Difference between revisions of "Talk:LlHTTPRequest"

From Second Life Wiki
Jump to navigation Jump to search
 
 
(21 intermediate revisions by 14 users not shown)
Line 1: Line 1:
== Headers ==
I have a Question ..
Does POST work ?
I couldnt get it working
Anylyn Hax 13:34, 28 July 2007 (PDT)
 
 
The following headers will be present, usable by scripts running on the HTTP server if the scripting language allows you to access the headers.
The following headers will be present, usable by scripts running on the HTTP server if the scripting language allows you to access the headers.


'''HTTP_X_SECONDLIFE_SHARD'''<br>
An PHP example on how to check to see if the call came from the main grid:
The environment the object is in. "Production" is the main grid, don't know the value for the beta grid.<br>
<?php
Eg: Production
    if ($_SERVER["HTTP_X_SECONDLIFE_SHARD"] == "Production") {
        echo 'You are using the main grid';
    } else {
        echo 'You are not using the main grid';
    }
?>
 
== Odd format for header names ==
 
Why are the headers listed as HTTP_SOME_HEADER_NAME, when the sent headers are in the format Some-Header-Name? Is there some benefit to putting false values that match conventions used by CGI, but aren't actually correct?
* This is because you are looking at a global property with a lot more information than just headers. Some functions like listed below handle the stripping of the HTTP_ information, but you could also just use substr to remove the HTTP_ [[User:Wouter Hobble|Wouter Hobble]] - 4 July 2008
 
I am aware that the example given above works, but (assuming that you're using mod_php) this would too, and reflects the real header names:
<?php
$headers = apache_request_headers();
if($headers['X-SecondLife-Shard'] == 'Production')
{
    print "You are on the main grid.";
}
else
{
    print "You are on a preview grid.";
}
?>
Additionally, the current information does not show the capitalisation, thus further confusing the matter.
[[User:Katharine Berry|Katharine Berry]] 09:55, 21 June 2007 (PDT)
 
== Root Certificates ==
Can someone add a list of root certificates to this article?
 
I know that Verisign, Thawt, and RapidSSL are accepted, I know that CACert.org is not.
 
== [[HTTP_VERIFY_CERT]] behavior clarification ==


'''HTTP_X_SECONDLIFE_OBJECT_NAME'''<br>
Even when HTTP_VERIFY_CERT is set to FALSE, if the certificate domain name does not match the URL domain you will get a HTTP 499 response.
The name of the object the script is in<br>
{{Unsigned|Apotheus Silverman}}
Eg: Object


'''HTTP_X_SECONDLIFE_OBJECT_KEY'''<br>
:That does not sound like a bug. That sounds like a feature. If I tried to access https://www.microsoft.com and the certificate was for hax0r.com I would be thinking there was a man-in-the-middle attack happening. On the flip side if you don't verify the signing authority you can pretend to be anyone you want. I don't know which is worse, the false sense of security or certificate impersonation. -- '''[[User:Strife_Onizuka|Strife]]''' <sup><small>([[User talk:Strife_Onizuka|talk]]|[[Special:Contributions/Strife_Onizuka|contribs]])</small></sup> 13:21, 15 October 2008 (PDT)
The key of the object the script is in<br>  
Eg: 01234567-89ab-cdef-0123456789abcdef0


'''HTTP_X_SECONDLIFE_REGION''' <br>
== Region limit ==
The name of the region the object is at, along with two number (coordinates of the sim?)<br>
Eg: Jin Ho (264448, 233984)


'''HTTP_X_SECONDLIFE_LOCAL_POSITION''' <br>
Besides the 25/sec/script limit there is some limit per time per REGION.
The position the object has in a region <br>
Error Message "This region currently has too many in progress HTTP requests."
Eg: (173.009827, 75.551231, 60.950001)
so what is it?


