0

My computer is connected to two different networks. Internet through ethernet and a local network through wifi on a different network card. The local network serves a webpage at 192.168.1.1.

I can access the local network at 192.168.1.1 through my browser, or even through postman requests. However, when I try to send HTTP requests to it through code it either times out or I get the following response:

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">\n
      <html><head>
      <title>400 Bad Request</title>
      </head><body>
      <h1>Bad Request</h1>
      <p>Your browser sent a request that this server could not understand.<br />
      </p>
      <hr>
      <address>Apache/2.4.51 (Win64) PHP/7.0.33 Server at localhost Port 80</address>
      </body></html>

I'm assuming the server running on 192.168.1.1 doesn't support non-browser connections or something? I have tried using both NodeJs and powershell.

Chris Eikrem
  • 496
  • 1
  • 5
  • 20
  • 1
    Depends on the type of HTTP request. For instance, most forms you interact with have a hidden form element called a 'Nonce' that is embedded to ensure a user loads the form before sending a form (prevents Cross Origin Request attacks, CSRF). To debug this, I would recommend using Fiddler in record mode (decrypt HTTPS if needed) and inspect your Put or GET requests to this site. Look for any form elements you didn't provide manually in the body. – FoxDeploy May 19 '22 at 13:18
  • 1
    @FoxDeploy you're right, my headers weren't correct! Thank you – Chris Eikrem May 24 '22 at 07:15

1 Answers1

1

Your API is not configured for cross-origin requests. You need to configure your server to allow these requests.

Access-Control-Allow-Origin: *

This will allow your API to receive requests from any origin, however can be a major security issue.

Configuring your API to accept requests only from specific origins fixes this issue.

Access-Control-Allow-Origin: hostname: port
Sagar Barapatre
  • 1
  • 4
  • 12
  • Yeah that's what I was afraid of. Thanks for your answer. Unfortunately, I don't have access to edit this API as it is the charger for my car. Is there a workaround for this? I thought about having the tab open constantly and create a chrome-extension to scrape the page, but it sounds quite tedious. – Chris Eikrem May 20 '22 at 06:53