C
C#3y ago
KKSK@🌸🎵🌸🎵🌸

HTTPS Local Network No Content Case

I have an AspNetCore HttpGet Api that returns NoContent; is a simple Api for registering an number to the server. I also have other HttpGet Api that returns contents. 
1) When the `NoContent` Api is accessed with domain name and https under the same machine where the AspNetCore Web Api is running, I get an error on the browser indicating `ERR_HTTP2_PROTOCOL_ERROR`. And the number is not registered.
This is by accessing the Api on the same machine through chrome with the URL of https://example.com
No option of `Proceed to localhost (unsafe)` is available.
1) When the `NoContent` Api is accessed with domain name and https under the same machine where the AspNetCore Web Api is running, I get an error on the browser indicating `ERR_HTTP2_PROTOCOL_ERROR`. And the number is not registered.
This is by accessing the Api on the same machine through chrome with the URL of https://example.com
No option of `Proceed to localhost (unsafe)` is available.
2) When the `NoContent` Api is accessed with `localhost` and either http or https under the same machine where the AspNetCore Web Api is running, I do not get an error. And the number is registered.
This is by accessing the Api on the same machine through chrome with the URL of http://localhost
With Https, I first get an `NET::ERR_CERT_COMMON_NAME_INVALID`, but after I clicked `Proceed to localhost (unsafe)`, the number is registered.
This is by accessing the Api on the same machine through chrome with the URL of https://localhost
2) When the `NoContent` Api is accessed with `localhost` and either http or https under the same machine where the AspNetCore Web Api is running, I do not get an error. And the number is registered.
This is by accessing the Api on the same machine through chrome with the URL of http://localhost
With Https, I first get an `NET::ERR_CERT_COMMON_NAME_INVALID`, but after I clicked `Proceed to localhost (unsafe)`, the number is registered.
This is by accessing the Api on the same machine through chrome with the URL of https://localhost
3) When the Api with content is accessed with domain name and https under the same machine where the AspNetCore Web Api is running, I am able to load the content successfully.
This is by accessing the Api on the same machine through chrome with the URL of https://example.com
3) When the Api with content is accessed with domain name and https under the same machine where the AspNetCore Web Api is running, I am able to load the content successfully.
This is by accessing the Api on the same machine through chrome with the URL of https://example.com
4) When the `NoContent` Api is accessed with domain name and https under different machine, I do not get an error. And the number is registered.
This is by accessing the Api on a different machine through chrome with the URL of https://example.com
This works either through internet, or on a different machine that connects with the server through PPTP VPN.
4) When the `NoContent` Api is accessed with domain name and https under different machine, I do not get an error. And the number is registered.
This is by accessing the Api on a different machine through chrome with the URL of https://example.com
This works either through internet, or on a different machine that connects with the server through PPTP VPN.
37 Replies
Up
Up3y ago
well you should not be using GET for mutating data, anyway. ..and then you'd just respond with 200 (ok) / 201 (created), not 204.
KKSK@🌸🎵🌸🎵🌸
KKSK@🌸🎵🌸🎵🌸OP3y ago
I mean is this a common issue with https and no content on the same machine? Or is it a possible configuration issue that action can be taken to resolve it but not evading it?
Up
Up3y ago
no. the https issue is that you're using an SSL cert and the machine doesn't trust it. either switch to serving http for localhost, or make the browser trust the cert you're using
KKSK@🌸🎵🌸🎵🌸
KKSK@🌸🎵🌸🎵🌸OP3y ago
So if you look at my case 1 and 2 is kind of different case one does not even have an option to trust but case 2 does
Up
Up3y ago
case 1 likely has this proceed button, too, if you expand the details. chrome likes to hide that option because well, it is a security risk.
KKSK@🌸🎵🌸🎵🌸
KKSK@🌸🎵🌸🎵🌸OP3y ago
no case 2 has it but it is hided also so I am aware of the option to show it
Up
Up3y ago
are you sending HSTS headers or anything?
KKSK@🌸🎵🌸🎵🌸
KKSK@🌸🎵🌸🎵🌸OP3y ago
I believe not
Up
Up3y ago
(it should tell you about that in the details screen where the proceed button would normally be)
KKSK@🌸🎵🌸🎵🌸
KKSK@🌸🎵🌸🎵🌸OP3y ago
let me provide a screenshot instead
KKSK@🌸🎵🌸🎵🌸
KKSK@🌸🎵🌸🎵🌸OP3y ago
This is the error of case 1
KKSK@🌸🎵🌸🎵🌸
KKSK@🌸🎵🌸🎵🌸OP3y ago
KKSK@🌸🎵🌸🎵🌸
KKSK@🌸🎵🌸🎵🌸OP3y ago
this is what I mean by case 2
Up
Up3y ago
$ curl --http2 --head https://ichigo.icu/verify/12345/Nih3J9WShu83Hgb76Hj
curl: (56) Failure when receiving data from the peer

