HTTPS makeWebRequest - 404, in browser ok or 401

Hi!

I've already used ok some api requsts recently, then I needed to change url for another host + request, but got 404.

- in browser i got 401 for just url (see code), because no auth header its ok and its not 404 as I got in simulators.

- curl:

curl -H "Host: www.ukrposhta.ua" -H "Authorization: Bearer c3e02b53-3b1d-386e-b676-141ffa054c57" --compressed "https://www.ukrposhta.ua/status-tracking/0.0.1/statuses?barcode=0501698463278"

gives 200 and json (array of objects).

but in Connect IQ it just says 404 in the end in onReceive method.

Any ideas why ?

    function makeRequest() {
        var url = "https://ukrposhta.ua/status-tracking/0.0.1/statuses?barcode=0501695505620";
        var options = {
            :method => Comm.HTTP_REQUEST_METHOD_GET,
            :headers => {
                    "Content-Type" => Comm.REQUEST_CONTENT_TYPE_JSON,
                    "User-Agent" => "UkrPoshta/1 CFNetwork/1107.1 Darwin/19.0.0",
                    "Authorization" => "Bearer c3e02b53-3b1d-386e-b676-141ffa054c57"
            }
        };
        if (Comm has :makeWebRequest) {
           // in modern watches its executed 
            Comm.makeWebRequest(url, null, options, method(:onReceive));
        } else {
            Comm.makeJsonRequest(url, null, options, method(:onReceive));	
        }
    }
    function onReceive(responseCode, data) {
        var code = responseCode;
    }

Any ideas why ?

I even tried to use parameter barcode in as separate variable for request

var url = "https://www.ukrposhta.ua/status-tracking/0.0.1/statuses";

and

var params = { "barcode" => "0501698463278"};

same 404

curl -H "Host: www.ukrposhta.ua" -H "Authorization: Bearer XXXXX" --compressed "https://www.server.com"

Top Replies

All Replies

Evgeniy P. over 2 years ago

Oh and on device its ok - 200 or 401 without authorization

vaughan over 2 years ago

Hi, thanks for the hint. After reading some of the related links I remembered that I previously had to set 'Use Device HTTPS requirements' in the simulator, clearing this now enables me to download the json file into the simulator.

jim_m_58 over 2 years ago in reply to vaughan

If you had to uncheck "use Device HTTPS requirement" to work in the sim, you need to use https and not http in your url or there could be something wrong with the certificate on your server.

flocsy🤠 over 2 years ago in reply to jim_m_58

Does this mean that if it only works in the sim when I uncheck "Use Device HTTPS requirement" then it won't work from real devices? (I have a https certificate from letsencrypt/certbot) Is there a way to debug this? I mean what should I change in my server's ssl config to make it work?

jim_m_58 over 2 years ago in reply to flocsy🤠

To help see what's happening, use "View HTTP Traffic" in the sim with the checkbox on and off,

flocsy🤠 over 2 years ago in reply to jim_m_58

I tried that but when "Use Device HTTPS Requirements" is checked then all I see are the first few non textual lines, that I think belong to the https protocol. I also don't see a hit in nginx on the server, so it must be blocked by CIQ because of the ssl handshake.

Anyone knows how to configure nginx (or any other webserver for that matter) and the ssl for CIQ to be happy?

andyj713 over 2 years ago in reply to flocsy🤠

I have an nginx web server with a Let's Encrypt certificate, and it worked for me. Here's part of my nginx ssl.conf:

ssl_session_cache       shared:SSL:10m;
ssl_session_timeout     10m;
ssl_protocols           TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers       on;
ssl_ciphers             HIGH:!aNULL:!MD5;
ssl_ecdh_curve          secp384r1;
ssl_session_tickets     off;
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload";

I did not change any web setting in VC studio, in fact the only setting I changed is adding -k to the compiler options so it's basically right out of the box. I am simulating a Fenix 7x, but I hope that's not the cause of the different behavior.

flocsy🤠 over 2 years ago in reply to andyj713

Strange, even with fenix7, it's the same, I get 404 with the exact config you sent, when the "Use Device HTTPS Requirements" is checked.

andyj713 over 2 years ago in reply to flocsy🤠

Does the file you are trying to get have any non-json elements in it? Maybe it's some of your headers? I've kept it as simple as I know how:

function noaaRequest(stationID) as Void {
	var url = "https://api.tidesandcurrents.noaa.gov/mdapi/prod/webapi/stations/" + stationID + ".json";
	var params = {"units" => "metric", "expand" => "datums,harcon"};
	var options = {:method => Communications.HTTP_REQUEST_METHOD_GET,
	   :headers => {"Content-Type" => Communications.REQUEST_CONTENT_TYPE_URL_ENCODED},
	   :responseType => Communications.HTTP_RESPONSE_CONTENT_TYPE_JSON};
	var cbMethod = method(:onReceiveNOAA);
	Communications.makeWebRequest(url, params, options, cbMethod);
}

I have the parameters in a dictionary, not in the URL I'm requesting.

flocsy🤠 over 2 years ago in reply to andyj713

I "return" an empty file. 0 bytes. But that's not the issue because when the use device https requirements is enabled the request doesn't even show up in the nginx log, and when I disable it, then it works (get null as returned data)