11,984 questions
Best practices
0
votes
0
replies
17
views
Would X-Forwarded-Prefix be enough to reconstruct an URL?
In order for the recipient (often myself) to be able to reconstruct the original request URL, I'd like my own http server to support the "X-Forwarded-Prefix" header when serving as a proxy. ...
- 569
Advice
0
votes
0
replies
58
views
Why does the User-Agent show Windows 10 when my system settings say Windows 11?
enter image description here
I am studying about the backend, so I am looing at the topic of the HTTP headers. I am going through the YouTube HTTP headers, and I noticed that the "user-Agent"...
Advice
0
votes
2
replies
79
views
How to handle variable-length header values when parsing HTTP requests in Java?
I'm building an HTTP server and parsing request headers. My current code fails when the Host header includes a port number because I'm splitting on :.
Current Code:
String[] header = line.split(":...
Best practices
0
votes
1
replies
76
views
TYPO3: Add HTTP header to response
TYPO3 uses HTTP middlewares to process requests, and responses and their headers are created within those middlewares.
Now I'm deep in a powermail finisher and would like to add additional HTTP ...
- 31.4k
Advice
2
votes
0
replies
75
views
Can Cloudflare be bypassed from unrendered browsers using basic techniques like setting proper headers or cookies?
I’m building a Scrapy-based crawler and facing Cloudflare protection on some sites.
Here’s my current setup:
I have a separate API service that can bypass Cloudflare by simulating a real browser (e.g....
1
vote
1
answer
179
views
Add upstream HTTP header if not present with Kong API Gateway [closed]
I've been using the Post-Function plugin in Kong Gateway to implement some custom logic.
Lately, a large part of it has become unnecessary, and I am left with the following configuration, which only ...
- 7,936
0
votes
0
answers
59
views
Active service worker logging but not intercepting requests
Bit of a messy setup, please accept my advance apologies. I am trying to coordinate work between 3 different GitHub Pages:
https://bur.gy serves my Jekyll blog and registers a service worker called ...
- 21
0
votes
0
answers
54
views
I don't fully understand the difference between CL.TE and TE.CL in HTTP request smuggling
I am doing labs in PortSwigger and the topic is HTTP request smuggling. And I am working on CL.TE and TE.CL. And for these labs :
https://portswigger.net/web-security/request-smuggling/exploiting/lab-...
1
vote
1
answer
116
views
Set-Cookie header disappears after some time when using HttpClient with DelegatingHandler in ASP.NET Core
I have a .NET Core project with two layers: an API layer and a UI layer, both in the same solution. The UI layer is built with ASP.NET Core MVC, where controllers call services, and the services use ...
- 11
4
votes
2
answers
200
views
How to find powershell's Invoke-RestMethod limit for the size of response headers?
Documentation for Powershell's Invoke-RestMethod does not mention any parameter which would configure maximum allowed size of request/response headers - Official Documentation.
I'm trying to find out ...
- 61
0
votes
1
answer
243
views
Google Calendar cid=<ICS URL> shows “Unable to add calendar. Check the URL.” — but the same ICS works via “From URL”
I’m trying to give users a one-click Add to Google Calendar link using the documente pattern:
https://calendar.google.com/calendar/r?cid=\<URL-ENCODED_ICS_URL>
However, Google consistently ...
1
vote
1
answer
228
views
Return 200 status code with Location header
PHP documentation for the header() function tells us:
There are two special-case header calls... The second special case is the "Location:" header. Not only does it send this header back to ...
- 42.5k
0
votes
0
answers
53
views
HTTP/2 in my GET Request not present for one of my Endpoints endpoint in java (Springboot)
I wanted to ask that there is something wrong with one of my endpoints, the endpoint seems to be blocked for some reasons, I have other endpoints that are giving response but this one fails.See the ...
0
votes
0
answers
132
views
QNetworkRequest is converting header names to lowercase for case sensitive service
I'm connecting Tank IP Camera (IPC) API to my windows application with Qt C++. IPC uses basic authorization. I'm using QtNetwork library for HTTP client connection, Qt 6.8.3 with C++17.
I tested the ...
- 41
0
votes
0
answers
92
views
Setting the referrer
I'm using CEF-Sharp in a utility that a makes use of some Google Maps APIs. Google has recently been sending out emails whining about 'unsecured API keys'. So, on investigating, I figured the easiest &...
- 745
-1
votes
1
answer
139
views
How to use headers_sent($filename, $linenum) in php?
I'm new to PHP, i wrote this:
<?php
header("Content-type: application/json");
flush();
// Note that $filename and $linenum are passed in for later use.
