Our QA build stays on the login page after adding the following lines of code. The website has a http URL. It is not SSL Enabled.
It always redirects to /AccountLogin/SignIn?ReturnUrl=/
builder.Services.AddSession(options =>
{
options.Cookie.HttpOnly = true;
options.Cookie.IsEssential = true;
options.Cookie.SecurePolicy = builder.Environment.IsDevelopment()
? CookieSecurePolicy.SameAsRequest
: CookieSecurePolicy.Always;
});
How do I troubleshoot this? When I point code to the QA environment, cookie policy is being set to 'SameAsRequest'. Can I somehow see this setting on a browser?
I tried to make our development environment point to http not ssl but I cannot reproduce this issue. I also tried to use the QA build environment and run our code. Either way I am able to login. It does not work when going to the QA build website. How do I know what is causing the problem?
After entering the credentials, it just stays on the sign page as if its not processing something
Related
I have a React (CRA) + Node JS application already deployed locally (using the create-react-app build script), I've implemented Google OAuth signin with passportjs and cookieSession for persistence.
The login works fine but there is a strange bug when I Logout and then try to log in again with google OAuth, it just redirects me to a blank page.
This is how I make the request to my google oauth endpoint:
window.open('https://localhost:3000/auth/google', "_self")
That endpoint then is taken by my API:
app.get('/auth/google', passport.authenticate('google', { scope: ['profile', 'email'] }));
Doing some troubleshooting it seemed at first the culprit were the cookies because when I delete the site data before trying to login again... then the login works just fine.
However if I delete the cookies only (through the storage panel -> cookies -> delete all, in firefox) the bug still persists, it only disappears when I delete the site data entirely.
Moreover, The second time I try to login the request don't event reach my server.
What I've alredy tried:
Wrapping my login button inside an anchor tag and setting the anchor's tag href to the endpoint url.
Creating an anchor tag and assigning an href with the endpoint url and then clicking that new element programmatically.
None of this worked, the issue still persists.
Fresh firefox profile: this is even weird, the bug appears the very first time I try to login with google in a newly created profile. Again I have to first click the clear cookies and site data button for it to work.
Incognito mode: The issue persists, again the first time I login it works but the second time it redirects me to a blank page and the request is not even reaching my server.
What could be the problem here?
The issue was the service worker that cames with the creat-react-app template, however I didn't want to disable it completely as I want my app to be a PWA, so the next best thing was to disable the service-worker caching specifically for the page from which the user initiates the Google login (the page where the google button is).
For this I had to install the sw-precache package which allows you to modify the default service-worker that came with the create-react-app template (as you cannot directly modify it).
Then you have to create a config file at the root of your project and add these lines, in this case I call it sw-precache-config.js:
module.exports = {
runtimeCaching: [
{
urlPattern: /<the route to ignore>/,
handler: 'networkOnly'
}
]
};
and then in the build script from your package json:
"build": "react-scripts build && sw-precache --config=sw-precache-config.js"
I'm a web developer and I use squid as a proxy, which I entered in firefox as the proxy server.
So when I enter http://www.example.com in firefox, I see the site on my local machine, by having configured squid accordingly.
Now problem is, that some of our customers have GBs of images, and it's a pain to load them all on my machine. So basically I want to use my offline webpage, but loading the images from the live server, so I don't have a broken site without images.
In order to do this I've tried to create a proxy.pac and configured it this way:
function FindProxyForURL(url, host) {
if (shExpMatch(url, "*.jpg")) {
return "DIRECT";
} else {
return "PROXY 192.168.178.31:3128; DIRECT";
}
}
Unfortunately it doesn't really work. What am I doing wrong, and how can I achieve my goal?
According to the Mozilla document on PAC files:
The path and query components of https:// URLs are stripped. In Chrome, you can disable this by setting PacHttpsUrlStrippingEnabled to false, in Firefox the preference is network.proxy.autoconfig_url.include_path.
What this means is when you enter a url such as https://www.example.com/image.jpg, what gets passed to the PAC script is the url https://www.example.com. As a result, you're never going to enter the first condition of your if statement.
In Firefox, you can change this by going to the about:config page and setting network.proxy.autoconfig_url.include_path to true.
The main problem about Access-Control-Allow-Origin I think. But when I configure the Web API project as defined in the given documentation, it still not working in chrome and firefox but working in IE well (it is about IE thinks localhost is not cross domain, AFAIK). I tried different ways to make it work but no result.
I put the example project to github repository. Project is very simple. There are two applications working on cross domains. It is very simple chat application like in signalr examples.
You must change the value of api host in client javascript file:
https://github.com/yusufuzun/WebApiSignalR/blob/master/ChatApp/Scripts/app/chat.js#L2
When you open the Chat page in mvc project, there will be two requests to api application
1- Regular ajax request (which is working fine)
2- Signalr negotiate request (cancelled)
And also I don't think browser disables the CORS because of if it disables there would not be an hit to server. So I think it is about browser but not about browser disables (something else).
