Your Turn, Part Two
-
- Forum Admin
- Posts: 496
- Joined: Sat May 28, 2011 9:14 am
- Location: Germany
The point is I'm not sure if "no cookies" is a sensible restriction for a web challenge. In my opinion it is not. In your opinion maybe it is. If adum or some other moderator were around, we could have a discussion about what restrictions there should be and which there should not be, but unfortunately there is no 'official guy' available for such discussions.
I wasn't expecting to get stuck in this challenge, since it seems fairly easy, but... here I am.
I'm using Postman to test my API, and it seems to work perfectly, then i submitthe challenge and suddenly it doesn't execute the code. The request arrives, but it seems to stop for no apparent reason (I activated all possible CORS for that page.)
The log reads:
https://shrib.com/#Ari5l4PvmY (I had to put it in a link otherwise the reply generated a 501 error)
As you can see, the request of 15:03 comes from Postman, while the request from 15:10 comes from hacker.org.
The postman one executes correctly, while the one from here doesn't do anything (by that I mean that in the first lines of code I log the request in a SQL table, the one from postman gets logged, the other one doesn't). I thought it was a matter of cross-domain request blocking policies, but they should all be disabled for that only page. Also, if Postman works, any external service should work.
Am I missing something obvious?
I'm using Postman to test my API, and it seems to work perfectly, then i submitthe challenge and suddenly it doesn't execute the code. The request arrives, but it seems to stop for no apparent reason (I activated all possible CORS for that page.)
The log reads:
https://shrib.com/#Ari5l4PvmY (I had to put it in a link otherwise the reply generated a 501 error)
As you can see, the request of 15:03 comes from Postman, while the request from 15:10 comes from hacker.org.
The postman one executes correctly, while the one from here doesn't do anything (by that I mean that in the first lines of code I log the request in a SQL table, the one from postman gets logged, the other one doesn't). I thought it was a matter of cross-domain request blocking policies, but they should all be disabled for that only page. Also, if Postman works, any external service should work.
Am I missing something obvious?