1

In the app I'm building, I need to send a secure POST request to an API. The body of the request is JSON. Specifying the request as below:

NSMutableURLRequest *urlRequest=[NSMutableURLRequest
                                     requestWithURL:
                                     [NSURL URLWithString: @"https://testserver.test:443/userinfo"]
                                     cachePolicy:NSURLRequestUseProtocolCachePolicy
                                     timeoutInterval:60.0];

[urlRequest setValue:@"application/json" forHTTPHeaderField:@"Accept"];
[urlRequest setValue:@"application/json" forHTTPHeaderField:@"Content-Type"];
[urlRequest setValue:delegate.currentUser.token forHTTPHeaderField:@".ASPXAUTH"];

[urlRequest setHTTPMethod:@"POST"];

[urlRequest setHTTPBody:postData];
NSURLConnection* connection = [[NSURLConnection alloc] 
                                initWithRequest:urlRequest delegate:self];

This most often works, but sometimes doesn't and will then get a 400: HTTPS Required message back. On the server side, these attempts show as if the request is sent to port 80 rather than 443 even though I've specified the port in the URL (should this even be necessary?).

Any ideas what I could be missing here?

Edit: This is the response I get when this happens

headers: {
"Cache-Control" = "no-cache";
"Content-Length" = 14;
"Content-Type" = "text/plain; charset=utf-8";
Date = "Tue, 16 Apr 2013 12:31:02 GMT";
Expires = "-1";
Pragma = "no-cache";
Server = "Microsoft-IIS/7.5";
"Set-Cookie" = "ARRAffinity=ed9f________________________________8ac4;Path=/;Domain=testserver.test:443, WAWebSiteSID=c390_________________0; Path=/; HttpOnly";
"X-AspNet-Version" = "4.0.30319";
"X-Powered-By" = "ASP.NET, ARR/2.5, ASP.NET";

}

Edit 2: Thoughts.

  1. Do I have to configure the NSMutableURLRequest somehow to make sure it uses a secure connection? Or the NSURLConnection?
  2. Why is it that it sometimes works and sometimes not?
Johanna
  • 11
  • 2

2 Answers2

1

Could there be multiple servers at the server end and one is not set up for HTTPS correctly? Since the problem occurs only some of the time it is unlikely to be a client issue. You shouldn't need to specify the port in the url.

ahwulf
  • 2,584
  • 15
  • 29
  • There is only one server, we're currently at the development stage and this server will not be in use with actual users. It is possible that the problem lies with the server, I just wanted to make sure I wasn't missing anything in my code. – Johanna Apr 16 '13 at 13:45
0

REST is a very high-level concept. In fact, it doesn't even mention HTTP at all!

If you have any doubts about how to implement REST in HTTP, you can always take a look at the Atom Publication Protocol (AtomPub) specification. AtomPub is a standard for writing RESTful webservices with HTTP that was developed by many HTTP and REST luminaries, with some input from Roy Fielding, the inventor of REST and (co-)inventor of HTTP himself.

In fact, you might even be able to use AtomPub directly. While it came out of the blogging community, it is in no way restricted to blogging: it is a generic protocol for RESTfully interacting with arbitrary (nested) collections of arbitrary resources via HTTP. If you can represent your application as a nested collection of resources, then you can just use AtomPub and not worry about whether to use PUT or POST, what HTTP Status Codes to return and all those details.

This is what AtomPub has to say about resource creation:

To add members to a Collection, clients send POST requests to the URI of the Collection.

Hope this helps.

Mayur Prajapati
  • 5,454
  • 7
  • 41
  • 70
  • Thanks for responding, it doesn't really help me with my problem though. Apologies if my question was not specific enough. – Johanna Apr 16 '13 at 12:48