Inspiring

Question

POST request working through postman but not through code

Forum|Forum|5 years ago
June 4, 2020
3 replies
2148 views

Hello Community,

I am trying to write a folder level js script in acrobat pro that makes a HTTP post request to a server. It requires the value of the SSO token as the header in the request. When I made the request using postman by adding a header in the request as key="Cookie" and value="SSO=....;", it successfully hit the server and returned a response. On the other hand, when I tried to do it using the below code, it doesn't seem to hit the server and gets a redirection. I am not able to figure out what's the issue. Any help regarding this would be greatly appreciated.

Thanks.

ajax=app.trustedFunction(function(furl)){
app.beginPriv();
Net.http.request({
cVerb: "POST",
cURL: furl,
aHeaders: [ { name: "Cookie" , value: "SSO=....;" }],
oHandler: callbackfn
});
app.endPriv();
});

callbackfn = {
response : function(...){
...
}
};

ajax("https://...");

Acrobat SDK and JavaScript

This topic has been closed for replies.

N

nishant13Author

Inspiring

Could anyone help with more inputs as to why is acrobat behaving strangely with the cookie?

Thom Parker

Community Expert

Is there a cross domain issue?

https://www.adobe.com/devnet/articles/crossdomain_policy_file_spec.html

Thom Parker - Software Developer at PDFScriptingUse the Acrobat JavaScript Reference early and often

T

Test Screen Name

Legend

What do you mean “gets a redirection”?

N

nishant13Author

Inspiring

I mean it doesn't hit the intended URL because of something and the URL is made such that the incomplete request gets a redirection to some other URL(like login page).

T

Test Screen Name

Legend

So you are trying to get to s page that needs login. And it hits the server but the server doesn’t pass it on. The whole idea of bypassing login with cookies is very suspect. Your front end probably does some security tests like cookie origin, cross domain checks or whatever. Maybe it sends challenge/response. We can’t know and external inspection can’t find out. If one could just copy cookies to bypass login the internet would be a very unsafe place. You need to liaise with your server developers to find a secure route for whatever thing you must do.

Thom Parker

Community Expert

Are you sure that the request from Acrobat has all of the required headers? Is the empty body a problem?

Have you been able to successfully post to a site that does not require cookies?

Thom Parker - Software Developer at PDFScriptingUse the Acrobat JavaScript Reference early and often

N

nishant13Author

Inspiring

No, the empty body is not the problem because through postman I am able to successfully make the request using an empty body. Also, I have been able to successfully post to a URL that does not require cookies.

For the 'all required headers' thing, would I need to pass all the headers that are appearing in the request headers under postman including "User-Agent", "Cache-Control" etc?

Thom Parker

Community Expert

Not all of the cookies are necessary, but some are, such as content-type. I don't know exactly what's needed, but browsers add a lot to an HTTP request, and afik the net.http request only adds the content length. So I'd suggest you put it all in, and also check for any kind of hand shaking.

But TestScreen is correct that this seems like a security problem. Usually, there is some kind of authorization process for getting onto a secure site. These days everything is REST. I'd talk to the site developers to find out the proper way to do this.

Thom Parker - Software Developer at PDFScriptingUse the Acrobat JavaScript Reference early and often

Sign up

To post, reply, or follow discussions, please sign in with your Adobe ID.

Sign in to Adobe Community

To post, reply, or follow discussions, please sign in with your Adobe ID.

Scanning file for viruses.

This file cannot be downloaded