I have an issue using the extension when the actual API is hidden behind Azure API Management service.
I'm making this request:
GET https://apim-BACKEND-SERVICE.azure-api.net/
Authorization: {{token}}
But get error about cookies:
OR: RequestError - Cookie not in this host's domain. Cookie:app-BACKEND-SERVICE.azurewebsites.net Request:apim-BACKEND-SERVICE.azure-api.net
RequestError: Cookie not in this host's domain. Cookie:app-BACKEND-SERVICE.azurewebsites.net Request:apim-BACKEND-SERVICE.azure-api.net
at Sj._beforeError (c:\Users\u01sga\.vscode\extensions\anweber.vscode-httpyac-6.12.1\dist\extension.js:164:18474)
at Sj._onResponseBase (c:\Users\u01sga\.vscode\extensions\anweber.vscode-httpyac-6.12.1\dist\extension.js:164:12741)
at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
at async Sj._onResponse (c:\Users\u01sga\.vscode\extensions\anweber.vscode-httpyac-6.12.1\dist\extension.js:164:14359)
at r.setCookie (c:\Users\u01sga\.vscode\extensions\anweber.vscode-httpyac-6.12.1\dist\extension.js:159:9241)
at c:\Users\u01sga\.vscode\extensions\anweber.vscode-httpyac-6.12.1\dist\extension.js:141:148102
at new Promise (<anonymous>)
at r.setCookie (c:\Users\u01sga\.vscode\extensions\anweber.vscode-httpyac-6.12.1\dist\extension.js:141:148002)
at c:\Users\u01sga\.vscode\extensions\anweber.vscode-httpyac-6.12.1\dist\extension.js:164:12615
at Array.map (<anonymous>)
at Sj._onResponseBase (c:\Users\u01sga\.vscode\extensions\anweber.vscode-httpyac-6.12.1\dist\extension.js:164:12590)
at Sj._onResponse (c:\Users\u01sga\.vscode\extensions\anweber.vscode-httpyac-6.12.1\dist\extension.js:164:14370)
at ClientRequest.<anonymous> (c:\Users\u01sga\.vscode\extensions\anweber.vscode-httpyac-6.12.1\dist\extension.js:164:14580)
at Object.onceWrapper (node:events:632:26)
at ClientRequest.emit (node:events:529:35)
at l.emit (c:\Users\u01sga\.vscode\extensions\anweber.vscode-httpyac-6.12.1\dist\extension.js:159:31404)
at HTTPParser.parserOnIncomingClient [as onIncoming] (node:_http_client:700:27)
at HTTPParser.parserOnHeadersComplete (node:_http_common:119:17)
at TLSSocket.socketOnData (node:_http_client:541:22)
at TLSSocket.emit (node:events:517:28)
at addChunk (node:internal/streams/readable:335:12)
at readableAddChunk (node:internal/streams/readable:308:9)
at Readable.push (node:internal/streams/readable:245:10)
at TLSWrap.onStreamRead (node:internal/stream_base_commons:190:23)
For some reason APIM exposes information about underlying service.
Probably, it is not right, but I don't have direct control over the instance of APIM.
I think it should not matter at the end as the same request works totally fine in other http clients lake Postman or REST Client.
And it works fine in curl:
curl -v --request GET \
--url https://apim-BACKEND-SERVICE.azure-api.net \
--header 'Accept: */*' \
--header 'Authorization: Bearer eyJ0eXA.....' \
--header 'User-Agent: httpyac'
* Host apim-BACKEND-SERVICE.azure-api.net:443 was resolved.
* IPv6: (none)
* IPv4: 20.224.76.234
* Trying 20.224.76.234:443...
* Connected to apim-BACKEND-SERVICE.azure-api.net (20.224.76.234) port 443
* ALPN: curl offers h2,http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* CAfile: /etc/ssl/certs/ca-certificates.crt
* CApath: /etc/ssl/certs
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384 / secp384r1 / RSASSA-PSS
* ALPN: server did not agree on a protocol. Uses default.
* Server certificate:
* subject: C=US; ST=WA; L=Redmond; O=Microsoft Corporation; CN=*.azure-api.net
* start date: Mar 1 18:04:55 2024 GMT
* expire date: Feb 24 18:04:55 2025 GMT
* subjectAltName: host "apim-BACKEND-SERVICE.azure-api.net" matched cert's "*.azure-api.net"
* issuer: C=US; O=Microsoft Corporation; CN=Microsoft Azure RSA TLS Issuing CA 04
* SSL certificate verify ok.
* Certificate level 0: Public key type RSA (2048/112 Bits/secBits), signed using sha384WithRSAEncryption
* Certificate level 1: Public key type RSA (4096/152 Bits/secBits), signed using sha384WithRSAEncryption
* Certificate level 2: Public key type RSA (2048/112 Bits/secBits), signed using sha256WithRSAEncryption
* using HTTP/1.x
> GET / HTTP/1.1
> Host: apim-BACKEND-SERVICE.azure-api.net
> Accept: */*
> Authorization: Bearer eyJ0eXAiOiJK....
> User-Agent: httpyac
>
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
< HTTP/1.1 200 OK
< Transfer-Encoding: chunked
< Content-Type: application/json; charset=utf-8
< Set-Cookie: ARRAffinity=6f27b92dd8bce13e55ecabe9082f50999260186a60dac081a691ca4a1657912c;Path=/;HttpOnly;Secure;Domain=app-BACKEND-SERVICE.azurewebsites.net
< Set-Cookie: ARRAffinitySameSite=6f27b92dd8bce13e55ecabe9082f50999260186a60dac081a691ca4a1657912c;Path=/;HttpOnly;SameSite=None;Secure;Domain=app-BACKEND-SERVICE.azurewebsites.net
< Request-Context: appId=cid-v1:100f597e-acb6-4859-9828-00de061ce4a4
< Date: Sun, 14 Apr 2024 16:53:20 GMT
<
* Connection #0 to host apim-BACKEND-SERVICE.azure-api.net left intact
{"data":{...}}}%
I have an issue using the extension when the actual API is hidden behind Azure API Management service.
I'm making this request:
But get error about cookies:
Console log:
For some reason
APIM
exposes information about underlying service. Probably, it is not right, but I don't have direct control over the instance of APIM.I think it should not matter at the end as the same request works totally fine in other http clients lake
Postman
or REST Client.And it works fine in
curl
:The most interesting part here:
in ARRAffinitySameSite it exposes the actual backend url. I think, the library does some validation under the hood.
Ideally it should not, or there should be a way to disable it.