Content Viewer widget and red bar error loading document
evan.schott
Noel White, there is a red bar error in the widget when loading the document. The document loads, but it does not load comments data. To give you visibility on the issue and get your feedback on the issue I've copied some notes over.
The error is coming from an API call to getComments. I have posted the request and response below:
Request:
POST /__services/v2/rest/office/api/getComments/3863?time=1472498991372&docVersion=1 HTTP/1.1
Host: healthstream.hosted.jivesoftware.com
Connection: keep-alive
Content-Length: 10
Pragma: no-cache
Cache-Control: no-cache
Origin: https://healthstream.hosted.jivesoftware.com
X-J-Token: ""
X-Requested-With: ShockwaveFlash/22.0.0.209
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.82 Safari/537.36
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: https://healthstream.hosted.jivesoftware.com/conversion-viewer.jspa?conversionMetaDataID=3863
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.8,de;q=0.6
Response:
HTTP/1.1 403 Forbidden
Date: Mon, 29 Aug 2016 19:29:51 GMT
Server: Apache
X-Jive-Request-Id: f4aef600-6e1e-11e6-a5f7-005056a21b0e
X-Jive-Flow-Id: f4aef601-6e1e-11e6-a5f7-005056a21b0e
X-Frame-Options: SAMEORIGIN
P3P: CP="CAO PSA OUR"
Content-Type: application/json
Expires: Mon, 29 Aug 2016 19:29:51 GMT
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Cache-Control: no-store, no-cache, must-revalidate, private, max-age=0
X-JSL: D=3885 t=1472498991455832
Content-Length: 124
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
The issue seems to be an authentication error. To be sure, I tried this from a command line making the request directly:
$curl -i -u "admin:<password>" -XPOST "https://healthstream.hosted.jivesoftware.com/__services/v2/rest/office/api/getComments/3878?time=1472492622584&docVersion=1"
HTTP/1.1 403 Forbidden
Date: Mon, 29 Aug 2016 18:19:23 GMT
Server: Apache
X-Jive-Request-Id: 1ca91370-6e15-11e6-a5f7-005056a21b0e
X-Jive-Flow-Id: 1ca91371-6e15-11e6-a5f7-005056a21b0e
X-Frame-Options: SAMEORIGIN
P3P: CP="CAO PSA OUR"
Content-Type: application/json
Expires: Mon, 29 Aug 2016 18:19:23 GMT
Vary: Accept-Encoding,User-Agent
Cache-Control: no-store, no-cache, must-revalidate, private, max-age=0
X-JSL: D=3868 t=1472494763558842
{
"code" : 4026,
"message" : "The request could not be validated as originating from within the SBS application"
}
This API request endpoint only accepts requests that come from within the application.
Next I loaded one of the docs directly: https://healthstream.hosted.jivesoftware.com/docs/DOC-3181
This generated the same request (so the request itself doesn't come from the widget):
Request:
POST /__services/v2/rest/office/api/getComments/3863?time=1472506517241&docVersion=1 HTTP/1.1
Host: healthstream.hosted.jivesoftware.com
Connection: keep-alive
Content-Length: 10
Pragma: no-cache
Cache-Control: no-cache
Origin: https://healthstream.hosted.jivesoftware.com
X-J-Token: 6b2f612d184228a088b064f11c9895f44e3dd494f21350c7ce25a18cbd9b4d34
X-Requested-With: ShockwaveFlash/22.0.0.209
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.82 Safari/537.36
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: https://healthstream.hosted.jivesoftware.com/conversion-viewer.jspa?conversionMetaDataID=3863
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.8,de;q=0.6
Response:
HTTP/1.1 200 OK
Date: Mon, 29 Aug 2016 21:35:17 GMT
Server: Apache
X-Jive-Request-Id: 7a796340-6e30-11e6-a5f7-005056a21b0e
X-Jive-Flow-Id: 7a796341-6e30-11e6-a5f7-005056a21b0e
X-Frame-Options: SAMEORIGIN
P3P: CP="CAO PSA OUR"
Content-Type: application/json
Expires: Mon, 29 Aug 2016 21:35:17 GMT
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Cache-Control: no-store, no-cache, must-revalidate, private, max-age=0
X-JSL: D=13838 t=1472506517363554
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Transfer-Encoding: chunked
The request from the widget is missing the header parameter X-J-Token
Adding this to the header in my curl statement changed the return code to :
{
"code" : 4005,
"message" : "Current user has no permission to request the conversion metadata of id 3878"
}
Which is a step in the right direction.
Noel White can you take a look at the request header for the X-J-Token and see how the widget is handling this parameter?