none
HTTP response headers in metadata RRS feed

  • Question

  • I've got a query using Web.Contents to POST a report job on a server. The response header contains a token appended to the location, which I need to query the status of the job and ultimately retrieve the data. When I use Value.Metadata(Web.Contents(...)), the Headers field contains a record, but it only appears to contain Content-Type. 

    I've duplicated this POST request in Postman, and the response headers Connection, Content-Length, Content-Type, Date, Location and Server are all returned. The Content-Type matches the record in the Header metadata, and since I didn't include charset in the POST request, I'm confident this is from the response, so we are getting at least *some* of the response.

    Are the rest being stripped from the metadata by Web.Contents()? If not, is there some way I can access Location?

    Thanks in advance.


    Friday, June 9, 2017 12:54 AM

Answers

  • Hi Chris. It comes down to security. We limit the headers you're allowed to read to prevent someone from being able to construct a malicious query that reads a user's auth-related header values. We also restrict the header values you're allowed to generate to prevent the possibility of PQ being used for session hijacking.

    Ehren

    • Marked as answer by Chris Dutch Friday, June 16, 2017 8:06 PM
    Friday, June 16, 2017 7:46 PM
    Owner

All replies

  • I've seen some APIs where the token has been returned as a record field in the Web.Content-result itself. Have you tried skipping the Value.Metadata?

    Imke Feldmann
    MVP Data Platform
    TheBIccountant.com


    Friday, June 9, 2017 4:38 AM
    Moderator
  • I have. The body of the response is empty; the only place it returns this token is in the headers. I have verified this in the output from Postman.


    Friday, June 9, 2017 6:15 AM
  • I am also working against an implementation of auth where the access_token is returned in the response header and as yet, I haven't found out a way to access this data. Web.Contents() seems to just return the response body. I would be interested to know if I can access the header content as this will be a blocker for me working against these APIs in Power BI.

    JonShaw

    Saturday, June 10, 2017 3:05 PM
  • Hi Chris. As you've discovered, we do limit the header information that's exposed via the metadata returned by a Web.Contents call. Currently the only way to get around this would be to write a custom data connector.

    Ehren

    Thursday, June 15, 2017 10:21 PM
    Owner
  • Thanks. Ultimately that's what I wound up doing - sending the POST request in VBA and dumping the token into a table, which I could then get in Power Query. However, this is a solution that only works for Excel. 

    What's the rational for restricting access to the headers?

    • Marked as answer by Chris Dutch Friday, June 16, 2017 8:06 PM
    • Unmarked as answer by Chris Dutch Friday, June 16, 2017 8:06 PM
    Thursday, June 15, 2017 11:46 PM
  • Hi Chris. It comes down to security. We limit the headers you're allowed to read to prevent someone from being able to construct a malicious query that reads a user's auth-related header values. We also restrict the header values you're allowed to generate to prevent the possibility of PQ being used for session hijacking.

    Ehren

    • Marked as answer by Chris Dutch Friday, June 16, 2017 8:06 PM
    Friday, June 16, 2017 7:46 PM
    Owner
  • Thanks. :)
    Friday, June 16, 2017 8:06 PM
  • Custom data connectors: https://powerbi.microsoft.com/en-us/blog/data-connectors-developer-preview/

    And the docs: https://github.com/Microsoft/DataConnectors

    This is huge!

    Friday, June 16, 2017 9:11 PM