POST request working through postman but not through code

Explorer ,
Jun 04, 2020 Jun 04, 2020

Copy link to clipboard

Copied

Hello Community,

I am trying to write a folder level js script in acrobat pro that makes a HTTP post request to a server. It requires the value of the SSO token as the header in the request. When I made the request using postman by adding a header in the request as key="Cookie" and value="SSO=....;", it successfully hit the server and returned a response. On the other hand, when I tried to do it using the below code, it doesn't seem to hit the server and gets a redirection. I am not able to figure out what's the issue. Any help regarding this would be greatly appreciated.

Thanks.

 

ajax=app.trustedFunction(function(furl)){
app.beginPriv();
Net.http.request({
cVerb: "POST",
cURL: furl,
aHeaders: [ { name: "Cookie" , value: "SSO=....;" }],
oHandler: callbackfn
});
app.endPriv();
});

callbackfn = {
response : function(...){
...
}
};

ajax("https://...");

 

 

TOPICS
Acrobat SDK and JavaScript

Views

507

Likes

translate

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Adobe Community Professional ,
Jun 04, 2020 Jun 04, 2020

Copy link to clipboard

Copied

Are you sure that the request from Acrobat has all of the required headers? Is the empty body a problem?

 

Have you been able to successfully post to a site that does not require cookies?  

 

Thom Parker - Software Developer at PDFScripting
Use the Acrobat JavaScript Reference early and often

Likes

translate

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Explorer ,
Jun 05, 2020 Jun 05, 2020

Copy link to clipboard

Copied

No, the empty body is not the problem because through postman  I am able to successfully make the request using an empty body. Also, I have been able to successfully post to a URL that does not require cookies. 

For the 'all required headers' thing, would I need to pass all the headers that are appearing in the request headers under postman including "User-Agent", "Cache-Control" etc?

Likes

translate

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Adobe Community Professional ,
Jun 06, 2020 Jun 06, 2020

Copy link to clipboard

Copied

Not all of the cookies are necessary, but some are, such as content-type. I don't know exactly what's needed, but browsers add a lot to an HTTP request, and afik the net.http request only adds the content length.  So I'd suggest you put it all in, and also check for any kind of hand shaking. 

 

But TestScreen is correct that this seems like a security problem. Usually, there is some kind of authorization process for getting onto a secure site. These days everything is REST. I'd talk to the site developers to find out the proper way to do this. 

Thom Parker - Software Developer at PDFScripting
Use the Acrobat JavaScript Reference early and often

Likes

translate

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Explorer ,
Jun 15, 2020 Jun 15, 2020

Copy link to clipboard

Copied

I analyzed using Wireshark what was getting passed along with the request and found out that the much needed "Cookie" is not getting passed along with the request. All other headers can be passed but not the cookie. So, why is this? Is this due to some security policy of acrobat? How can we resolve this issue? Thanks.

Likes

translate

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Adobe Community Professional ,
Jun 15, 2020 Jun 15, 2020

Copy link to clipboard

Copied

I've used cookies without this issue. Doesn't mean there isn't some kind of security issue. Adding the request domain to the trusted list. Also make sure the header format is correct. 

Thom Parker - Software Developer at PDFScripting
Use the Acrobat JavaScript Reference early and often

Likes

translate

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Explorer ,
Jun 15, 2020 Jun 15, 2020

Copy link to clipboard

Copied

"Adding the request to the trusted list"

When you say this I guess you mean the "trusted sites" shown in the screenshot below, the path to which is Preferences > Security(advanced) > View Windows trusted sites > Trusted sites> sites.

 

trsutedsites.jpg

 

 

I added the endpoint URL there and it still did not work. 

As for the correct header format thing, I am adding in the format as in the code above. I think this format is correct since I am able to pass other headers using this.

Likes

translate

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Adobe Community Professional ,
Jun 16, 2020 Jun 16, 2020

Copy link to clipboard

Copied

I mean the Acrobat Enhanced Security Preferences.  Look in the Acrobat  "Preferences".  These  settings determine how acrobat interacts with external documents/locations when it comes to security issues.

Thom Parker - Software Developer at PDFScripting
Use the Acrobat JavaScript Reference early and often

Likes

translate

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Explorer ,
Jun 17, 2020 Jun 17, 2020

Copy link to clipboard

Copied

I tried playing with the settings in the 'Preferences' you described above. But still, it is not working 😞

Likes

translate

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Most Valuable Participant ,
Jun 05, 2020 Jun 05, 2020

Copy link to clipboard

Copied

What do you mean “gets a redirection”? 

Likes

translate

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Explorer ,
Jun 05, 2020 Jun 05, 2020

Copy link to clipboard

Copied

I mean it doesn't hit the intended URL because of something and the URL is made such that the incomplete request gets a redirection to some other URL(like login page).

Likes

translate

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Most Valuable Participant ,
Jun 05, 2020 Jun 05, 2020

Copy link to clipboard

Copied

So you are trying to get to s page that needs login. And it hits the server but the server doesn’t pass it on. The whole idea of bypassing login with cookies is very suspect. Your front end probably does some security tests like cookie origin, cross domain checks or whatever. Maybe it sends challenge/response. We can’t know and external inspection can’t find out. If one could just copy cookies to bypass login the internet would be a very unsafe place. You need to liaise with your server developers to find a secure route for whatever thing you must do. 

Likes

translate

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Explorer ,
Jun 15, 2020 Jun 15, 2020

Copy link to clipboard

Copied

Hi, I am understanding what you are saying but the organization I am developing it for, do it using this only. I can't challenge this way of bypassing login using cookies.

Likes

translate

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Explorer ,
Jun 21, 2020 Jun 21, 2020

Copy link to clipboard

Copied

Could anyone help with more inputs as to why is acrobat behaving strangely with the cookie?

Likes

translate

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Adobe Community Professional ,
Jun 24, 2020 Jun 24, 2020

Copy link to clipboard

Copied

Is there a cross domain issue?

 

https://www.adobe.com/devnet/articles/crossdomain_policy_file_spec.html

 

 

Thom Parker - Software Developer at PDFScripting
Use the Acrobat JavaScript Reference early and often

Likes

translate

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines