being downloaded.
GET /xyz/testcontroller/begin?event=Y&CSRF_TOKEN=-653632r324354546432tret455364&id=3576632446475442342
Host: xyz.com
Cookie: JSESSIONID=452455535455762565; FileDownload=null; JSESSIONID=452455535455762565;
< other security parameters>
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.75 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
<some more parameters>
Referer: xxxxxx
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Connection: close
Any help will be helpful. Thanks in advance.
Regards,
Sam
I'm trying to run a GWT project into DevMode, After running google compilation and lanching the devMode i'm getting a url, so when running into mozila, i'm getting the 503 error.
my console is displaying the following :
[ERROR] 503 - GET /travelApp?gwt.codesvr=127.0.0.1:49822 (127.0.0.1) 1296 bytes
Request headers
Host: localhost:8888
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:43.0) Gecko/20100101 Firefox/43.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Response headers
Cache-Control: must-revalidate,no-cache,no-store
Content-Type: text/html;charset=ISO-8859-1
Content-Length: 1296
i don't understand the problem, can you help me with that ?
What you see is the response from the webserver. The Error-Code is 503 - Service Unavailable (https://en.wikipedia.org/wiki/List_of_HTTP_status_codes).
Most likey, your application failed to start.
Do you have any logs? There might be any usefull stacktraces.
Do you use the build-in Jetty? I found out, that it's sometimes hard to get log entries from it. Maybe you can try to deploy the application to tomcat to get a more helpful errorlog.
I want to support both wsand http but stucked into this problem.
I tried to access / but netty responses http 400 with message.
not a WebSocket handshake request: missing upgrade
This is log from http://localhost:9001/ request from Chrome browser.
GET / HTTP/1.1
Host: localhost:9001
Connection: keep-alive
Cache-Control: max-age=0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.110 Safari/537.36
Accept-Encoding: gzip, deflate, sdch
Accept-Language: ko-KR,ko;q=0.8,en-US;q=0.6,en;q=0.4
Cookie: csrftoken=G86EVdqbL8NUfqex8N8gZ9QzPc6dj6Jd
content-length: 0, 0B
15:56:07.998 DEBUG io.netty.handler.codec.http.websocketx.WebSocketServerHandshaker[debug:81] - [id: 0xd2bd692e, L:/0:0:0:0:0:0:0:1:9001 - R:/0:0:0:0:0:0:0:1:53677] WebSocket version V00 server handshake
15:56:07.998 INFO io.netty.handler.logging.LoggingHandler[info:101] - [id: 0xd2bd692e, L:/0:0:0:0:0:0:0:1:9001 - R:/0:0:0:0:0:0:0:1:53677] WRITE: DefaultFullHttpResponse(decodeResult: success, version: HTTP/1.1, content: UnpooledHeapByteBuf(ridx: 0, widx: 50, cap: 50/50))
HTTP/1.1 400 Bad Request, 50B
and code snippets.
p.addLast(new HttpServerCodec())
.addLast(new HttpObjectAggregator(65536))
.addLast( new LoggingHandler(LogLevel.INFO))
/**
* For websocket chatting
*/
.addLast(new WebSocketServerProtocolHandler("/chat"))
.addLast(new WsUserAcceptHandler())
.addLast(new WsChatServerHandler())
/**
* For accessing / or HTTP 404
*/
.addLast(new HttpStaticFileHandler("/", ChatServer.index))
.addLast(new HttpNotFoundHandler());
at this log line, I don't understand why netty tried to websocket handshaking?
io.netty.handler.codec.http.websocketx.WebSocketServerHandshaker[debug:81] - [id: 0xd2bd692e, L:/0:0:0:0:0:0:0:1:9001 - R:/0:0:0:0:0:0:0:1:53677] WebSocket version V00 server handshake
I'm trying to enable http response compression on Spring boot web application.
It works for some user-agents, and for some reason doesn't for others (specific cases below).
My basic question is:
Why http response compression (gzip) in Spring Boot works only for some User-Agent headers and where it is configured.
Spring boot reference doesn't say anything about it.
I prepared simple web application with enabled compression: sample spring-boot-compression app
There are integration tests that verify that gzip encoding works for some cases only.
I configured spring boot with:
server:
tomcat:
compression: on
compressable-mime-types: text/html,text/css,application/javascript,application/json,application/font-sfnt,application/font-woff,application/font-woff2
When I try to do some requests with curl:
$ curl -i -H "Accept-Encoding: gzip,deflate" http://localhost:8080
HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: application/json;charset=UTF-8
Transfer-Encoding: chunked
Content-Encoding: gzip
Vary: Accept-Encoding
I see that Content-Encoding: gzip header is set.
When I setUser-Agent to AppleWebKit (or some other browsers like IE) it does not compress:
$ curl -i -H "Accept-Encoding: gzip,deflate" -H "User-Agent: AppleWebKit" http://localhost:8080
HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: application/json;charset=UTF-8
Transfer-Encoding: chunked
Vary: Accept-Encoding
I repeated my tests with some other browsers and User-Agent header modification and received some strange results.
Here some of working (response is compressed) User-Agent headers:
- Mozilla/5.0
- Mozilla/5.0 (Windows NT 6.1; WOW64) Chrome/46.0.2490.80 Safari/537.36
- Mozilla/5.0 (Windows NT 6.1; WOW64; rv:34.0) Firefox/34.0
- SomeUnknownBrowser
Some of not working User-Agent headers:
- AppleWebKit
- Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.80 Safari/537.36
- Mozilla/5.0 (Windows NT 6.1; WOW64; rv:34.0) Gecko/20100101 Firefox/34.0
- Gecko/20100101
I also tried to use compression with GzipFilter and it behaves exactly the same. Also tried embedded Jetty instead of Tomcat - same result.
Maybe I'm just missing something.
You're probably using some sort of antivirus (maybe ESET). Try turning off HTTP protection.
With Eset you can try something like: Advanced -> Internet and email -> Web Access Protection - turn off.
This worked for me with Spring 1.4
server.compression.enabled: true
server.compression.mime-types: application/json,application/xml,text/html,text/xml,text/plain,text/css,application/javascript
GET / HTTP/1.1
Upgrade: websocket
Connection: Upgrade
Host: localhost:1255
Origin: http://testt:8080
Sec-WebSocket-Protocol: json
Pragma: no-cache
Cache-Control: no-cache
Sec-WebSocket-Key: sGGDklOmMNFmY2AniKkkGw==
Sec-WebSocket-Version: 13
Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits, x-webkit-deflate-frame
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.103 Safari/537.36
this is what I've get during the handshake of websocket, but how could I get from here the cookie id?, I've thinked to pass the cookie after the handshake is done, but will that be correct?
where are the cookies hidden?
its connecting to my java socket, what class I can use in this case to get the cookie? or it would be better if I get it from the string above...
The string above does not contain any cookie. The browser sends cookies using a "Cookie" HTTP header, which is not in that request.
If you want the browser to send the webpage cookie, you have to put the WebSocket server and the web server in the same domain, otherwise the cookie won't be send.
It is technically possible to return cookies in the negotiation HTTP response (in a "Set-Cookie" HTTP header), and it will be resend in the next connection.