REST + MID Server = No HTTP Header

StephenHey
Mega Guru

Background:
We are trying to integrate our Service-now instance with an application that provides a RESTful interface. This application is in our local space, so we must use a MID Server to access it. In addition, this application creates an authorization token and supplies that back in the response header. We need this authorization token because the application does not allow for authentication on every call. Only a call to a login URL will accept a basic login method. Calls to other URLs require a cookie or authorization token in a get/post header.

The Problem:
It appears that when we send a REST call through the MID Server, the MID Server does not pass back the HTTP header to the instance. When we try to execute code:


var r = new RESTMessage('myapplication', 'get');
r.setStringParameter('url', 'my/login/url');
var response = r.execute();

var k = 1;
while ( response == null ) {
gs.print( "waiting ... " + k + " seconds" );
response = r.getResponse( 1000 );
k++;

if ( k > 30 ) {
gs.log( 'service time-out' );
break; // service did not respond after 30 tries
}

}
gs.print(response.getHeaders());


response.getHeaders() does not return anything. The ECC output, however, does correctly contain the HTTP Response Body with the confirmation of login. Also, response.getStatusCode() returns a 200 code (Success).

Testing:
I wasn't sure if this was a Service-now limitation or a MID Server limitation, so I took our application out of the picture entirely. I created a new REST call, but I sent it to another one of my Service-now environments and pointed it towards our Windows Server table. Since we do not need a MID server from one instance to another instance, I did not include a MID Server here. When I ran response.getHeader() again, I received the response header!! I then added a MID Server into the mix and called out to my other instance again. This time, when I ran response.getHeader(), it returned nothing.

So, my questions are: Why does this happen? Any suggestions on how I fix it (or a new way that fits with this anti-stateless cookie method 🙂 )?
7 REPLIES 7

Shan16
Kilo Explorer

It has been a long time. Has MID server got support for HTTP headers now?

rodrigo_coronel
Tera Contributor

Has MID server got support for HTTP headers now?

Yes.  I just tried the following code snippet and was able to get the HTTP Headers using the MID Server in the REST Message Request:

 

var midName = "MID_NAME_GOES_HERE";

var request = new sn_ws.RESTMessageV2();
request.setEndpoint('https://MYINSTANCE.service-now.com/api/now/table/incident/44e8da890beff1100195f0d05777b201?sysparm_display_value=all');
request.setHttpMethod('GET');
request.setMIDServer(midName);

var user = 'USER_NAME_GOES_HERE';
var password = 'PASSWORD_GOES_HERE!';

request.setBasicAuth(user,password);
request.setRequestHeader("Accept","application/json");

var response = request.execute();

gs.log("getHeader('X-Content-Type-Options'): "+ response.getHeader("X-Content-Type-Options"));

 

The script yielded the following response:

 

*** Script: getHeader('X-Content-Type-Options'): nosniff