Here we look at the HTTP Headers that are sent and received when a client (browser) requests a wiki-page (json).
You can view these headers live by using a browsers built in debigging tools.
# General Headers
URL:http://hosting.permanent.wiki/benefits.json Request Method:GET Status Code:304 Not Modified Remote Address:46.101.23.193:80 Referrer Policy:no-referrer-when-downgrade
# Response Headers
Access-Control-Allow-Origin:* Connection:keep-alive Date:Fri, 11 Aug 2017 15:30:27 GMT ETag:W/"1d82-/8gSZrOC8VjOTrterPBk3JkcRpY"
# Request Headers
Accept:application/json, text/javascript, */*; q=0.01 Accept-Encoding:gzip, deflate Accept-Language:en-GB,en-US;q=0.8,en;q=0.6 Connection:keep-alive Cookie:wikiSession=JSON Web Token Host:hosting.permanent.wiki If-None-Match:W/"1d82-/8gSZrOC8VjOTrterPBk3JkcRpY" Referer:http://hosting.permanent.wiki/view/welcome-visitors/view/json-web-token User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.115 Safari/537.36 X-Requested-With:XMLHttpRequest
The browser uses Passport.js to add a Json Web Token as a cookie to each HTTP request. The cookie looks like this:
Cookie:wikiSession= exEQhq7uIsMBWfGBztL6hw. 1JXRycXmgb4QEdAa2g7GvgpjM6O5DTotbXCq9MhGnaIGuydAkeHEqVuB7E8WOA_P651NO8H00BENrVriOeRsUpQi_Sh3wa6B3rdePdRES7wO67yTHRObDuuaY93eqbTa0IhsdSL0UGi8NPOaXDq4BBmNcviWaqeSKrZQlXod89PUEEkvnuLqHC9v8Hb4WEE7eJRkYtXh0FmmOxKETOsS37iFDnPvbFYTYdauPFhajio. 1502003436359.604800000.nJA_6Bx8j5oqoOshSZsyboI5HmrWO8FyqUez86Mzc38
with each of the three parts separated by a period ".". If you base64decode these values i get something encrypted. Need to figure out what this is as then we can use the header to authenticate web services and trsnporters.