Jump to content
Ketarin forum
JimH44

Accept header not sent

Recommended Posts

One source of software that I need now requires a valid Accept header with every request. (The webmaster said they do this to cut down on denial of service attacks and other problems.)

Ketarin doesn't send one, so I get a 403 Forbidden response.
(The version on Ketarin is 1.8.8 beta 4, running on Windows 7.)

I used WireShark to capture the packets involved [ket-no_accept-forbidden-pkt (Small).jpg].

Ketarin has a way of sending an Accept header, described at
https://wiki.ketarin.org/index.php/HTTPX_protocol so I tried this URL:
httpx://scripts.sil.org/cms/scripts/page.php?site_id=nrsi&id=ViewGlyph_home?header:accept=*/*

That request doesn't get past the first SYN in the SYN, SYN-ACK, ACK sequence.

When I try with Firefox, I see a separate Accept field, the default that firefox uses, as in [fox-default-accept (Small).jpg].

I got to this point, and wasn't allowed to upload any more screenshots, so I moved across to my Google Drive and made a doc there with all the screenshots in it. Please see the full message, with screenshots, at
https://docs.google.com/document/d/1eTuN1egYO2pfZvxKSozuP0fKA2yrYHiwLV8NNN3cV_o/edit?usp=sharing

Jim

 

 

ket-no_accept-forbidden-pkt (Small).jpg

Share this post


Link to post
Share on other sites

Indeed, Ketarin does not bother with HTTP accept. I will change that for the next version.

The reason why HTTPX is not working is because you already have parameters in the URLs so you need to append the header with "&" instead of "?".

Share this post


Link to post
Share on other sites

Thanks, floele.

I wasn't able to get httpx to produce an Accept header at that address even with "&" instead of "?".

I tried again at another site that doesn't require an Accept header:
httpx://sourceforge.net/projects/sevenzip/files/7-Zip/?header:accept=*/*

and still there wasn't any Accept header, as you can see in the screenshot [ket-forge-no-Accept (Small).jpg]
I tried it again without the "/" before the "?header . . .", with a similar result.

Ketarin seems to send the URL as entered in the recipe. It seems to me I should see in the packet a separate field
Accept: */*
like in the firefox screenshot in the Google Doc.

Have I not understood how to make httpx work?

ket-forge-no-Accept (Small).jpg

Share this post


Link to post
Share on other sites

floele, you said you plan to add Accept headers to Ketarin.

Do you plan to use a default Accept header?

Or perhaps you will let the user specify an Accept header for each recipe?

While I was finding out what Accept headers are, I came across this interesting article about the different default headers sent by different browsers, and how much more IE sends by default:
https://www.newmediacampaigns.com/blog/browser-rest-http-accept-headers

You might find it helpful, and this one as well:
https://developer.mozilla.org/en-US/docs/Web/HTTP/Content_negotiation/List_of_default_Accept_values

Thanks again,
Jim

Share this post


Link to post
Share on other sites

Yes, I will use a default header of "*/*" for all requests.

The HTTPX URL should work that way, maybe it's only working for the download and not variable URLs? Though it shouldn't make a difference.

Share this post


Link to post
Share on other sites

Thanks for your response. It seems that the HTTPX URL does not work for lookups for variables. Have another look at the most recent screenshot. You'll see that Ketarin sends an "Accept-Encoding" field, but does not send a separate "Accept" field. Instead, it sends the "?header:accept=*/*" as part of the main URL.

Looking forward to the updated version of Ketarin, when you get time.
Jim

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.