'''HTTP_X_SECONDLIFE_LOCAL_ROTATION'''<br>
== I am totally confused ==
The rotation of the object<br>
Eg: 0.000000, 0.000000, 0.000000, 1.000000


'''HTTP_X_SECONDLIFE_LOCAL_VELOCITY'''<br>
I gulp a stare. I hope it makes sense to me one day. -- '''[[User:EddyFragment Robonaught|Eddy]]''' <sup><small>([[User talk:EddyFragment_Robonaught|talk]]|[[Special:Contributions/EddyFragment_Robonaught|contribs]])</small></sup> 15:55, 10 June 2009 (UTC)
The velocity of the object<br>
Eg: 0.000000, 0.000000, 0.000000


'''HTTP_X_SECONDLIFE_OWNER_NAME'''<br>
== POST? ==
Name of the owner of the object <br>
Eg: Zeb Wyler


'''HTTP_X_SECONDLIFE_OWNER_KEY'''<br>
I Could Not Get Post To Work To A PHP page, It Was Picked Up By The Page As A Get.
Key of the owner of the object<br>
Eg: 01234567-89ab-cdef-0123456789abcdef0
llHTTPRequest(url, [HTTP_METHOD, "POST"], "");


Post, Put, And Get All Came Across As Get On The Server. So Does HTTP_METHOD Not Work?[[User:Adicted Waco|Adi]] 19:48, 20 August 2009 (UTC)


An PHP example on how to check to see if the call came from the main grid:
== References to forum threads are now broken ==
  <?php
 
    if ($_SERVER["HTTP_X_SECONDLIFE_SHARD"] == "Production") {
The references to threads in the now closed old forums (re caveat on throttling) are now broken; LL have indicated that (at the time of writing) it will be four weeks until the archives are available. I've added a comment to this effect on the page, but perhaps someone knows a better way to handle this. [[User:Pete Olihenge|Pete Olihenge]] 10:09, 16 February 2010 (UTC)
        echo 'You are using the main grid';
 
    } else {
The forum archives have come online. But it doesn't look like you can search them by thread number (which is used in the original URL) and as I have no idea what the original threads were called, I can't see any way of updating the broken links. [[User:Pete Olihenge|Pete Olihenge]]
        echo 'You are not using the main grid';
 
    }
== HTTP 302 Redirects not being followed ==
?>
 
I POST form data to my server which in turn redirects me sending an HTTP 302 status code which does not seemed to be followed as it says in the Wiki. Any comments? [[User:Epilort Byrne|Epilort Byrne]] 17:05, 1 March 2010 (UTC)
 
: After my experiments I would say it only follows GET requests --[[User:Kuraiko Yoshikawa|Kuraiko Yoshikawa]] 01:59, 11 May 2010 (UTC)
 
::RFC2616 §10.3.3 prohibits the "user agent" (llHTTPRequest, in this case) from following a 301 or 302 automatically:
::"If the 302 status code is received in response to a request other than GET or HEAD, the user agent MUST NOT automatically redirect the request unless it can be confirmed by the user, since this might change the conditions under which the request was issued."
::If you want the user agent to GET another URL after your POST, you should send a 303 status code back, with the desired URL.  (I'm not sure if llHTTPRequest understands 303s, however.)
::--[[User:Pauline Darkfury|Pauline Darkfury]] 10:57, 18 July 2011 (PDT)
 
== HEAD is also a valid HTTP_METHOD ==
 
Or at least it functions by retrieving the header when used, which makes llGetHTTPHeader an odd inclusion.

Latest revision as of 18:15, 12 November 2024

I have a Question .. Does POST work ? I couldnt get it working Anylyn Hax 13:34, 28 July 2007 (PDT)


The following headers will be present, usable by scripts running on the HTTP server if the scripting language allows you to access the headers.

