Announcement

Collapse
No announcement yet.

HTTP Sender "application/x-www-form-urlencoded"

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #16
    On the standard HTTP Sender Destination, open a response transformer and Use below to capture your cookie.

    Code:
    chocolateCookies=$('responseHeaders').get('Set-Cookie')
    HL7v2.7 Certified Control Specialist!

    Comment


    • #17
      Awesome, that worked. One thing to mention though, I am getting this warning: "[2017-03-13 09:57:50,135] ERROR (com.mirth.connect.userutil.MessageHeaders:39): The get(key) method for retrieving Http headers is deprecated and will soon be removed. Please use getHeader(key) or getHeaderList(key) instead."

      Is that a Mirth thing, or a Java thing?

      update: nevermind, I just changed it to getHeader and it stopped complaining
      Last edited by ISpdxdc; 03-13-2017, 09:15 AM.

      Comment


      • #18
        So I'm not understanding where to go from here. Why isn't the response going back with the cookie from the http sender and firing a redirect? The html body of the 302 is going back to the browser but. I am pulling the cookie but not sure what next step is. Do I have to write a custom HTTP response to send back to the listener? Whats the magic incantation?

        local browser > http listener > channel writer > channel reader > http sender > send response with cookies back to browser (through http listener)
        Last edited by ISpdxdc; 03-13-2017, 12:26 PM.

        Comment


        • #19
          So I have no clue if I'm doing this correct, but I wrote another http sender, and I am taking the response of the first sender 302, parsing the cookie and the redirect URL and I am sending a GET using the cookie string to the redirect URL, and hoping to send that back to the original HTTP listener. The new Get is getting another 401, so I don't know if I'm supposed to do that.

          ***UPDATE*** I changed the response to xml body and parse multipart to Yes with metadata. I am seeing that my 302 is actually replying with sometimes multiple cookies. In this scenario where only 1 cookie comes back and I send a GET back to the URL with the header "Cookie" using the cookie they sent, I am actually getting a 200 response. In the situations where they send back multiple Set-Cookies and I send only 1 back I get a 401. The questions is how do I pull >1 cookie from the responseheaders using the response transformer? I tried a javascript step with something like $('responseHeaders').getHeader('Set-Cookie').toArray(), but that didn't work. Here is the transformed response:


          <HttpResponse>
          <Status>HTTP/1.1 302 Found</Status>
          <Header>
          <Field>
          <Name>Cache-Control</Name>
          <Value>private, s-maxage=0</Value>
          </Field>
          <Field>
          <Name>Server</Name>
          <Value>Microsoft-IIS/10.0</Value>
          </Field>
          <Field>
          <Name>X-AspNet-Version</Name>
          <Value>4.0.30319</Value>
          </Field>
          <Field>
          <Name>Set-Cookie</Name>
          <Value>Auth=EAAAAOnEt8xVSNLOHDHPfC5vefYZgC/==; path=/; secure</Value>
          </Field>
          <Field>
          <Name>Set-Cookie</Name>
          <Value>Auth=EAAAABSTz3Wt9ql6hfQ/e6VtK1M5a73LV+==; path=/; secure</Value>
          </Field>
          <Field>
          <Name>Content-Length</Name>
          <Value>176</Value>
          </Field>
          <Field>
          <Name>Date</Name>
          <Value>Tue, 14 Mar 2017 04:22:29 GMT</Value>
          </Field>
          <Field>
          <Name>Content-Type</Name>
          <Value>text/html; charset=utf-8</Value>
          </Field>
          <Field>
          <Name>Location</Name>
          <Value>/test/Edit/7fc1380e-fe47-49c4-beca-a735016fda79</Value>
          </Field>
          <Field>
          <Name>X-AspNetMvc-Version</Name>
          <Value>4.0</Value>
          </Field>
          <Field>
          <Name>X-Powered-By</Name>
          <Value>ASP.NET</Value>
          </Field>
          </Header>
          <Body multipart="no">&lt;html&gt;&lt;head&gt;&lt;title&g t;Object moved&lt;/title&gt;&lt;/head&gt;&lt;body&gt;
          &lt;h2&gt;Object moved to &lt;a href="/test/Edit/7fc1380e-fe47-49c4-beca-a735016fda79"&gt;here&lt;/a&gt;.&lt;/h2&gt;
          &lt;/body&gt;&lt;/html&gt;
          </Body>
          </HttpResponse>
          Last edited by ISpdxdc; 03-13-2017, 08:25 PM.

