I read some post like this, this and some other without response. However seems I found here the solution for IOS device.
I need to reject any http request from any app of any device and process only request from web browser, so the mainly question is:
There is a definitive way to tell if an HTTP request is made from a mobile app or from a web browser?
Thanks
Example: I receive all http request start from mobile/tablet (I'm developing application behind wifi hotspot), so i process request from Facebook App, Whatsup App and browser. I have to reject request from Facebook and Whatsup and process only request from browser. Apps User-agent seems the same of native device browser.
You can do one thing. Set custom user-agent from application side.
You can set custom user-agent in both android and iphone during web-service call request.
For Android
DefaultHttpClient httpclient = new DefaultHttpClient();
httpclient.getParams().setParameter(CoreProtocolPNames.USER_AGENT, "android");
For Iphone
NSMutableURLRequest *urlRequest = [[NSMutableURLRequest alloc]
initWithURL:[NSURL URLWithString:[yourURL stringByAddingPercentEscapesUsingEncoding:NSUTF8StringEncoding]]];
NSString *userAgent = "iphone";
[urlRequest setValue:userAgent forHTTPHeaderField:#"User-Agent"];
Check in request header if user-agent is "android" or "iphone" is from application and other-wise from browser.
you can check for the user-agent in the request header,
I remember mobile browsers send a different value for user-agent and desktop browsers a different one.
Just debug user-agent header and validate based on the values.
Related
How can I make an HTTP request from a web application (like node js) to an android app?
The goal is to read if the response is a success, for example, from Web to Web I make an HTTP request to the IP/URL and, if it returns 200, I have success. It would work as a "ping" to check if the android app is "alive".
Note: I don't know apps architecture
Thanks!
Using web sockets ( example here: https://www.html5rocks.com/en/tutorials/websockets/basics/ ) will help u to achieve it
My friend implemented an HTTP POST request in iOS and it was working fine.
I have tried to implement the same in Android, but it doesn't work until I added the User Agent (I got it with the help of some sniffer tools).
But in iOS he is not specifying the User Agent.
So,
What is the relevance of User Agent in HTTP Request?
Why is it not consistent between iOS and Android?
iOS already specifies the User Agent by default. The user agent sent with NSURLConnection on iOS is
User-Agent: <app identifier>/<app version> CFNetwork/609.1.4 Darwin/12.4.0
where <app identifier> is your bundle ID (e.g. com.company.app) and <app version> is the current version of your app. Apparently, as you experience, Android does not set a default User Agent with (non-browser) HTTP requests.
The server can use this information to adapt its response to the client's needs; e.g. showing a mobile version of a webpage instead of a desktop version, or just don't return anything (to prevent simple screen scraping).
Is it possible to make HTTP request from iOS / Android Application to look for the Server exactly the same as if it came from PC Browser?
So, it would be impossible for the Server to detect that it is not actually from PC but from Mobile.
Yes, you can alter the User Agent header to make it look like the request was made by f.ex Internet Explorer.
Here is some clues on how to accomplish this on Android:
Android HTTP User Agent
iOS:
Change User-Agent and remove App Name and defaults iOS
Set the user agent on the request to other than the default to fool the server into thinking the request is coming from other than a device. One list of user agents is at http://www.useragentstring.com.
The title is a bit confusing. In my Android app, I am making an HttpGet request using HttpClient object. I am not setting any headers so all default values. The request works fine and i get the response from the server.
The problem is that when the same url is requested using HTTP GET request from iphone, the servers response is different. So the server is looking at something, USER-AGENT may be or something else, to decide what to return. I want the same thing as the server returns to iphone app. What can I do i.e what parameters, headers or whatever can I set to make this request same as ios app.
PS: I have tried setting User-Agent to
"Mozilla/5.0(Linux; U; Android 2.2; en-gb; LG-P500 Build/FRF91)
AppleWebKit/533.0 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1" \
using following code..
client.getParams().setParameter(CoreProtocolPNames.USER_AGENT, sUsrAgent);
also plz do not suggest checking server or making changes to the webservice as I do not have access to it.
Can you try to hit a site like this from iPhone application and check the HTML response. It would contain the list of headers passed by the iOS network API. Once you have this list then you can try to add all the headers in the Android app..
I have a ASP.NET website deployed to IIS with a couple of ashx that returns JSONs to be consumed by an Android application.
I have implemented an authentication logic using Basic Authentication.
The problem: When accessed from Android, the server response is a 400 Bad request. The httperr log file says "400 - Hostname -".
It works when I try it out on localhost from Android emulator
It works when accessing the ashx file on the server from a browser
It works when replicating the call in Fiddler
(If I use Fiddler with the Android Emulator, the Response will be -1 (and looking in Fiddler at the raw data sent, it seems to loose the host from the url) - but this is another issue so don't dwell on that, i just thought I would mention it...)
Turns out my problem (and solution) was the same as in this thread:
HTTP POST request with authorization on android