I set up the handler file for whenever there is an error on the server, I receive an email with the details.
So today I received an email with the following error:
array (3) {["message"] => string (0) "" ["file"] => string (104)
"/var/www/infochat/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/VerifyCsrfToken.php"
["line"] => int (71)}
I know what this error is, but the problem is that I do not know what caused it, what file or code it was responsible for.
I did not find anything in the logs (I may have seen the wrong log). Is there somewhere I can check to find out?
There is absolutely no way to tell which file sent it if that's the only thing youre getting from the error stack on your email.
I'd get a cup of coffee, fire up the IDE and start doing a "Find all" for "
Related
I'd like to know if there's an easy fix for this error that I'm getting while trying to add support for Google sign-in to my website, since I can only reproduce it while on a Laravel-based environment. Vanilla PHP applications do run just fine.
This is my relevant code:
if ($request->has('googleToken')) {
$client = new Google_Client(['client_id' => env('GOOGLE_PLATFORM_CLIENT_ID') ]);
$payload = $client->verifyIdToken($credentials['googleToken']);
if (!$payload) {
return response([ 'error' => 'Invalid token, please try using form-based authentication.' ], Response::HTTP_FAILED_DEPENDENCY);
}
$user['googleToken'] = $credentials['googleToken'];
}
I know I'm doing too relaxed validations, but please just focus on the fact that I'm just testing and I plan to change this code in the near future.
The code above, receives its data through an Axios PUT request from the frontend with the payload looking like this:
{
googleToken: "eyJhbGciOiJSUzI1NiIsImtpZCI6IjE5ZmUyYTdiNjc5NTIzOTYwNmNhMGE3NTA3OTRhN2JkOWZkOTU5NjEiLCJ0eXAiOiJKV1QifQ.eyJpc3MiOiJhY2NvdW50cy5nb29nbGUuY29tIiwiYXpwIjoiNTkyODkzNjE3ODYzLXRscDdvaDByaTk2dTZxZGxrOXYwbHAyanQyNDlkdDNsLmFwcHMuZ29vZ2xldXNlcmNvbnRlbnQuY29tIiwiYXVkIjoiNTkyODkzNjE3ODYzLXRscDdvaDByaTk2dTZxZGxrOXYwbHAyanQyNDlkdDNsLmFwcHMuZ29vZ2xldXNlcmNvbnRlbnQuY29tIiwic3ViIjoiMTE1NTg0MDg0NTE2OTMxOTQzODU..."
mailAddress: "user#mail.com"
}
The problem is that the payload would simply return false. I decided to try to investigate the issue, so I went to the definition of verifyIdToken contained within Google_Client and, from there, jumped over to the function that finally returns to its parent, which is verifyIdToken from the class Verify.
Inside of that class, there's a pretty loose try/catch block in which I decided to try adding a generic exception case so that I could quickly print the error message for debugging. I did, and this is the output I got:
OpenSSL unable to verify data: error:0909006C:PEM routines:get_name:no start line
This is what's failing internally, and from this point on, I don't really have an idea about how to proceed since the error feels very cryptic, or at least it's not in my field of knowledge.
The OpenSSL error you quoted indicates that your client was not able to read any/further PEM-encoded data. Refer to https://www.openssl.org/docs/man1.1.1/man3/PEM_read.html.
OpenSSL unable to verify data: error:0909006C:PEM routines:get_name:no start line
Here,
'PEM routines' represents the library within OpenSSL
'get_name' is the function
'no start line' is the reason
Is you client able to access the necessary certificates/keys?
The error message is "make sure this cross-domain message is being sent to the intended domain".
This check rule from RSPEC-2819
Authors should not use the wildcard keyword ( *) in the targetOrigin argument in messages that contain any confidential information, as otherwise there is no way to guarantee that the message is only delivered to the recipient to which it was intended.
I assume it demands * cannot be used as targetOrigin, But It still shows warning when I use intended domain as targetOrigin like below:
Please somebody can tell me how to pass this check,
Any help would be appreciated
This rule detects only if a method postMessage is invoked on an object with a name containing window in it. Source code: PostMessageCheck.java. To bypass it, just assign your contentWindow object into different one, like this:
var content = this.elem.contentWindow;
content.postMessage('your message', window.location.origin);
Have faced similar issue in sonarQube. Below fix worked. Just get rid of using window object using directly.
Actual code:
window.parent.postMessage("data", parenturl);
Fix:
var content=window;
content.parent.postMessage("data",parenturl);
I'm a bit new to laravel, but I'm experienced in Php.
In previous works, I set a mecanism that allowed me to be informed when nearly any problem occurred on the server:
I got full stack
precise PHP error messages
for nearly all king of errors
a mail sent to me
So when I began to work with laravel, I tried to do the same things, and achieved:
full stack
a mail sent to me
But I can't have meaningful error in all case. One example:
$store = Store::create(...)