Details are in repository
Readme: https://github.com/yusufuzun/WebApiSignalR/blob/master/README.md
Fiddler Results: https://github.com/yusufuzun/WebApiSignalR/blob/master/FiddlerResults
The bad part about it also is server returning 500 with this error:
System.InvalidOperationException: 'chat' Hub could not be resolved.
Which hub name is chat also.
https://github.com/yusufuzun/WebApiSignalR/blob/master/ChatApi/Hubs/ChatHub.cs#L10
You can enable CORS for Web Api in project with different ways for test purposes. Each one is giving different errors all about XMLHttpRequest Access-Control-Allow-Origin.
I commented them, so you can uncomment and make test for each one:
https://github.com/yusufuzun/WebApiSignalR/blob/master/ChatApi/Global.asax.cs#L24
https://github.com/yusufuzun/WebApiSignalR/blob/master/ChatApi/App_Start/WebApiConfig.cs#L14
https://github.com/yusufuzun/WebApiSignalR/blob/master/ChatApi/App_Start/WebApiConfig.cs#L16
https://github.com/yusufuzun/WebApiSignalR/blob/master/ChatApi/Controllers/ChatController.cs#L17
So what is going on here?
After I talked with David Fowler in JabbR, he mentioned the thing about using CORS with SignalR. My signalr startup code was wrong. So after changing the startup code like in his advice it worked well.
He also mentioned SignalR and Web API are working with different CORS definitions. So enabling or disabling one doesn't affect other.
Here is the new startup code:
app.Map("/signalr", map =>
{
map.UseCors(CorsOptions.AllowAll);
map.RunSignalR(new HubConfiguration()
{
EnableDetailedErrors = true,
EnableJavaScriptProxies = true
});
});
The old one:
app.MapSignalR(new HubConfiguration()
{
EnableDetailedErrors = true,
EnableJavaScriptProxies = true
}).UseCors(CorsOptions.AllowAll);
Hope it helps to somebody out there.
I'm trying to get my MVC3 site to redirect from HTTPS back to HTTP when the user browses to a page where it's not required (and they aren't logged in). I Don't want to have the load of running the whole site HTTPS but it's looking like thats the way I'll have to go.
I've been having loads of trouble with remote debug and symbols, but having gone back in time to 1985 and using message box equivalents to debug with I've come to the following conclusion:
if (filterContext.ActionDescriptor
.GetCustomAttributes(typeof(RequireHttpsAttribute), true)
.Any()
)
{
return true;
}
return false;
Always returns false.
The controller def starts as:
[FilterIP(
ConfigurationKeyAllowedSingleIPs = "AllowedAdminSingleIPs",
ConfigurationKeyAllowedMaskedIPs = "AllowedAdminMaskedIPs",
ConfigurationKeyDeniedSingleIPs = "DeniedAdminSingleIPs",
ConfigurationKeyDeniedMaskedIPs = "DeniedAdminMaskedIPs"
)]
[RequireHttps]
public class AccountController : Controller
{
And it doesn't seem to work for any actions in this controller (although they do get successfully routed to SSL).
Any suggestions? I'd love to see an answer for what I perceive as my own nubery ;)
Custom NotRequreHttpsAttribute tutorial
I use the above link post to implement my custom attribute, and redirect from https to http. Hope this helps.
My problem was discovered to be related to the bindings on the server published to. We use the same server for stage and production, and the stage https bindings were not set, so whenever it was calling an https page it was resolving into our production site (which looked the same so it was hard to spot).
Once I added a binding it was all solved. My code was ok...
need some advice/help here.
I just started using the Recaptcha library of ASP.NET from this link
I've followed the simple guide on that page and it worked well with localhost deployment and development.
However, after I moved the same simple page with Recaptcha to my company's server to test the page out, I hit the below exception when trying to validate the recaptcha word.
The operation has timed out
I suspect it has something to do with SSL but my company's website
that I browse, isn't using https, it is just http. I have tried both
methods, having the recaptcha to set OverrideSecureMode to "true" - it
didn't work, set it to false, it didn't work as well (such as below)
<recaptcha:RecaptchaControl
ID="recaptchaControl1" runat="server"
OverrideSecureMode="True"
PublicKey="My_Public_Key"
PrivateKey="My_Private_Key"
/>
My code behind, I'm just using a simple button to invoke and display a
text which work on localhost in Visual Studio:-
if (Page.IsValid)
{
// do the stuff
}
else
// show the error message from recaptcha
What can I do to fix this issue?? Please help.
Sounds like a problem with firewall settings on your company servers. reCAPTCHA requires port 80 outbound (not inbound) to Google servers.