Http Responding 403 Forbiden just in Post Request in GET request is ok - rest

I have
public function reciveNotification()
and it is alowded as following
$this->Auth->allow([‚ÄúreciveNotification‚ÄĚ]);
When i do GET Request it working good but by POST request i am facing to 403 Forbiden
what am i doing wrong?
GET:
HTTP/1.1 200 OK
Date: Wed, 24 Apr 2019 11:06:43 GMT
Server: Apache/2.4.29 (Ubuntu)
Content-Length: 0
Content-Type: text/html; charset=UTF-8
POST:
HTTP/1.1 403 Forbidden
Date: Wed, 24 Apr 2019 11:05:52 GMT
Server: Apache/2.4.29 (Ubuntu)
Content-Length: 836
Content-Type: text/html; charset=UTF-8

Related

HTTP Continue response from couchDB v2.2.0 SSL

I.m using PHP on Couch library (https://github.com/PHP-on-Couch/PHP-on-Couch) to communicate with couchDB.It was working with V1.6, but not working with v2.2.0.
When calling storeDocs, I'm getting this response from couchDB v2.2.0 SSL
HTTP/1.1 100 Continue
Connection: close
Date: Thu, 04 Oct 2018 09:04:26 GMT
Server: MochiWeb/1.0 (Any of you quaids got a smint?)
HTTP/1.1 201 Created
Cache-Control: must-revalidate
Content-Length: 3943
Content-Type: application/json
Date: Thu, 04 Oct 2018 09:04:26 GMT
Server: CouchDB/2.2.0 (Erlang OTP/19)
X-Couch-Request-ID: 1bdfbe8148
X-CouchDB-Body-Time: 1
I can handle this in code, but I'm just curious know why couchDB is sending this response?

php preg match get only last matched string

I need to get last HTTP headers. My string is:
HTTP/1.1 302 Moved Temporarily
Date: Sat, 30 Apr 2016 09:48:56 GMT
Server: Apache
X-Powered-By: PHP/5.5.34
Location: 2.php
Content-Length: 0
Content-Type: text/html
HTTP/1.1 302 Moved Temporarily
Date: Sat, 30 Apr 2016 09:48:57 GMT
Server: Apache
X-Powered-By: PHP/5.5.34
Location: 3.php
Content-Length: 0
Content-Type: text/html
HTTP/1.1 200 OK
Date: Sat, 30 Apr 2016 09:48:57 GMT
Server: Apache
X-Powered-By: PHP/5.5.34
Transfer-Encoding: chunked
Content-Type: text/html
But I need to get last headers. I tried to explode this string with \n\n but I couldn't get the result. Is it possible to do it with preg_match?
Gotcha!
I need to explode it with this code:
explode("\r\n\r\n", $header);
The solution using preg_split and array_pop functions:
// $headers is your initial string
$headers_splitted = preg_split("/\R{2}/", $headers);
print_r(array_pop($headers_splitted));
The output:
HTTP/1.1 200 OK
Date: Sat, 30 Apr 2016 09:48:57 GMT
Server: Apache
X-Powered-By: PHP/5.5.34
Transfer-Encoding: chunked
Content-Type: text/html

Chrome totally ignoring Access-Control-Allow-Origin: * header

I am setting this with htaccess. I know it's being set properly because if I set another header:
Header set Access-Control-Allow-Origin2: *
Then chrome does see this. As soon as I remove the 2 however, chrome just completely ignores it. If I make my file a PHP file and put this in it:
<?php header("Access-Control-Allow-Origin: *"); ?>
Then it works.
Here are the response headers as reported by Chrome of the .htaccess method which I need to work and which does not:
HTTP/1.1 304 Not Modified
Date: Sun, 30 Mar 2014 00:13:06 GMT
Server: Apache/2.2.22 (Ubuntu)
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
ETag: "208f3-178a2-4f5c4f119cd34"
Vary: Accept-Encoding
Here are the response headers as reported by Chrome from the PHP method which for some reason does work:
HTTP/1.1 200 OK
Date: Sun, 30 Mar 2014 00:13:09 GMT
Server: Apache/2.2.22 (Ubuntu)
X-Powered-By: PHP/5.3.10-1ubuntu3.10
Access-Control-Allow-Origin: *
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 23
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html
Again, I know the htaccess is setting the header, even if I go to an online service that checks reponse headers, I see this back:
HTTP/1.1 200 OK
Date: Sun, 30 Mar 2014 00:18:14 GMT
Server: Apache/2.2.22 (Ubuntu)
Last-Modified: Sat, 29 Mar 2014 20:48:34 GMT
ETag: "208f3-178a2-4f5c4f119cd34"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
Content-Length: 33393
Content-Type: application/javascript