An PHP example on how to check to see if the call came from the main grid:

<?php
    if ($_SERVER["HTTP_X_SECONDLIFE_SHARD"] == "Production") {
        echo 'You are using the main grid';
    } else {
        echo 'You are not using the main grid';
    }
?>

Odd format for header names

Why are the headers listed as HTTP_SOME_HEADER_NAME, when the sent headers are in the format Some-Header-Name? Is there some benefit to putting false values that match conventions used by CGI, but aren't actually correct?

  • This is because you are looking at a global property with a lot more information than just headers. Some functions like listed below handle the stripping of the HTTP_ information, but you could also just use substr to remove the HTTP_ Wouter Hobble - 4 July 2008

I am aware that the example given above works, but (assuming that you're using mod_php) this would too, and reflects the real header names:

<?php
$headers = apache_request_headers();
if($headers['X-SecondLife-Shard'] == 'Production')
{
    print "You are on the main grid.";
}
else
{
    print "You are on a preview grid.";
}
?>

Additionally, the current information does not show the capitalisation, thus further confusing the matter. Katharine Berry 09:55, 21 June 2007 (PDT)

Root Certificates

Can someone add a list of root certificates to this article?

I know that Verisign, Thawt, and RapidSSL are accepted, I know that CACert.org is not.

HTTP_VERIFY_CERT behavior clarification

Even when HTTP_VERIFY_CERT is set to FALSE, if the certificate domain name does not match the URL domain you will get a HTTP 499 response. —The preceding unsigned comment was added by Apotheus Silverman

That does not sound like a bug. That sounds like a feature. If I tried to access https://www.microsoft.com and the certificate was for hax0r.com I would be thinking there was a man-in-the-middle attack happening. On the flip side if you don't verify the signing authority you can pretend to be anyone you want. I don't know which is worse, the false sense of security or certificate impersonation. -- Strife (talk|contribs) 13:21, 15 October 2008 (PDT)

Region limit

Besides the 25/sec/script limit there is some limit per time per REGION. Error Message "This region currently has too many in progress HTTP requests." so what is it?

I am totally confused

I gulp a stare. I hope it makes sense to me one day. -- Eddy (talk|contribs) 15:55, 10 June 2009 (UTC)

POST?

I Could Not Get Post To Work To A PHP page, It Was Picked Up By The Page As A Get.

llHTTPRequest(url, [HTTP_METHOD, "POST"], "");

Post, Put, And Get All Came Across As Get On The Server. So Does HTTP_METHOD Not Work?Adi 19:48, 20 August 2009 (UTC)

References to forum threads are now broken

The references to threads in the now closed old forums (re caveat on throttling) are now broken; LL have indicated that (at the time of writing) it will be four weeks until the archives are available. I've added a comment to this effect on the page, but perhaps someone knows a better way to handle this. Pete Olihenge 10:09, 16 February 2010 (UTC)

The forum archives have come online. But it doesn't look like you can search them by thread number (which is used in the original URL) and as I have no idea what the original threads were called, I can't see any way of updating the broken links. Pete Olihenge

HTTP 302 Redirects not being followed

I POST form data to my server which in turn redirects me sending an HTTP 302 status code which does not seemed to be followed as it says in the Wiki. Any comments? Epilort Byrne 17:05, 1 March 2010 (UTC)

After my experiments I would say it only follows GET requests --Kuraiko Yoshikawa 01:59, 11 May 2010 (UTC)
RFC2616 §10.3.3 prohibits the "user agent" (llHTTPRequest, in this case) from following a 301 or 302 automatically:
"If the 302 status code is received in response to a request other than GET or HEAD, the user agent MUST NOT automatically redirect the request unless it can be confirmed by the user, since this might change the conditions under which the request was issued."
If you want the user agent to GET another URL after your POST, you should send a 303 status code back, with the desired URL. (I'm not sure if llHTTPRequest understands 303s, however.)
--Pauline Darkfury 10:57, 18 July 2011 (PDT)

HEAD is also a valid HTTP_METHOD

Or at least it functions by retrieving the header when used, which makes llGetHTTPHeader an odd inclusion.