Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Access vuforia vws with react forbidden header

Tags:

xmlhttprequest

reactjs

react-redux

vuforia

I'm trying to call vuforia's webservice using react + axios, reading the docs of vuforia and following those steps when I make the call I get an error in chrome's console log which is:

xhr.js:121 Refused to set unsafe header "Date"

But if I understand correctly I have to declare the header "Date" in the request. How can I solve that, here is my code:

class App extends Component {
  componentDidMount() {
    var md5 = require('md5');
    var base64 = require('base-64');
    var hmacsha1 = require('hmacsha1');
    var contentType = "application/json";
    var hexDigest = "d41d8cd98f00b204e9800998ecf8427e";
    var accessKey = "xxxxxxxxxxxx";
    var secretKey = "xxxxxxxxxxx";
    var date = new Date().toUTCString();
    var url = `${'https://cors-anywhere.herokuapp.com/'}https://vws.vuforia.com/targets`;
    var dateValue = date;
    var requestPath = url;
    var newLine = '\n';
    var toDigest = `GET${newLine}${hexDigest}${newLine}${contentType}${newLine}${dateValue}${newLine}${requestPath}`;
        var shaHashed = hmacsha1(secretKey, toDigest);

    var signature = base64.encode(shaHashed);
    const config = {
        headers: {
        'Date': `${date}`,
        'Authorization': `VWS ${accessKey}:${signature}`
    }
}
console.log(toDigest);
axios.get(url, config,{ crossdomain: true })
.then(json => console.log(json))
}

console.log(toDigest):

GET
d41d8cd98f00b204e9800998ecf8427e
application/json
Mon, 29 Oct 2018 12:45:26 GMT
https://cors-anywhere.herokuapp.com/https://vws.vuforia.com/targets
like image 889
AND4011002849 Avatar asked Oct 29 '18 13:10

AND4011002849

1 Answers

Change your config code from

const config = {
    headers: {
    'Date': `${date}`,
    'Authorization': `VWS ${accessKey}:${signature}`
}

to

const config = {
    headers: {
    'Authorization': `VWS ${accessKey}:${signature}`
}

XMLHttpRequest isn't allowed to set the Date header, it is being set automatically by the browser. The reason is that by manipulating these headers you might be able to trick the server into accepting a second request through the same connection, one that wouldn't go through the usual security checks - that would be a security vulnerability in the browser. Here's the list of HTTP headers you can't set by yourself.

Let me know if you are still getting the error.

like image 157
Goldy Avatar answered Oct 19 '22 16:10

Goldy
Sign in to Comment

Related questions

How to create multiple entries and output for create-react-app and keep them separated?
How to limit style to component level in React?
react.js dynamically generated forms based on DRF HTTP OPTIONS
React app componentDidMount not getting props from parent
How to only allow a specific element type as children using Flow and React?
React Native app starts to a white screen
How to access a child within LoadableComponent and Route?
Styled SVG component
Error in console of AXIOS
React application with external plugins
How to change size of Toggle Switch in Material UI
How to make reactstrap modal open or close from parent component
Ant Design with sass in React with create-react-app
Passing .NET Core Environment to React.JS app
React Native Navigation / Context API
React Native - Global Event Listener
Production build is too large
React TypeScript: Types of property 'X' are incompatible. Type 'Y' is not assignable to type 'Z'
How to properly set the Gatsby.js homepage?
Babel ES-Lint parse errors in imported module. Cannot find module './parse-with-patch'

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!