          Comment


          • #20
            The questions is how do I pull >1 cookie from the responseheaders using the response transformer?
            var chocolateCookies = []; //array
            or
            var chocolateCookies=new java.util.ArrayList();


            Maybe?
            HL7v2.7 Certified Control Specialist!

            Comment


            • #21
              http://javadocs.mirthcorp.com/connec...a.lang.String)
              Step 1: JAVA CACHE...DID YOU CLEAR ...wait, ding dong the witch is dead?

              Nicholas Rupley
              Work: 949-237-6069
              Always include what Mirth Connect version you're working with. Also include (if applicable) the code you're using and full stacktraces for errors (use CODE tags). Posting your entire channel is helpful as well; make sure to scrub any PHI/passwords first.


              - How do I foo?
              - You just bar.

              Comment


              • #22
                The vendor is saying I am successfully following the first redirect, but my 2nd redirect is failing due to encoding. I am only following the first redirect and then receiving back a 401. Is Mirth automatically following a redirect or is that something on their side? Is there a way to prevent or enable Mirth to follow redirects?

                Also, is there a way to make a conditional header on a http sender? In the 302 I am getting 1 or 2 cookies. In the case where I have multiple cookies I need to send a 2nd "Cookie" header in my GET. I hadn't tried setting up a 2nd and then just sending blank if I don't have it for testing, but was just wondering if I could do conditional headers in the HTTP Sender.
                Last edited by ISpdxdc; 03-14-2017, 11:00 AM.

                Comment


                • #23
                  Ok, I have verified that the web browser initiating the first query is pulling back the cookies and headers and location and everything if I just point the HTTP Sender response back to the listener. If I change the HTTP sender "Response Content" to XML Body this is what spits back out on the web browser:

                  HTTP/1.1 302 FoundCache-Controlprivate, s-maxage=0ServerMicrosoft-IIS/10.0X-AspNet-Version4.0.30319Set-CookieAuth=EAAAANJDdntPaEhIJsWM==; path=/; secureContent-Length176DateTue, 14 Mar 2017 20:43:01 GMTContent-Typetext/html; charset=utf-8Location/test/Edit/7fc1380e-fe47-49c4-beca-a735016fda79X-AspNetMvc-Version4.0X-Powered-ByASP.NET<html><head><title>Object moved</title></head><body> <h2>Object moved to <a href="/test/Edit/7fc1380e-fe47-49c4-beca-a735016fda79">here</a>.</h2> </body></html>

                  Funny thing is if I use fiddler on the Web browser side, I just see a 200 for a response to the initial GET, with no cookies and just the html. Is the listener sending the 200 back to the browser or is the browser saying it received the 302 and it processed it?


                  I have also tracked down another post by Narupley referring to sending a redirect back to the HTTP Listener, that says "Set the response status code to 301, and include Location in the response headers". I don't know if this is the same thing, but I hope it applies:

                  http://www.mirthproject.org/communit...light=redirect

                  As you can see from the output the only thing that it does not have is the 301(302 instead). I have already tried a Javascript Response Transformer where I did the following and then set the channel response to my "NewResponse". This just errors though.

                  var newresponse = responseMap.get('Destination Name');
                  newresponse = newresponse.replace("302", "301");
                  responseMap.put("NewResponse",newresponse);

                  How might I alter the response status correctly to give back to the http listener? Also since it doesn't seem it would have context to the full URL with that href, should I add the http://www.test.com/ piece to it?
                  Last edited by ISpdxdc; 03-14-2017, 04:56 PM.

