web stats
HTTP Sender "application/x-www-form-urlencoded" - Page 3 - Mirth Community

Go Back   Mirth Community > Mirth Connect > Support

Reply
 
Thread Tools Display Modes
  #21  
Old 03-14-2017, 06:18 AM
narupley's Avatar
narupley narupley is online now
Mirth Employee
 
Join Date: Oct 2010
Posts: 6,772
narupley is on a distinguished road
Default

http://javadocs.mirthcorp.com/connec...a.lang.String)
__________________
Step 1: JAVA CACHE...DID YOU CLEAR

Nick Rupley
Work: 949-237-6069
Always include what Mirth Connect version you're working with. Also include (if applicable) the code you're using and full stacktraces for errors (use CODE tags). Posting your entire channel is helpful as well; make sure to scrub any PHI/passwords first.


- How do I foo?
- You just bar.
Reply With Quote
  #22  
Old 03-14-2017, 09:57 AM
ISpdxdc ISpdxdc is offline
OBX.1 Kenobi
 
Join Date: Mar 2011
Location: Dallas, Tx
Posts: 48
ISpdxdc is on a distinguished road
Default

The vendor is saying I am successfully following the first redirect, but my 2nd redirect is failing due to encoding. I am only following the first redirect and then receiving back a 401. Is Mirth automatically following a redirect or is that something on their side? Is there a way to prevent or enable Mirth to follow redirects?

Also, is there a way to make a conditional header on a http sender? In the 302 I am getting 1 or 2 cookies. In the case where I have multiple cookies I need to send a 2nd "Cookie" header in my GET. I hadn't tried setting up a 2nd and then just sending blank if I don't have it for testing, but was just wondering if I could do conditional headers in the HTTP Sender.

Last edited by ISpdxdc; 03-14-2017 at 11:00 AM.
Reply With Quote
  #23  
Old 03-14-2017, 12:53 PM
ISpdxdc ISpdxdc is offline
OBX.1 Kenobi
 
Join Date: Mar 2011
Location: Dallas, Tx
Posts: 48
ISpdxdc is on a distinguished road
Default

Ok, I have verified that the web browser initiating the first query is pulling back the cookies and headers and location and everything if I just point the HTTP Sender response back to the listener. If I change the HTTP sender "Response Content" to XML Body this is what spits back out on the web browser:

HTTP/1.1 302 FoundCache-Controlprivate, s-maxage=0ServerMicrosoft-IIS/10.0X-AspNet-Version4.0.30319Set-CookieAuth=EAAAANJDdntPaEhIJsWM==; path=/; secureContent-Length176DateTue, 14 Mar 2017 20:43:01 GMTContent-Typetext/html; charset=utf-8Location/test/Edit/7fc1380e-fe47-49c4-beca-a735016fda79X-AspNetMvc-Version4.0X-Powered-ByASP.NET<html><head><title>Object moved</title></head><body> <h2>Object moved to <a href="/test/Edit/7fc1380e-fe47-49c4-beca-a735016fda79">here</a>.</h2> </body></html>

Funny thing is if I use fiddler on the Web browser side, I just see a 200 for a response to the initial GET, with no cookies and just the html. Is the listener sending the 200 back to the browser or is the browser saying it received the 302 and it processed it?


I have also tracked down another post by Narupley referring to sending a redirect back to the HTTP Listener, that says "Set the response status code to 301, and include Location in the response headers". I don't know if this is the same thing, but I hope it applies:

http://www.mirthproject.org/communit...light=redirect

As you can see from the output the only thing that it does not have is the 301(302 instead). I have already tried a Javascript Response Transformer where I did the following and then set the channel response to my "NewResponse". This just errors though.

var newresponse = responseMap.get('Destination Name');
newresponse = newresponse.replace("302", "301");
responseMap.put("NewResponse",newresponse);

How might I alter the response status correctly to give back to the http listener? Also since it doesn't seem it would have context to the full URL with that href, should I add the http://www.test.com/ piece to it?