PHP HTTP HEADER: how to keep/rebuild apache2's last-modified&ETag

calling a .html on my website directly the header will be:
HTTP/1.1 200 OK
Date: Tue, 07 May 2013 14:53:30 GMT
Server: Apache
Last-Modified: Tue, 24 Aug 2012 21:51:42 GMT
ETag: "1431a086-1e01-78e98c5498f1c"
Accept-Ranges: bytes
Content-Length: 7681
Vary: Accept-Encoding
Content-Type: text/html
now the request is forwarded through a php script like
(- the use of the php script here is only to filter some words from the html before delivering it by a regex and to add a footer to every page)
and the header looks like:
HTTP/1.1 200 OK
Date: Tue, 07 May 2013 14:52:50 GMT
Server: Apache
Vary: User-Agent,Accept-Encoding
Content-Type: text/html
Question: How to keep "Last-Modified: ..." and "ETag: ..." ?
Thanks=)

Google Document List API 308 Resume Incomplete

I am working with the Google Document List API to upload a file along with meta-data.
I have it working perfectly so long as the file is less than 512KB. After 512KB I have to send it in 512KB chunks. After each chunk I get a HTTP Status Code of 308 sent back, which is correct.
However, after I have sent the final request I still get a 308 response, instead of the 201 response I expect. Below are the HTTP Headers sent and received. Maybe someone else can see what I am missing.
POST /feeds/upload/create-session/default/private/full HTTP/1.1
Host: docs.google.com
Accept: */*
Content-Type: application/atom+xml
Authorization: Bearer <CODE>
GData-Version: 3.0
Content-Type: application/atom+xml
X-Upload-Content-Length: 1436480
X-Upload-Content-Type: text/csv
Content-Length: 302
HTTP/1.1 200 OK
Server: HTTP Upload Server Built on Sep 5 2012 17:14:59 (1346890499)
Location: https://docs.google.com/feeds/upload/create-session/default/private/full?upload_id=<ID>
Date: Fri, 14 Sep 2012 17:34:50 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
Content-Length: 0
Content-Type: text/html; charset=UTF-8
PUT /feeds/upload/create-session/default/private/full?upload_id=<ID> HTTP/1.1
Host: docs.google.com
Accept: */*
Authorization: Bearer <CODE>
GData-Version: 3.0
Content-Type: text/csv
Content-Range: bytes 0-524288/1436480
Content-Length: 524288
Expect: 100-continue
HTTP/1.1 308 Resume Incomplete
Server: HTTP Upload Server Built on Sep 5 2012 17:14:59 (1346890499)
Range: bytes=0-524287
X-Range-MD5: 8f470cff00adda7c22b8b34287d2cc1b
Date: Fri, 14 Sep 2012 17:34:52 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
Content-Length: 0
Content-Type: text/html; charset=UTF-8
PUT /feeds/upload/create-session/default/private/full?upload_id=<ID> HTTP/1.1
Host: docs.google.com
Accept: */*
Authorization: Bearer <CODE>
GData-Version: 3.0
Content-Type: text/csv
Content-Range: bytes 524288-1048576/1436480
Content-Length: 524288
Expect: 100-continue
HTTP/1.1 308 Resume Incomplete
Server: HTTP Upload Server Built on Sep 5 2012 17:14:59 (1346890499)
Range: bytes=0-1048575
X-Range-MD5: 4af215a3ff92258bb1c8d05dc52cf77d
Date: Fri, 14 Sep 2012 17:34:54 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
Content-Length: 0
Content-Type: text/html; charset=UTF-8
PUT /feeds/upload/create-session/default/private/full?upload_id=<ID> HTTP/1.1
Host: docs.google.com
Accept: */*
Authorization: Bearer <CODE>
GData-Version: 3.0
Content-Type: text/csv
Content-Length: 387904
Expect: 100-continue
HTTP/1.1 308 Resume Incomplete
Server: HTTP Upload Server Built on Sep 5 2012 17:14:59 (1346890499)
Range: bytes=0-1048575
X-Range-MD5: 4af215a3ff92258bb1c8d05dc52cf77d
Date: Fri, 14 Sep 2012 17:34:55 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
Content-Length: 0
Content-Type: text/html; charset=UTF-8
EDIT
Here are the last Headers if I make the Content Range be sent on the last PUT request.
PUT /feeds/upload/create-session/default/private/full?upload_id=<ID< HTTP/1.1
Host: docs.google.com
Accept: */*
Authorization: Bearer <CODE>
GData-Version: 3.0
Content-Type: text/csv
Content-Range: bytes 1048576-1436480/1436480
Content-Length: 387904
Expect: 100-continue
Got
HTTP/1.1 400 Bad Request
Server: HTTP Upload Server Built on Sep 5 2012 17:14:59 (1346890499)
Content-Type: text/html; charset=UTF-8
Date: Fri, 14 Sep 2012 19:12:06 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
Content-Length: 15
Connection: close
It seems that your last request is not sending a Content-Range. I think this is the problem but am unsure because I have never used this API before. I'm just going off what I know in the HTTP spec.

Resources