// Do not assign them values ...
0
votes
1
answer
87
views
How to remove / replace cookies in Apache http server before redirect to backend
I have been working on web and backend development. For web using Apache http server, here facing issue regarding cookies size. On client browser cookies size is really huge and Tomcat server ...
- 2,043
1
vote
0
answers
54
views
Mailgun List-Unsubscribe Header Not Appearing in Gmail
I am encountering an issue where Gmail's 'Unsubscribe' button does not appear at the top of emails I send through Mailgun, despite my diligent inclusion and correct formatting of the List-Unsubscribe ...
- 11
1
vote
1
answer
159
views
Bypass Maintenance Mode with Header Set Secret
I have my Laravel in maintenance mode, and would like to be able to be able to bypass it for checks, when a X-MAINTENANCE-BYPASS HTTP header is set with the same secret.
php artisan down --secret=&...
- 1,391
0
votes
0
answers
85
views
Simple example using Addon "Leaflet Custom Headers"
I'm trying to write a simple file for testing Leaflet Plugin "Leaflet Custom Headers".
Some discussion about the Plugin's purpose has been written here: https://github.com/Leaflet/Leaflet/...
- 91
0
votes
1
answer
146
views
Azure App Service Always On feature functionality - Clarification
We use Azure App Service and we use custom domain for that Azure App service Web App.
As per docs I see the meaning of Always On feature is:
Always On: Keeps the app loaded even when there's no ...
1
vote
2
answers
448
views
Setting headers with the headers block is not working with Ktor HTTP Client
I am using Ktor Client 3.1.3 in my Kotlin application. The HTTP Client is initialised like this:
val httpClient = HttpClient {
install(HttpCookies)
install(ContentNegotiation) {
json()
...
- 510
1
vote
1
answer
155
views
How do I get the HTTP status code from UrlFetchApp.fetch() when it throws an error?
I am using Google Apps Script to fetch data from an external URL. When the request is successful, I can get the HTTP status code with HTTPResponse.getResponseCode. However, if the request fails with a ...
- 27.9k
5
votes
4
answers
259
views
Stop Gecko/Mozilla from saving DOM state from last browser session
After opening Waterfox 6.5 (Firefox 128 ESR) back up (days or hours later) the session for my website is expired. However now the browser saves the DOM state and this leads to literally every form and ...
- 1
0
votes
1
answer
59
views
Should changing website certificate to secure mess with api calls?
So I have been using the code below to fetch a list I needed for my website from an api of mine. I recently converted the certificate of the api hosting website to secure, issue is now my api is not ...
0
votes
1
answer
57
views
Why does frame-src * in CSP override CORP: same-origin for iframe embedding?
I have an widget served with the following headers:
Content-Security-Policy: frame-src *;
Cross-Origin-Resource-Policy: same-origin
Cross-Origin-Embedder-Policy: require-corp
Despite CORP: same-origin,...
0
votes
0
answers
80
views
How to convert a http response with content type application/json to application/octet-stream?
What is the issue?
We use AWS API Gateway for integration with the AWS S3 using REST calls.
In the API Gateway transformation we haven't supported HTTP_HEADERS yet. And we don't want to roll out ...
- 3,395
0
votes
0
answers
31
views
Reading **Set-Cookie** header from the HTTP response using Chrome extension [duplicate]
In Chrome extension, I want to read the Set-Cookie header from the HTTP response when received. I did this several years ago and it worked, but surprisingly, I am unable to do it in the latest ...
- 303
0
votes
0
answers
44
views
Make a Content-Type text/css PHP file automatically update its Last-Modified header like regular stylesheet files do? [duplicate]
When I'm writing CSS code for a webpage, I use a JavaScript plugin which uses Ajax to check whether a CSS file has been edited every second by checking the CSS file's Last-Modified header. If a CSS ...
- 2,457
-1
votes
1
answer
54
views
HTTP headers for REST API diff
I'm building a rest API that has an endpoint for a collection of items. The response is a large JSON array, which takes a while for the client to process. On the server-side, each item in the ...
- 2,223
0
votes
1
answer
62
views
Laravel 10: getting 404 Not Found on a POST route when using Form Request Validation
Within a Laravel project, I want to create a POST /movies route associated with a controller that has been created with its model:
sail artisan make:model --controller --api --requests -- Movie
which ...
- 370
0
votes
0
answers
21
views
Reading cookies using chrome.webRequest.onHeadersReceived Chrome API
I have a ten-years old Chrome extension that was reading cookie header 'Set-Cookie' directly from the HTTP response. Now, am reusing the same extension, however, it does not read any cookie using the ...
