can't get it to work with xmlrpc in a variety of environments
victorkane - January 16, 2008 - 13:37
| Project: | Services |
| Version: | 5.x-1.x-dev |
| Component: | Miscellaneous |
| Category: | bug report |
| Priority: | normal |
| Assigned: | Unassigned |
| Status: | closed |
Jump to:
Description
I have tried to access node.load and system.connect services, for example, using various clients, and I always get a 403 Forbidden response.
Everything works fine from http://empleos.mentor/admin/build/services/browse/node.load, and to simplify I have removed keys and session id requirements in the settings.
Examples:
Using the execute php block from the devel module:
$ret = xmlrpc('http://subdomain.example.com/services/xmlrpc', 'node.load', 7);
if (xmlrpc_error()) {
$error_num = xmlrpc_errno();
$error = xmlrpc_error();
print_r ($error);
}
print_r($ret);
Am I missing something elemental?
Thanks in advance for your help.
#1
Are you using shared hosting? I had the same problem and it turned out to be a security setting of the host. They allowed overridding the setting by adding the following into a .htaccess file:
<IfModule mod_security.c>SecFilterScanPOST off
</IfModule>
#2
No, this is on various different development boxes and a shared hosting and they all reply with 403, even with your .htaccess patch.
Thanks a million, anyway!
#3
Some months ago I wrote the article "Transmitting nodes between Drupal sites", where I used Drupal's core xmlrpc features for the purpose (see http://awebfactory.com.ar/node/234).
This is working in all the environments where I am trying to use your more functional and standardized layer over the Drupal core. But I cannot get yours to work, from one Drupal install to another, whether on the same box, same domain or different domains, whether hosted or development box.
Elevating to bug report (no-one has pointed me to an example where xmlrpc is working between sites).
#4
changed title to show that I am talking about xmlrpc
#5
Bump.
#6
Did you disable the session keys for the services and open up the permission for anonymous users?
#7
Yeah, thanks Rob, that does the trick. It works now. So this is fixed.
But can you give me an example of how to add some kind of security with this setup? (was hoping to use the user login and session etc.: any suggestions).
In any case, marking as fixed (see my Services for idiots page: http://awebfactory.com.ar/node/297 .
#8
If you download the latest version of Services, you'll be able to make domain-strict service calls that required you to pass a hashed private key, domain, and timestamp to the service before a request is completed.
#9
ah, cool, what would the syntax of that be, say, in my simple devel execute php example?
#10
Simple devel execute? When you make a call to a service the first parameter would be your public key (MD5ed private key, domain and timestamp), the second argument would be the domain, and the third argument would be the timestamp, and then the remaining method arguments.
#11
Automatically closed -- issue fixed for two weeks with no activity.