In this line I forget to specify the namespace (\App\Store::create), and I get those error messages:
first:
FatalThrowableError ; Type error: Argument 1 passed to App\Http\Controllers\User::create() must be an instance of Illuminate\Http\Request, array given, called in /var/www/html/laravel/blog/app/Http/Controllers/User.php on line 94
second:
ErrorException ; Trying to get property of non-object in VerifyCsrfToken.php (line 156)
third:
FatalThrowableError ; Type error: Argument 1 passed to Illuminate\Session\Middleware\StartSession::addCookieToResponse() must be an instance of Symfony\Component\HttpFoundation\Response, array given, called in /var/www/html/laravel/blog/vendor/laravel/framework/src/Illuminate/Session/Middleware/StartSession.php on line 72
I understand that laravel is a complex framework but I can't figure why it produces this errors, and how I can have more useful errors (as as it is I can only know that "something is bad").
Has someone an idea ?
ยน There is some errors that Php prefers to keep to himself (in its logs) :-)
When you start a new Laravel project, error and exception handling is
already configured for you. The App\Exceptions\Handler class is where
all exceptions triggered by your application are logged and then
rendered back to the user.
https://laravel.com/docs/5.4/errors
I recommend you to dive into the official docs and into your App\Exceptions\Handler.
Maybe you are looking for report and render methods in that class.
I finally cornered the problem and I learned a lot.
I thank for their benevolence #Don't Panic and #Vitalmax !
The error was that I forgot that PHP namespaces are case insensitive: in my post I cleaned a bit the code as I knew that it didn't stick to the code's conventions (a controller's name must begin with a capital letter). Originally my controller name was user and the faulty code was:
$user = User::create(...)
As you can guess PHP believed that I wanted to call user::create (as I have such a method in my controller) and not User::create (as I wanted).
What I learned:
don't alter the code when asking for help
Laravel use a cache system that can get in the way of the debugging (see a question that I asked on laracast's forum )
take more time to read the error message; I know this rule but I keep doing otherwise
I'm using splunk-client to extract results from splunk. Here's the code:
query = "sourcetype=collection #{order_id}"
search = #splunk_client.search(query)
search.wait
The search is happening fine, and it seems like I'm doing everything according to the example (https://github.com/cbrito/splunk-client), but I get this error on the 'search.wait' line:
Undefined namespace prefix: //s:key[#name='isDone']
Any ideas what could be going wrong? Running these commands in irb works fine. Is there some sort of blocking issue?
There is currently very little error checking which occurs within the gem itself. The reason for the error is that wait looks for the status of the isDone key to change to true.
Since your credentials were not properly setup in the first place, the gem creates a search object with an invalid session. The search does not initially fail, because enough response came back from Splunk that Nokogiri processes it into an object without a Splunk search sid.
In the future I should likely raise an exception if a proper sid is not returned to avoid confusion.
Source: I wrote the gem.
I found out the issue -- the splunk client wasn't authenticating properly, and so search was actually a broken SplunkJob object (with a nil username and authentication key). It's strange that there was no error raised until the wait command, but upon inspecting the search object, one of the fields stated that the object was malformed.
Been playing around with Uploadify v3 for few days now and just came to realize some of the codes have been rewritten, for example, onError is no longer existed, I am assuming it's been replaced by onUploadError.
What i am trying to achieve is to be able to return non-compliance error to users either through putting a message in the div (preferred method) or alert.
Looking at the closest solution How to trigger uploadify onError event handler, but it's outdated as it's for v2.
Using the same method as the outdated post up there, I have $("#fileInput").uploadify() with onUploadError added:
'onUploadError' : function(file,errorCode,errorMsg) {
var r = '<br />ERROR: ';
switch(errorMsg) {
case 405:
r += 'Invalid file type.';
break;
case 406:
r += 'Some other error.';
break;
}
alert(r);
setTimeout('$("#fileInput'+ ID + 'span.data").html("'+r+'");',111);
}
The problems I am having right now are:
Alert returns undefined using the codes above
setTimeout doesn't do anything
How can you solve these problems?
Maybe it's a little too late... but anyway I try to answer.
I'm also playing around with v3 of uploadify. onError() does no longer exists, it has been replaced by onUploadError(). The erroror object given by the old onError event does no longer exists. Now to check for the type of error you can switch on the errorCode argument (the second given in the callback), which is numeric. I've not found a table with all possible error codes, but doing some trials I discovered the following three error codes:
-200: HTTP errors (e.g. HTTP 500, 400, 404, etc.)
-220: IO errors (e.g. connection closed without response from the server, or errors while rading the source file from the user's PC)
-280: don't have actually fully understood what kind of errors they are, but is seems to be errors gracefully handled by uploadify. For example, if you try to add to the queue a file that is already in the queue, uploadify ask you whether you want to replace the file that's currently enqueued, or cancel the operation. If you cancel, an error is fired with code -280.
To check for the specific type of error, for example to get the specific HTTP error code (in case the error is an http error), you can check the error message, which is the third argument. This argument is a string, not a number, so you cannot use a switch .. case as in your example (or at least it's not that simple to use a switch .. case with strings). Simply use an if .. else if .. else.
Hope this can help...
I'm still looking for a complete list of the possible error codes given in the errorCode argument of the event handler. If someone knows, please tell me!