proxy page, tokens, error 498, password/username visible

KathleenBrenkert · ‎08-28-2014

I'm using the php proxy page from here: resource-proxy/PHP at master · Esri/resource-proxy · GitHub

It appears to work perfect however when I run it using firebug in firefox I can see my username and password for my secure service in both the response and the parameters. I can repeat this both within my network and without, and I am using https (unsigned).

log file shows:

08-28-14 15:54:42 | GET detected

08-28-14 15:54:42 | Using session token

08-28-14 15:54:42 | Authorization failed : {"error":{"code":498,"message":"Invalid Token","details":[]}}

08-28-14 15:54:42 | Retry attempt 1 of 3

08-28-14 15:54:42 | Resource using ArcGIS Server security

08-28-14 15:54:42 | Got token endpoint

08-28-14 15:54:42 | Adding token to session

08-28-14 15:54:42 | Using session token

08-28-14 15:54:42 | Ok to proxy

08-28-14 15:54:42 | Proxy complete

Just not sure what I've done. If I hadn't run firebug I would not have even noticed that my username/password is visible.

BjornSvensson · ‎08-28-2014

Kathleen Brenkert‌ - when you are using the proxy, the username/password will (should?) not be visible in firebug for a proxy request/response because the request from the proxy to your service doesn't go via the web browser. Are you sure that it's the network request/response to the proxy, and not some other request going from your application (but not using proxy)?

Can you share the exact request/responses you are seeing?

KathleenBrenkert · ‎08-29-2014

Thanks Bjorn! -I misread the firebug response, confused Query parameters with the config parameters (I had looked at it too long) - and my SSL is not working correctly. I think I've got that covered now, but would you know why I get the 498 error in the log file? I think it only appears when I am testing the live site, not when I am debugging. The program always picks it up on the retry, but still concerns me. Hopefully we'll get the SSL issues corrected today and then I'll start testing it again.

KathleenBrenkert · ‎09-02-2014

As of this morning the proxy page isn't working for me, can't figure out what might have changed over the weekend and the log file isn't very helpful. I have hard coded a request for a token and that is working, so I don't think it's my service. Any advice?

config file:

<?xml version="1.0" encoding="utf-8" ?>

<ProxyConfig allowedReferers="*"

logFile="proxy_log.log"

mustMatch="true">

<serverUrl url="http://gis.northcharleston.org/arcgis/rest/services"

matchAll="false" username="xxx" password="xxx"/>

</serverUrls>

</ProxyConfig>

the log file shows:

09-02-14 13:20:07 | GET detected

09-02-14 13:20:07 | Authorization failed : {"error":{"code":499,"message":"Token Required","details":[]}}

09-02-14 13:20:07 | Retry attempt 1 of 3

09-02-14 13:20:07 | Resource using ArcGIS Server security

09-02-14 13:20:07 | Got token endpoint

09-02-14 13:20:09 | Authorization failed : {"error":{"code":499,"message":"Token Required","details":[]}}

09-02-14 13:20:09 | Retry attempt 2 of 3

09-02-14 13:20:09 | Resource using ArcGIS Server security

09-02-14 13:20:09 | Got token endpoint

09-02-14 13:20:09 | Authorization failed : {"error":{"code":499,"message":"Token Required","details":[]}}

09-02-14 13:20:09 | Retry attempt 3 of 3

09-02-14 13:20:09 | Resource using ArcGIS Server security

09-02-14 13:20:09 | Got token endpoint

09-02-14 13:20:09 | Removing session value

09-02-14 13:20:09 | Authorization failed : {"error":{"code":499,"message":"Token Required","details":[]}}

09-02-14 13:20:09 | Proxy complete

BjornSvensson · ‎09-02-2014

It could be because the token expired, and that the proxy didn't refresh it correctly. Could you try re-starting the proxy (maybe by restarting the web server), and see if that (temporarily) makes the proxy work again?

KathleenBrenkert · ‎09-02-2014

restarted the web server and still getting the same error. Tried a new username/password and same error. Could my ssl affect it? We are using a wildcard ssl on IIS and a selfsigned on the site.

KathleenBrenkert · ‎09-04-2014

I've exhausted all my ideas at this point. I'm going to try and find another way to get the token, but please let me know if you have anymore suggestions.

CarlosKrefft · ‎10-04-2018

@Kathleen Brenkert : I'm having the same issue. Do you remember if and how you resolved this?

My resource proxy is using the same config as yours. I'm getting the same exact 499 error code with "Token Required".