- 303
1
vote
1
answer
76
views
How to get Referrer value using CURLINFO or cURL
How to get Referrer value from cURL URL? I am trying something like this but not working.
$curldomain = "https://www.example.com/";
$ch = curl_init($curldomain);
// Set cURL options
...
- 183
1
vote
1
answer
166
views
Is possible to spoof HTTP Header Referer value using cURL
Let say, my website is https://www.example.com and i am using cURL to pull https://stackoverflow.com
I am using cURL HTTP Header to spoof referer value like this
curl_setopt($ch, CURLOPT_HTTPHEADER, ['...
- 341
1
vote
1
answer
312
views
Weak vs strong ETag header
I have express.js based server and working on implementing etag HTTP header. So, I find out express has already etag and 304 status code implementation enabled. I was going through the code as found ...
0
votes
0
answers
51
views
Next.js Middleware Removing Cookies on Protected Routes (Works Locally)
This is my middleware.js file for the front end in Next.js. I want to create protected routes so that if a user doesn't have an access token, they are redirected to /. However, the cookies from the ...
0
votes
0
answers
37
views
Reading HTTP response headers in Angular
I am using Angular for web application and PingAccess for Authentication (as Authorization Server). So, for me, After authentication and authorizion request is forwarded to Angular application (https:/...
- 2,043
0
votes
0
answers
265
views
Is having a CSRF with FastAPI any safer than not?
I've just read this article about Flask and using Svelte frontend with a separate API specifically the section calledFrontend Served Separately (cross-domain)
They are creating a CSRF cookie and ...
- 3,326
0
votes
1
answer
63
views
URL limit issues after Openliberty Version 24.0.0.4
When upgrading OpenLiberty to any version above 24.0.0.4, requests which contain more than 32,000 characters in the uri fail. HTTP GET request. Traffic is internal. Characters are apart of the URI
...
0
votes
1
answer
201
views
Handling HTTP Headers in a Minimal C HTTP Server [closed]
I’m working on a minimal HTTP server in C that can listen, bind, accept connections, and handle basic HTTP requests. I understand that HTTP headers are important for communicating additional ...
- 71
1
vote
0
answers
56
views
Possible to send custom header from the browser when loading images/videos?
When calling fetch("http://server.com/api) we can send custom headers, like "authorization".
But when including images, videos, or other things in the HTML, there is no control over the ...
- 66.7k
0
votes
0
answers
63
views
AWS Amplify Gen 1: blocked by CORS policy: Response to preflight request doesn't pass access control check
I have an amplify application; that upload files to S3 bucket.
It worked at the beginning until I'm starting to see errors on CORS Put requests to the s3 bucket on the Chrome console:
Access to ...
- 129
1
vote
1
answer
56
views
Fetch API will not let me POST Json Data
I am trying to send a JSON object to my controller to save a new Category. Here is my form with the button at bottom:
<div id="register_modal" class="modal">
<div ...
0
votes
1
answer
159
views
How to disable caching on a static website?
I want disable caching on my static website. Currently I'm using the myFile.js?v=123 trick, and update the number every time I make a change. But I'm sure there's a better way of doing this.
This ...
- 73
0
votes
0
answers
251
views
How to correctly use icici breeze api?
I am fresher working on a project relating to icici breeze api and I am stuck for a long time now. Any help will be much appreciated.
from datetime import datetime
import hashlib
import http.client
...
0
votes
0
answers
72
views
Continuous refresh of headers?
I have written a shiny app behind a application load balancer on AWS, the authorization of the users happens via Cognito, the JWT from the header (x-amzn-oidc-data) is retrieved than passed into the ...
- 1
2
votes
1
answer
163
views
LinkedIn API 400 bad request
I am trying to add an Ad Account User.
I've tried the request as below, and with with URN. Both give me the error:
compound key parameter value is invalid
curl --request PUT \
--url https://api....
- 31
0
votes
1
answer
80
views
Parsing GML with Spring WebClient
I'm trying to read GML data from an OGC WFS source with Spring WebClient. However, the output format definition required by the service OUTPUTFORMAT=text/xml;%20subtype=gml/3.1.1 leads to the ...
- 46
-1
votes
2
answers
155
views
Issue with Setting Multiple Cookies in ESP32 Web Server Response
void handleLogin(AsyncWebServerRequest *request){
String sessionId = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"
role = "admin";
...
- 633
0
votes
0
answers
23
views
"Connection required before calling other methods" - how do I solve this error?
I need to log in to a website, but it always returns the error
Connection required before calling other methods
Using inspect and logging it presented this error regarding the dates. I believe that ...