Last edited by ISpdxdc; 03-14-2017 at 04:56 PM.
Reply With Quote
  #24  
Old 03-15-2017, 02:31 PM
ISpdxdc ISpdxdc is offline
OBX.1 Kenobi
 
Join Date: Mar 2011
Location: Dallas, Tx
Posts: 48
ISpdxdc is on a distinguished road
Default

Still working along on this with no pointers, but think I am making progress slowly. I am determined to make this work even if I'm just documenting my own anguish.

I have taken the 302 response I get and I am manually entering a 302 into the HTTP Listener response status field. I then use Fiddler on the web browser side to see what its receiving, and I see the 302. I also see the cookies.


HTTP/1.1 302 Found
Date: Wed, 15 Mar 2017 22:22:12 GMT
Content-Type: text/html; charset=UTF-8
Location: https://test-api-demo.test.com/test/...3-a73700fc1b85
Set-Cookie: Auth=EAAAAMC0fsjIWm8YlY0ld==; path=/; secure
Set-Cookie: Auth=EAAAADsz9jnYUTqjs6/n==; path=/; secure
Cache-Control: private, s-maxage=0
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
X-AspNetMvc-Version: 4.0
X-Powered-By: ASP.NET
Connection: close
Content-Length: 0


I see the browser do a GET for the redirect on its own (no interaction from Mirth). I do however notice that there are no cookies in the get:

GET https://test-api-demo.test.com/test/...3-a73700fc1b85 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729)
Connection: Keep-Alive
Host: test.com


but then I get another 401:

HTTP/1.1 401 Unauthorized
Content-Type: text/html
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Wed, 15 Mar 2017 22:22:13 GMT
Content-Length: 1293
(HTML body with error msg, not relevant)


I verified in IE I removed all security blocks and enable 100% of all cookies. Does anyone know why IE would be ignoring the cookies from the original 302 and not sending them back with a get, or is the 302 bad? I have read that IE maybe rejecting the cookies because of some URI naming convention, but no idea if that is the issue.

Last edited by ISpdxdc; 03-15-2017 at 02:36 PM.
Reply With Quote
  #25  
Old 03-16-2017, 11:26 AM
ISpdxdc ISpdxdc is offline
OBX.1 Kenobi
 
Join Date: Mar 2011
Location: Dallas, Tx
Posts: 48
ISpdxdc is on a distinguished road
Default

The vendor is saying they aren't sending 2 cookies, he says they are sending 1 redirect (302) with one cookie, and then a second redirect with another cookie. I only get one response in Mirth with 2 cookies. If I had to guess, between what Mirth is showing and the vendor is telling me what is happening on his side, is that Mirth is following the first redirect itself, grabbing the cookie from that one, and then following the 2nd redirect and grabbing the cookie from it, but only showing the rest of the payload from the first 302 response. I can't get logs from the vendor to see both his 302s he says he is processing, but I bet if I did I would see both of the cookies in my 1 response are from both his 302s.


I've asked before, but I'll ask again, is there a way to enable or disable Mirth from following redirects automatically listener/sender, and without rewriting the interface in a javascript transformer? Not that I am opposed to rewriting the request in javascript, but I do have a significant amount of time put into developing this channel cleanly in the UI with minimal scripting. If the only way to prevent following redirects can be done is by creating a javascript writer and manually writing the http request, then does anyone have an example to share for the specific line of code, or omission of code that does that? If Mirth does not automatically follow redirects on POST, then does anyone have a clue why I see one response with 2 cookies, when the vendor says he sees two 302s with one cookie each?

Last edited by ISpdxdc; 03-16-2017 at 11:35 AM.
Reply With Quote
  #26  
Old 03-16-2017, 09:23 PM
siddharth siddharth is offline
Mirth Guru
 
Join Date: Feb 2013
Posts: 377
siddharth is on a distinguished road
Default

I would suggest talking with experts on the Mirth Connect Slack Channel.

http://www.mirthcorp.com/community/f...d.php?t=216581


This thread is going no where.
Reply With Quote
  #27  
Old 03-17-2017, 06:27 AM
narupley's Avatar
narupley narupley is online now
Mirth Employee
 
Join Date: Oct 2010
Posts: 6,772
narupley is on a distinguished road
Default

To be absolutely sure what's going on, take a network capture (e.g. with Wireshark).
__________________
Step 1: JAVA CACHE...DID YOU CLEAR

Nick Rupley
Work: 949-237-6069
Always include what Mirth Connect version you're working with. Also include (if applicable) the code you're using and full stacktraces for errors (use CODE tags). Posting your entire channel is helpful as well; make sure to scrub any PHI/passwords first.


