http
http.rb: a fast Ruby HTTP client with a chainable API and full streaming support
Is there a way to allow multiple cross-domains using the Access-Control-Allow-Origin header?
I'm aware of the *, but it is too open. I really want to allow just a couple domains.
As an example, something like this:
Access-Control-Allow-Origin: http://domain1.com, http://domain2.com
I have tried the above code but it doesn't seem to work in Firefox.
Is it possible to specify multiple domains or am I stuck with just one?
Source: (StackOverflow)
They both seem to be sending data to the server inside the body, so what makes them different?
Source: (StackOverflow)
Are there any major differences in performance between http and https? I seem to recall reading that HTTPS can be a fifth as fast as HTTP. Is this valid with the current generation webservers/browsers? If so, are there any whitepapers to support it?
Source: (StackOverflow)
Our investigations have shown us that not all browsers respect the http cache directives in a uniform manner.
For security reasons we do not want certain pages in our application to cached, ever, by the web browser. This must work for at least the following browsers:
- Internet Explorer 6+
- Firefox 1.5+
- Safari 3+
- Opera 9+
- Chrome
Our requirement came from a security test. After logging out from our website you could press the back button and view cached pages.
Source: (StackOverflow)
What status code should I set for UPDATE (PUT) and DELETE (e.g. product successfully updated)?
Source: (StackOverflow)
Form-based authentication for websites
We believe that Stack Overflow should not just be a resource for very specific technical questions, but also for general guidelines on how to solve variations on common problems. "Form based authentication for websites" should be a fine topic for such an experiment.
It should include topics such as:
- How to log in
- How to remain logged in
- How to store passwords
- Using secret questions
- Forgotten username/password functionality
- OpenID
- "Remember me" checkbox
- Browser autocompletion of usernames and passwords
- Secret URLs (public URLs protected by digest)
- Checking password strength
- E-mail validation
- and much more about form based authentication ...
It should not include things like:
- roles and authorization
- HTTP basic authentication
Please help us by
- Suggesting subtopics
- Submitting good articles about this subject
- Editing the official answer
Source: (StackOverflow)
Use of java.net.URLConnection is asked about pretty often here, and the Oracle tutorial is too concise about it.
That tutorial basically only shows how to fire a GET request and read the response. It doesn't explain anywhere how to use it to among others perform a POST request, set request headers, read response headers, deal with cookies, submit a HTML form, upload a file, etc.
So, how can I use java.net.URLConnection to fire and handle "advanced" HTTP requests?
Source: (StackOverflow)
I'm trying to direct a browser to a different page. If I wanted a GET request, I could say
document.location.href = 'http://example.com/?q=a';
But the resource I'm trying to access won't respond properly unless I use a POST request. If this were not dynamically generated, I might use the HTML
<form action="http://example.com/" method="POST">
<input type="hidden" name="q" value="a">
</form>
Then I would just submit the form from the DOM.
But really I would like JavaScript code that allows me to say
post_to_url('http://example.com/', {'q':'a'});
What's the best cross browser implementation?
Edit
I'm sorry I was not clear. I need a solution that changes the location of the browser, just like submitting a form. If this is possible with XMLHttpRequest, it is not obvious. And this should not be asynchronous, nor use XML, so Ajax is not the answer.
Source: (StackOverflow)
In HTTP there are two ways to POST data: application/x-www-form-urlencoded and multipart/form-data. I understand that most browsers are only able to upload files if multipart/form-data is used. Is there any additional guidance when to use one of the encoding types in an API context (no browser involved)? This might e.g. be based on:
- data size
- existence of non-ASCII characters
- existence on (unencoded) binary data
- the need to transfer additional data (like filename)
I basically found no formal guidance on the web regarding the use of the different content-types so far.
Source: (StackOverflow)
Several of our users have asked us to include data relative to their account in the HTTP headers of requests we send them, or even responses they get from our API.
What is the general convention to add custom HTTP headers, in terms of naming, format... etc.
Also, feel free to post any smart usage of these that you stumbled upon on the web; We're trying to implement this using what's best out there as a target :)
Source: (StackOverflow)
Are all URLs encrypted when using TLS/SSL (https) encryption? I would like to know because I want all URL data to be hidden when using TLS/SSL (https).
If TLS/SSL gives you total URL encryption then I don't have to worry about hiding confidential information from URLs.
Source: (StackOverflow)
The header Cache-Control: max-age=0 implies that the content is considered stale (and must be re-fetched) immediately, which is in effect the same thing as Cache-Control: no-cache.
Google has failed to solve this mystery for me :(
Source: (StackOverflow)
I have a page that allows the user to download a dynamically-generated file. It takes a long time to generate, so I'd like to show a "waiting" indicator. The problem is, I can't figure out how to detect when the browser has received the file, so I can hide the indicator.
I'm making the request in a hidden form, which POSTs to the server, and targets a hidden iframe for its results. This is so I don't replace the entire browser window with the result. I listen for a "load" event on the iframe, in the hope that it will fire when the download is complete.
I return a "Content-Disposition: attachment" header with the file, which causes the browser to show the "Save" dialog. But the browser doesn't fire a "load" event in the iframe.
One approach I tried is using a multi-part response. So it would send an empty HTML file, as well as the attached downloadable file. For example:
Content-type: multipart/x-mixed-replace;boundary="abcde"
--abcde
Content-type: text/html
--abcde
Content-type: application/vnd.fdf
Content-Disposition: attachment; filename=foo.fdf
file-content
--abcde
This works in Firefox; it receives the empty HTML file, fires the "load" event, then shows the "Save" dialog for the downloadable file. But it fails on IE and Safari; IE fires the "load" event but doesn't download the file, and Safari downloads the file (with the wrong name and content-type), and doesn't fire the "load" event.
A different approach might be to make a call to start the file creation, then poll the server until it's ready, then download the already-created file. But I'd rather avoid creating temporary files on the server.
Does anyone have a better idea?
Source: (StackOverflow)
In a blog post I use the following PHP to set the content-type of a response:
header('content-type: application/json; charset=utf-8');
I just got a comment on that post saying that content-type needs to be capitalized, Content-type. Is this correct? It seems to work for me with all lower-case, and I assumed the HTTP headers were case-insensitive. Or does it just work because browsers are nice?
Source: (StackOverflow)
This question already has an answer here:
In Java, How to compose a HTTP request message and send it to a HTTP WebServer?
Source: (StackOverflow)