$ curl --http2 --head http://ichigo.icu/verify/12345/Nih3J9WShu83Hgb76Hj
curl: (52) Empty reply from server
$ curl --http2 --head https://ichigo.icu/verify/12345/Nih3J9WShu83Hgb76Hj
curl: (56) Failure when receiving data from the peer

$ curl --http2 --head http://ichigo.icu/verify/12345/Nih3J9WShu83Hgb76Hj
curl: (52) Empty reply from server
looks like you're running on http, not https
KKSK@🌸🎵🌸🎵🌸
KKSK@🌸🎵🌸🎵🌸OP3y ago
The reason of you getting this is because there is bodymiddleware That filters ip Oh wait But your http work But it work on my machine
Up
Up3y ago
other than that, press F12, see if the dev console spits out any useful info
KKSK@🌸🎵🌸🎵🌸
KKSK@🌸🎵🌸🎵🌸OP3y ago
KKSK@🌸🎵🌸🎵🌸
KKSK@🌸🎵🌸🎵🌸OP3y ago
so on my machine this is powershell
Up
Up3y ago
add --head --http2
KKSK@🌸🎵🌸🎵🌸
KKSK@🌸🎵🌸🎵🌸OP3y ago
KKSK@🌸🎵🌸🎵🌸
KKSK@🌸🎵🌸🎵🌸OP3y ago
no problem
Up
Up3y ago
so.. working as intended
KKSK@🌸🎵🌸🎵🌸
KKSK@🌸🎵🌸🎵🌸OP3y ago
but this is case 4 where I accessed it through internet
KKSK@🌸🎵🌸🎵🌸
KKSK@🌸🎵🌸🎵🌸OP3y ago
KKSK@🌸🎵🌸🎵🌸
KKSK@🌸🎵🌸🎵🌸OP3y ago
case 1 still has issue
Up
Up3y ago
soo.. you're saying there's middleware blocking requests? are you 100% certain it is not blocking you here?
KKSK@🌸🎵🌸🎵🌸
KKSK@🌸🎵🌸🎵🌸OP3y ago
yeah
KKSK@🌸🎵🌸🎵🌸
KKSK@🌸🎵🌸🎵🌸OP3y ago
KKSK@🌸🎵🌸🎵🌸
KKSK@🌸🎵🌸🎵🌸OP3y ago
so the top is from host machine case 1 the bottom is through internet case 4 the reason I am 100% is not blocking is case 3 where content is loaded
Up
Up3y ago
that is a different status code than 204 tho..
KKSK@🌸🎵🌸🎵🌸
KKSK@🌸🎵🌸🎵🌸OP3y ago
KKSK@🌸🎵🌸🎵🌸
KKSK@🌸🎵🌸🎵🌸OP3y ago
the top first command with verify is case 1 the top second command with battlecfg is case 3 the bottom with verify is case 4
Up
Up3y ago
https://stackoverflow.com/questions/58215104/whats-the-neterr-http2-protocol-error-about suggests it may be your web server dropping the connection preemptively under certain circumstances still.. do me that favor and just switch to not using GET for mutating data. that will possibly fix this issue, and if not, will at least prevent you some future headaches
KKSK@🌸🎵🌸🎵🌸
KKSK@🌸🎵🌸🎵🌸OP3y ago
Yeah both work of using localhost with nocontent or not using it at all I was also suggested to have a frontend to handle https I was just curious is this by design that you cannot access no content httpget api with https and domain name from host machine
KKSK@🌸🎵🌸🎵🌸
KKSK@🌸🎵🌸🎵🌸OP3y ago
KKSK@🌸🎵🌸🎵🌸
KKSK@🌸🎵🌸🎵🌸OP3y ago
because http does work on host machine with no content
KKSK@🌸🎵🌸🎵🌸
KKSK@🌸🎵🌸🎵🌸OP3y ago
Want results from more Discord servers?
Add your server