                  Comment


                  • #24
                    Still working along on this with no pointers, but think I am making progress slowly. I am determined to make this work even if I'm just documenting my own anguish.

                    I have taken the 302 response I get and I am manually entering a 302 into the HTTP Listener response status field. I then use Fiddler on the web browser side to see what its receiving, and I see the 302. I also see the cookies.


                    HTTP/1.1 302 Found
                    Date: Wed, 15 Mar 2017 22:22:12 GMT
                    Content-Type: text/html; charset=UTF-8
                    Location: https://test-api-demo.test.com/test/...3-a73700fc1b85
                    Set-Cookie: Auth=EAAAAMC0fsjIWm8YlY0ld==; path=/; secure
                    Set-Cookie: Auth=EAAAADsz9jnYUTqjs6/n==; path=/; secure
                    Cache-Control: private, s-maxage=0
                    Server: Microsoft-IIS/10.0
                    X-AspNet-Version: 4.0.30319
                    X-AspNetMvc-Version: 4.0
                    X-Powered-By: ASP.NET
                    Connection: close
                    Content-Length: 0


                    I see the browser do a GET for the redirect on its own (no interaction from Mirth). I do however notice that there are no cookies in the get:

                    GET https://test-api-demo.test.com/test/...3-a73700fc1b85 HTTP/1.1
                    Accept: */*
                    Accept-Language: en-US
                    Accept-Encoding: gzip, deflate
                    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729)
                    Connection: Keep-Alive
                    Host: test.com


                    but then I get another 401:

                    HTTP/1.1 401 Unauthorized
                    Content-Type: text/html
                    Server: Microsoft-IIS/10.0
                    X-Powered-By: ASP.NET
                    Date: Wed, 15 Mar 2017 22:22:13 GMT
                    Content-Length: 1293
                    (HTML body with error msg, not relevant)


                    I verified in IE I removed all security blocks and enable 100% of all cookies. Does anyone know why IE would be ignoring the cookies from the original 302 and not sending them back with a get, or is the 302 bad? I have read that IE maybe rejecting the cookies because of some URI naming convention, but no idea if that is the issue.
                    Last edited by ISpdxdc; 03-15-2017, 02:36 PM.

                    Comment


                    • #25
                      The vendor is saying they aren't sending 2 cookies, he says they are sending 1 redirect (302) with one cookie, and then a second redirect with another cookie. I only get one response in Mirth with 2 cookies. If I had to guess, between what Mirth is showing and the vendor is telling me what is happening on his side, is that Mirth is following the first redirect itself, grabbing the cookie from that one, and then following the 2nd redirect and grabbing the cookie from it, but only showing the rest of the payload from the first 302 response. I can't get logs from the vendor to see both his 302s he says he is processing, but I bet if I did I would see both of the cookies in my 1 response are from both his 302s.


                      I've asked before, but I'll ask again, is there a way to enable or disable Mirth from following redirects automatically listener/sender, and without rewriting the interface in a javascript transformer? Not that I am opposed to rewriting the request in javascript, but I do have a significant amount of time put into developing this channel cleanly in the UI with minimal scripting. If the only way to prevent following redirects can be done is by creating a javascript writer and manually writing the http request, then does anyone have an example to share for the specific line of code, or omission of code that does that? If Mirth does not automatically follow redirects on POST, then does anyone have a clue why I see one response with 2 cookies, when the vendor says he sees two 302s with one cookie each?
                      Last edited by ISpdxdc; 03-16-2017, 11:35 AM.

                      Comment


                      • #26
                        I would suggest talking with experts on the Mirth Connect Slack Channel.

                        http://www.mirthcorp.com/community/f...d.php?t=216581


                        This thread is going no where.
                        HL7v2.7 Certified Control Specialist!

