I was trying to read the HTTP messages between the browser in the Android simulator and other third party web-servers using tcpdump. However, since the browser can accept gzip content-encoding, I can't see the HTML content as plain-text in the tcpdump output. Is there a way to change the configs of the browser so that it doesn't send that Accept-Encoding: gzip header line?
This post implies if you remove the
Accept-Encoding
header, you'll get raw data back... you should be able to write a custom WebView that never sends that header. Hope that works!
http://forgetmenotes.blogspot.com/2009/05/how-to-disable-gzip-compression-in.html
Related
IIS will send back a 400 error if you send it two content-type headers, here is an example:
1: Content-type : application/json
2: Content-type : application/json; charset=utf-8;
Apache handles that and processes properly for json.
My reading of the w3c spec is that only a single Content-Type header is allowable. Arguably though both headers mean exactly the same thing as JSON in this case is as I understand it, UTF-8. So whose right here? IIS or Apache?
My app fails running on IIS, the Android lib I am using sends 2 headers if I give it my own and fails on IIS. So currently I'm locked into Apache.
I am sending a GET request from my app, and on the phone I do not get the response, and it does not appear on my feed, however, if I copy paste the url on the browser, I can see the text that is supposed to appear.
For that, I installed BURP Proxy Suite to see what am I sending and receiving to and from the server, and below is the response that showed in Burp.
GET /?feed=rss2&tag1=mytagone&tag2=mytagtwo HTTP/1.1
Host: myhost.com
Connection: close
User-Agent: Apache-HttpClient/UNAVAILABLE (java 1.4)
Any ideas?
first open the connection as OPEN and run it and if wont works again run the >code change the USER-AGENT
I have a local HTML file (e.g. file:///xxx.html) containing AJAX code to read and process contents of pages on remote hosts (that are not my own). On desktop, I do this by running a local web server that returns remote data (I use Nginx with proxy_pass on specific url patterns). For example, if I want to get data from http://example.com/, I use JQuery's ajax with http://localhost:9000/http://example.com/ as the URL.
How can I do this on (non-rooted) Android? Is there an Android web server that supports proxy_pass on specific url patterns? Or is there an Android app/browser that allows cross-domain AJAX requests from local HTML files? Or any other solutions?
By default from Any Android Browser starting from Android 2.1, it supports CORS (Cross-Origin Resource Sharing) feature. Check: http://caniuse.com/cors
In addition, The REST service also need to configure to allow cors from Server Side as well. For enabling at Server side set an attribute in Response:
Access-Control-Allow-Origin: *
For more refer: http://enable-cors.org/server.html
When I make a request to web service over wifi everything is working well but the same when made on GPRS having WAP connection (I did not in anyway force the connection to be WAP, this might be carrier dependent. Testing done in Argentina) the server is receiving duplicate values in both Content-Type & Content-Length.
Below is the same request logged on server first over WiFi and second over GPRS.
Over WiFi:
POST /ODP/Services.asmx HTTP/1.1
User-Agent: kSOAP/2.0
SOAPAction: http://temphost.org/RetrieveConfiguration
Content-Type: text/xml
Connection: close
Content-Length: 464
Host: temp.host.com
Accept-Encoding: gzip
Over GPRS:
POST /ODP/Services.asmx HTTP/1.1
Accept-Encoding: deflate, gzip, identity
Content-Length: 464, 464
Content-Type: text/xml, text/xml
Host: temp.host.com
SOAPAction: http://temphost.org/RetrieveConfiguration
User-Agent: kSOAP/2.0
X-WAP-WTLSEncryptiontype: NONE
X-WAP-Bearerinfo: W-HTTPS=FALSE, bearertype=0
Via: W-HTTP/1.1 wgw-fe6 EMIG 5.1
x-msisdn: <User Phone number>
x-up-calling-line-id: <User Phone number>
x-technology-stack: Unknown
TE: trailers
Connection: TE
I am not able to understand how and where the multiple values are being added in the request for the Content-Type & Content-Length headers.
Can somebody enlighten me what is wrong with the WAP connection or is it being added at the carrier end while modifying the request to WAP.
Sadly there's nothing to do on the client side (customer/phone/browser), but there are some possible scenarios to get an approach to a solution.
If you're web developer (VASP side), you need to take care about the URL/URI size in order to prevent that POST needs more than one packet.
If you're the web server manager (VASP/Telco side), you can define that multiple values are going to be accepted for these specific headers (when equal).in this scenario you need to be aware that you gonna put your server under risk of HTTP response splitting attack.
If you're the proxy admin (Telco side), you can tune your GW to discard the extra header instead of merging them into one header containing multiple values but, in this scenario you need to be aware that you gonna be out of RFC recomendations.
If because of its extension a POST is truncated and requires more than one packet, content-length and content-type fields are duplicated.
WGW resolves this situation by merging them into one header containing multiple values comma separated, the problem is that this header containing multiple values generates HTTP 411 error code.
Based in latest RFC drafts, this traffic must be discarded with error code 502 but some workaround intended to remove one of the header instead of merging them in order to keep this transactions in progress is possible.
I'm having a terrible time accessing Picasa from Android. After hours of researching, I finally determined that the Google API Java Client library is what I should be using. Several hours later and I divined that I have to use Mercurial and Maven to download and build a sample client so that I can get certain secret libraries that aren't included in the download instructions. And of course the sample client is in no way compatible with and only slightly resembles that in the Picasa Developer's Guide.
So after much trouble I create a simple URL and try to list albums for a user, using code from the sample client:
PicasaUrl url = PicasaUrl.relativeToRoot("feed/api/user/someuser");
UserFeed userFeed = client.executeGetUserFeed(url);
Now the actual URL this creates is something like:
https://picasaweb.google.com/data/feed/api/user/someuser?prettyprint=true
If I put this in my browser, it works fine. In my Android client, however, it gives me an HTTP 403 forbidden error. And no, I can't even run the sample client, because it doesn't give me an APK file. (Plus the source code isn't documented, is written like spaghetti, and uses deprecated methods.)
After turning on protocol-level logging, it turns out that this is the HTTP request being sent:
GET https://picasaweb.google.com/data/feed/api/user/someuser?fields=author/name,entry(#gd:etag,category(#scheme,#term),gphoto:access,gphoto:numphotos,link(#href,#rel),summary,title,updated),link(#href,#rel),openSearch:totalResults&kinds=album&max-results=3&prettyprint=false
Accept-Encoding: gzip
Authorization: GoogleLogin auth=null
User-Agent: MyApp/1.0 Google-HTTP-Java-Client/1.6.0-beta (gzip)
GData-Version: 2
Where in the Sam Hill did all that crap come from? But you know what? The URL still works in my browser. This must be something about the Authorization: header.
After much more pain, I managed to modify the authentication from the sample so that a notification would appear and allow the user to authenticate the account. Now I'm able to list albums.
But I still don't understand: how can I list the public albums without authentication?