- How do I foo?
- You just bar.
Reply With Quote
  #28  
Old 03-17-2017, 11:27 AM
ISpdxdc ISpdxdc is offline
OBX.1 Kenobi
 
Join Date: Mar 2011
Location: Dallas, Tx
Posts: 48
ISpdxdc is on a distinguished road
Default

Quote:
Originally Posted by narupley View Post
To be absolutely sure what's going on, take a network capture (e.g. with Wireshark).

I did a Wireshark capture and it was helpful. I could see the 1 post and the 1 response. The vendor keeps saying he sees multiple posts, and he kept questioning why Mirth was "sending multiple posts". I think that proved to me that its on his side. He won't provide Fiddler logs from his side (refuses) so I can't do much to help debug that. He has admitted that he may have a bug in his response allowing 2 cookies and submitted a bug report, but he insists "the redirect should work with one of those cookies".... Not the answer I was looking for.

Those are secondary to the issue though that no matter what they send back in a 302, no browser will send the corresponding Cookie headers with the Get. All my research points to the fact that i am making the first get to http://mirthserver/ and the 302 redirect is to an HTTPS site. I think the browsers purposely do not respond with cookies in a redirect from http to https and/or to different domains as part of Web browser security. For instance if they were replying with cookies in a 302 initiated from an unsecure HTTP they would be able to be captured and impersonated. Only once the ssl connection is established would the cookies be secure. These are just things I think I understand from my research, but I am not a web request/browser expert.

On another note, the API vendor has provided us with the source code of an internal program of theirs that works as a proxy to their site. Open a browser, point it to the proxy listener, submit requests, they go out to their API website, and then the proxy pulls it back to the webpage. Basically the same thing as what I'm doing with Mirth. You know the funny thing? It doesn't work for this message either!!! It gets a 401, lol. So we tell the vendor and their response is, "well it works fine for us...."

I'm going to say pretty much all of this is out of scope for a Mirth interface since my research shows that it is functioning as designed, and that enough questions with what the vendor is doing have arisen, and with their refusal to log or debug has put us at a stand still. Laughable their own internal solution doesn't work either.

I'd say the only outstanding thing I would personally like to know is why browsers won't respond with cookies on the 302 redirect from http to https, and if there is a way to force it, but I will try a site like StackOverflow to follow through on that lead. Unless I come up with a solution, I'd say this is a good thread for documentation sake for posterity. Thx for pointers.
Reply With Quote
  #29  
Old 03-20-2017, 12:16 PM
ISpdxdc ISpdxdc is offline
OBX.1 Kenobi
 
Join Date: Mar 2011
Location: Dallas, Tx
Posts: 48
ISpdxdc is on a distinguished road
Default

In case anyone is interested, I got it working. Instead of trying to process responses I found a way to make the browser POST the initial request. I send the request out to Mirth just like normal over an HTTP listener, then I take a javascript writer destination and return an HTML webpage to send back to the browser. The browser receives the web page and it does the POST, which gets around the 302 security issue. This is what I return to the browser, all plain text, no encoding:

<html>
<head>
<title>Redirect</title>
</head>
<body>
<form action="https://testAPI.test.com/" method="POST">
<input name="UserName" value="Test APIUser"/>
<input name="UserEmail" value="test@test.com"/>
<input name="PatientId" value="1d11eb2e-2606-485e-ad5d-a70c00daa37a"/>
<input name="Timestamp" value="Mon, 20 Mar 2017 19:11:24 GMT"/>
84c6-a7210111648b"/>
<input name="Token" value="MRVp/pBRBJ08F8cYMavfL8 ="/>
</form>
<script language="javascript"> window.setTimeout('document.forms[0].submit()', 0);</script>
</body>
</html>
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -8. The time now is 05:04 PM.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2017, vBulletin Solutions, Inc.
Mirth Corporation