                        Comment


                        • #27
                          To be absolutely sure what's going on, take a network capture (e.g. with Wireshark).
                          Step 1: JAVA CACHE...DID YOU CLEAR ...wait, ding dong the witch is dead?

                          Nicholas Rupley
                          Work: 949-237-6069
                          Always include what Mirth Connect version you're working with. Also include (if applicable) the code you're using and full stacktraces for errors (use CODE tags). Posting your entire channel is helpful as well; make sure to scrub any PHI/passwords first.


                          - How do I foo?
                          - You just bar.

                          Comment


                          • #28
                            Originally posted by narupley View Post
                            To be absolutely sure what's going on, take a network capture (e.g. with Wireshark).

                            I did a Wireshark capture and it was helpful. I could see the 1 post and the 1 response. The vendor keeps saying he sees multiple posts, and he kept questioning why Mirth was "sending multiple posts". I think that proved to me that its on his side. He won't provide Fiddler logs from his side (refuses) so I can't do much to help debug that. He has admitted that he may have a bug in his response allowing 2 cookies and submitted a bug report, but he insists "the redirect should work with one of those cookies".... Not the answer I was looking for.

                            Those are secondary to the issue though that no matter what they send back in a 302, no browser will send the corresponding Cookie headers with the Get. All my research points to the fact that i am making the first get to http://mirthserver/ and the 302 redirect is to an HTTPS site. I think the browsers purposely do not respond with cookies in a redirect from http to https and/or to different domains as part of Web browser security. For instance if they were replying with cookies in a 302 initiated from an unsecure HTTP they would be able to be captured and impersonated. Only once the ssl connection is established would the cookies be secure. These are just things I think I understand from my research, but I am not a web request/browser expert.

                            On another note, the API vendor has provided us with the source code of an internal program of theirs that works as a proxy to their site. Open a browser, point it to the proxy listener, submit requests, they go out to their API website, and then the proxy pulls it back to the webpage. Basically the same thing as what I'm doing with Mirth. You know the funny thing? It doesn't work for this message either!!! It gets a 401, lol. So we tell the vendor and their response is, "well it works fine for us...."

                            I'm going to say pretty much all of this is out of scope for a Mirth interface since my research shows that it is functioning as designed, and that enough questions with what the vendor is doing have arisen, and with their refusal to log or debug has put us at a stand still. Laughable their own internal solution doesn't work either.

                            I'd say the only outstanding thing I would personally like to know is why browsers won't respond with cookies on the 302 redirect from http to https, and if there is a way to force it, but I will try a site like StackOverflow to follow through on that lead. Unless I come up with a solution, I'd say this is a good thread for documentation sake for posterity. Thx for pointers.

                            Comment


                            • #29
                              In case anyone is interested, I got it working. Instead of trying to process responses I found a way to make the browser POST the initial request. I send the request out to Mirth just like normal over an HTTP listener, then I take a javascript writer destination and return an HTML webpage to send back to the browser. The browser receives the web page and it does the POST, which gets around the 302 security issue. This is what I return to the browser, all plain text, no encoding:

                              <html>
                              <head>
                              <title>Redirect</title>
                              </head>
                              <body>
                              <form action="https://testAPI.test.com/" method="POST">
                              <input name="UserName" value="Test APIUser"/>
                              <input name="UserEmail" value="[email protected]"/>
                              <input name="PatientId" value="1d11eb2e-2606-485e-ad5d-a70c00daa37a"/>
                              <input name="Timestamp" value="Mon, 20 Mar 2017 19:11:24 GMT"/>
                              84c6-a7210111648b"/>
                              <input name="Token" value="MRVp/pBRBJ08F8cYMavfL8 ="/>
                              </form>
                              <script language="javascript"> window.setTimeout('document.forms[0].submit()', 0);</script>
                              </body>
                              </html>

                              Comment

                              Working...
                              X