3

I have coded a python webserver, to gain access to the control panel you must fill in a token. This token is send to the webserver, the webserver then replies with the control panel.

All works fine, from my computer the token works everytime - HOWEVER, from an iOS device, it does not work 90% of the time > A token is not send most of the time!

HTML:

<!DOCTYPE html>
<html>
    <head>
        <title>Drakon</title>
        <link rel="stylesheet" type="text/css" href="access.css">
    </head>
    <body>

    <div class="login">
        <div class="heading">
            <h2>Gain access</h2>
            <form method="POST">

            <div class="input-group input-group-lg">
                <span class="input-group-addon"><i class="fa fa-lock"></i></span>
                <input name="token" type="password" class="form-control" placeholder="Token">
            </div>

            <button type="submit" class="float">Validate</button>
            </form>
        </div>
    </div>
    </body>
</html>

This is the POST-request I receive from an iOS device:

POST / HTTP/1.1\r\nHost: 192.168.2.4:8000\r\nReferer: http://192.168.2.4:8000/\r\nContent-Type: application/x-www-form-urlencoded\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: nl-nl\r\nAccept-Encoding: gzip, deflate\r\nOrigin: http://192.168.2.4:8000\r\nContent-Length: 10\r\nConnection: keep-alive\r\nUser-Agent: Mozilla/5.0 (iPad; CPU OS 7_1_2 like Mac OS X) AppleWebKit/537.51.2 (KHTML, like Gecko) Version/7.0 Mobile/11D257 Safari/9537.53\r\n\r\n

What I should get, and sometimes DO get for some reason:

POST / HTTP/1.1\r\nHost: 192.168.2.4:8000\r\nReferer: http://192.168.2.4:8000/\r\nContent-Type: application/x-www-form-urlencoded\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: nl-nl\r\nAccept-Encoding: gzip, deflate\r\nOrigin: http://192.168.2.4:8000\r\nContent-Length: 11\r\nConnection: keep-alive\r\nUser-Agent: Mozilla/5.0 (iPad; CPU OS 7_1_2 like Mac OS X) AppleWebKit/537.51.2 (KHTML, like Gecko) Version/7.0 Mobile/11D257 Safari/9537.53\r\n\r\ntoken=lucas

The difference: at the correct one (2nd one) there is a token=lucas at the end. How come the iOS device sometimes does not send this token along with the post request? Am I overseeing something?

In the bad scenario, all fails; the device is not even redirected to the homepage again, like it should do after an incorrect token.

The request is sent from safari browser on iOS device and not the iOS custom app.

JasonMArcher
  • 14,195
  • 22
  • 56
  • 52
Thomas Wagenaar
  • 6,489
  • 5
  • 30
  • 73
  • show the code you used to access the webservice – Vinay Jain May 22 '15 at 19:34
  • @VinayJain it's a webserver --> I'm just using Safari, as you can see in the POST requests – Thomas Wagenaar May 22 '15 at 19:34
  • I would use AFNetworking – Okhan Okbay May 22 '15 at 19:41
  • Maybe this could help : http://stackoverflow.com/questions/12506897/is-safari-on-ios-6-caching-ajax-results –  May 29 '15 at 15:27
  • 4
    One thing I find very strange is that in your first request, there is a Content-Length header. So Safari thinks it is sending something. Granted, its length is 10, not 11. How is the web server written? Are you using Flask? Django? As in, what is telling you that there is no POST data? I wrote a simple web server in Flask, used the same HTML, and the behavior was that POST data and headers would just be echoed back to the page. I couldn't reproduce this with an iPhone running iOS 8, and I don't have an iPad running iOS 7. But it'd help to understand the server environment. – pswaminathan May 31 '15 at 19:31
  • @pswaminathan Sorry for my late response, I just did some further research myself and noticed that I got nearly 100% POST data if I didn't run it from the Python IDE but just straight from the python file. If you want to test it yourself I'm willing to upload the server files. – Thomas Wagenaar Jun 02 '15 at 14:32
  • Yeah let's see it. Also, what IDE are you using? – pswaminathan Jun 02 '15 at 19:48
  • To find out which is broken the client (iOS) or the server you can sniff network traffic with Wireshark or something similar, then use Wireshark "decode as" -> HTTP to see if the POST body has reached the server. – Anton Krosnev Jun 03 '15 at 12:02

2 Answers2

0

Try adding enctype="multipart/form-data" to the form parameters.

jonystorm
  • 548
  • 4
  • 17
0

I also encountered this same issue.

Later I found out that browser is actually sending POST payload. but python socket read() function is returned once the headers are read without payload.

Change your code to read Content-Length header and use read(content_length) again to get the payload, if payload is not read with header.

Liju
  • 2,273
  • 3
  • 6
  • 21