Hi Rick,
first of all a happy new year!
We are trying to use the wwHttp class to connect to a REST API of a device which is connected to our network.
Before that we tested a POST call to the REST API with the Firefox Add-On RESTer and it worked.
The following POST command is supposed to give a Response "204 No Content" and in the header included "Authorization: Bearer eyJhbGciOiJSUzI1NiI...".
However, when using wwHttp, we get an error:
DO wwclient
oHttp = CREATEOBJECT("wwHTTP")
oHttp.AddHeader("Content-Type", "application/json")
oHttp.AddHeader("Accept","application/json")
TEXT TO lcJson noshow
{
"username": "admin",
"password": "123456"
}
ENDTEXT
lcJson = STRCONV(lcJson, 9)
lcUrl = [https://192.168.120.23:8450/rest/login]
lcJsonResult = oHttp.Post(lcUrl, lcJson) && remains empty
cAuthorizationBearer = oHttp.GetHttpHeader("Authorization") && remains empty
cErrorMessage = oHttp.cErrorMsg && Translated from german: "The certification point is not valid."
cErrorNumber = oHttp.nError && 12045
What could be the reason why the same command is working with Firefox but not with VFP/wwHttp? When using msxml2 via VFP we get a IDispatch error, that's why we were trying out wwHttp.
Any ideas, what goes wrong?
Thanks, Manni
PS: The "Purchase" button on this page https://client-tools.west-wind.com/ leads to a wrong page.
Hi Manni,
please forgive me for jumping in. I suspect that you must change TEXT TO lcJson noshow to TEXT TO lcJson noshow pretext 15 in order to remove redundant white space.
Hi Tore,
thank you for your suggestion! I added "PRETEXT 15" but it makes no difference.
Meanwhile we found a solution for the request with VFP/MSXML directly. The IDispatch error seems to come from a SSL certificate error, which can be ignored by adding oHTTP.setOption(2, 13056).
TEXT TO lcJson noshow
{
"username": "admin",
"password": "123456"
}
ENDTEXT
lcJson = STRCONV(lcJson, 9)
oHTTP = NEWOBJECT("MSXML2.ServerXMLHTTP.6.0") && instead of msxml2.XMLHTTP.6.0
oHTTP.OPEN("POST", [https://192.168.120.23:8450/rest/login], .F.)
oHTTP.setRequestHeader("Content-Type", "application/json")
oHTTP.setRequestHeader("accept", "application/json")
oHTTP.setOption(2, 13056) && bypass SSL certificate errors - THIS DID THE TRICK!
oHTTP.SEND(lcJson)
Is there a way to ignore the SSL certificate error with wwHttp, too?
Thanks, Manni
For wwHttp you can ignore certificate errors:
loHttp = CREATEOBJECT("wwHttp")
loHttp.lIgnoreCertificateWarnings = .T.
This internally sets various connection flags that are similar to what MSXML does.
FWIW it's a very bad idea to ignore certificate warnings. Fix the certificates or how you connect to them - otherwise the security of the certificates is likely not safe - you could be hitting man in the middle certificates and never know it.
+++ Rick ---
Thank you, Rick, that works!
FWIW it's a very bad idea to ignore certificate warnings. Fix the certificates or how you connect to them - otherwise the security of the certificates is likely not safe - you could be hitting man in the middle certificates and never know it.
I wish I had a better understanding of certificats in general and how to connect properly.
I am only trying to consume the REST API as a client and have not found anything in the API description about any certificates. Could you please explain me the basics about this or how I can find information about the certificates?
Thanks, Manni
This is something that needs to be fixed on the server you're calling. There's a certificate there that isn't working. This could be a protocol warning (ie. non-support of a newer protocol) or it could be an expired cert, but either way it's something that pertains to the server's certificate or - if it's not from a public certificate authority, ie. a private cert - if it's not installed properly locally.
+++ Rick ---
Thanks. I'll try to contact the vendor then to get some information about the certificate, thought it could be something I can check on my side.
By the way: Really like your new album! 😃 Manni