Messages
Reply
Edit
Delete06:12 am
3P50DALOQ
| From: | Rick Strahl |
| To: | Stein Goering |
No, the server is redirecting (ie. Response.Redirect) because presumably it disallows non-HTTPS requests. But redirects cna only be GETs - if the original URL was a POST and you had posted data, the redirect will lose that data.
+++ Rick ---
Duh.
Somehow I thought I couldn't include the protocol in the URL. Evidently I got confused and was remembering this line from the docs:
"Note the domain name or IP address is a pure IP/domain name address - do not specify any protocol prefixes like http:// or smtp:// etc."
which is the spec for to the MailServer setting in wwSMTP. It helps to RTFM - helps even more to read the correct section.
Anyway, if I specify https up front, each hit generates just a single entry in Fiddler so I can trace the call.
So when I didn't specify a protocol, the Fiddler entries indicated that there was an initial HTTP call, and then when that failed it tried the HTTPS url. That meant that my GET requests actually worked without the HTTPS. What triggered those duplicate calls? Is that part of the httpGet behavior?
--stein
Just change the URL to https://. You don't need the lSecureLink property (wwHttp figures this out automatically - this is only useful if using special ports for SSL) and it wouldn't work on that request anyway because you're giving it the wrong URL. http:// and https:// are two completely different URLs as far as an HTTP client is concerned.
+++ Rick ---
"Try calling the service with https:// to start and then you might get the results you're expecting."
How do I do that? I thought I just needed to set oHTTP.lSecureLink to True before calling httpGet(). I have verified that's the case. What else do I have to do to force an https call?
--stein
Looks like the service is redirecting from http:// to https://. In the process the request becomes a GET.
Try calling the service with https:// to start and then you might get the results you're expecting.
+++ Rick ---
I added the postmode and contenttype settings - still getting the same 403 response from the server. And the techs on their side still claim it's because I'm sending a GET request instead of a POST.
And I still don't understand the Fiddler results - why is each request listed twice?
And why does the json post show up as a GET after initially being flagged as a POST?
Stein,
To post a raw buffer just use:
loHttp.nHttpPostMode = 4 && this is not necessary I think loHttp.cContentType = "application/json" loHttp.AddPostKey(lcJson)
+++ Rick ---
I'm trying to get my program to interact with a REST service. A typical request would look like this:
http://longwoodlive.org/d2l/api/lp/1.0/organization/info? - followed by several querystring parameters that are used to validate the request.
If I submit the above using wwHTTP::httpGet I get the desired response. However, for this one, which creates a user account, I need to Post a JSON string:
http://longwoodlive.org/d2l/api/lp/1.0/users/
I use AddPostKey(.F.,"<JSON text..>") to load the string, then execute the call with httpGet. My understanding is this should generate a POST request, but I am getting an Invalid Token message back from the service. Their techs tell me this may be caused by an invalid HTTP method, i.e. a GET instead of a POST. They also told me I should use SSL when making these calls, so I set lSecureLink on.
I then set up Fiddler to try and track this. I enabled the self-generated certificate so I could track HTTPS sessions. It looks like each of my hits generates 2 Fiddler entries, one without SSL and one with:
302 HTTP longwoodlive.org /d2l/api/lp/1.0/users/?&x_...
403 HTTPS longwoodlive.org /d2l/api/lp/1.0/users/?&x_...
The raw data for the first one shows the expected POST request:
POST http://longwoodlive.org/d2l/api/lp/1.0/users/?&x_a=6EAimWV1Q56N_M0dU_ZNWA&x_b=yU_XnmtI4QrmC8Uj-IBvcX&x_c=Kg6TwcxIBm_rkiTTUIPQ-uNYku02X8TCjrrLslo_-wY&x_d=z9brlOMkpnBbUEz1TYnT3BJM-4T0-sQBzslDZ6T42iI&x_t=1358318810&end=now HTTP/1.1
Content-Type: application/x-www-form-urlencoded
User-Agent: West Wind Internet Protocols 5.65
Host: longwoodlive.org
Content-Length: 229
Pragma: no-cache
{
"OrgDefinedId": "XX000TEST",
"FirstName": "Tom",
"MiddleName": "",
"LastName": "Foolery",
"ExternalEmail": "stein@aceware.com",
"UserName": "Tom.Foolery",
"RoleId": "78",
"IsActive": true,
"SendCreationEmail": false
}
But the response contains only a header:
HTTP/1.0 302 Found
Location: https://longwoodlive.org/d2l/api/lp/1.0/users/?&x_a=6EAimWV1Q56N_M0dU_ZNWA&x_b=yU_XnmtI4QrmC8Uj-IBvcX&x.....
Server: BigIP
Connection: Keep-Alive
Content-Length: 0
The second request shows the same URL, except https this time, but the method has changed to GET:
GET https://longwoodlive.org/d2l/api/lp/1.0/users/?&x_a=6EAimWV1Q56N_M0dU_ZNWA&x_b=yU_XnmtI4QrmC8Uj-IBvcX&x...
Connection: Keep-Alive
User-Agent: West Wind Internet Protocols 5.65
Cache-Control: no-cache
Pragma: no-cache
Host: longwoodlive.org
Response:
HTTP/1.1 403 Forbidden
Cache-Control: private
Content-Length: 13
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
X-XSS-Protection: 0
X-Powered-By: ASP.NET
Date: Tue, 15 Jan 2013 04:46:16 GMT
Invalid token
I do get a response body but it's just the Invalid token notice.
What I need is for the HTTPS request to go out as a POST method. Why does it get switched to GET and how can I prevent that from happening?
And why am I seeing 2 entries for each call?
Any assistance would be appreciated...
--stein
West Wind Technologies
Making waves on the Web