Well, while I develop an admin page for test,
a weird problem occurred in Microsoft Edge.
Here's part of source code to fetch response from server of loginCtrl.js
$http({
method: 'POST',
url: Define.apiUrl + 'admin/login',
data: {
user_id: $scope.login_email,
password: $scope.login_password
}
})
.then(function (response) {
if (response.data.success) {
$cookieStore.put(Define.userInfo, response.data.info);
$cookieStore.put(Define.userToken, response.data.token);
}
}, function (data) {
console.log('errors!');
console.log(data);
});
This works well in Chrome and IE
But in Microsoft Edge, This returns error like below
data = null
status = -1
statusText = ""
and below are each status of related files.
# loginCtrl.js
## Chrome response status
Accept-Ranges:bytes
Cache-Control:public, max-age=0
Connection:keep-alive
Content-Length:1877
Content-Type:application/javascript
Date:Fri, 18 Aug 2017 04:06:49 GMT
ETag:W/"755-15df385a23e"
Last-Modified:Fri, 18 Aug 2017 04:06:47 GMT
## Chrome request status
Accept:'*/*'
Accept-Encoding:gzip, deflate, br
Accept-Language:ko-KR,ko;q=0.8,en-US;q=0.6,en;q=0.4
Connection:keep-alive
Host:localhost:9000
If-Modified-Since:Fri, 18 Aug 2017 02:51:00 GMT
If-None-Match:W/"6f5-15df340413d"
Referer:http://localhost:9000/
User-Agent:Mozilla/5.0 (Windows NT 10.0; Win64; x64)
AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/60.0.3112.101 Safari/537.36
## Edge response status
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Connection: keep-alive
Content-Length: 1807
Content-Type: application/javascript
Date: Fri, 18 Aug 2017 02:06:14 GMT
ETag: W/"70f-15df3173adf"
Last-Modified: Fri, 18 Aug 2017 02:06:12 GMT
## Edge request status
Accept: application/javascript, '*/*'; q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: ko-KR
Connection: Keep-Alive
Host: localhost:9000
Referer: http://localhost:9000/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64)
AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
I wonder why only Edge cannot get right responses.
I tried to make headers like 'Content-Type', 'Cache-Control' or add config like cache : false.
But these couldn't fix this problem.
Did I miss something??
Plz any handsome or pretty programmer save me
I've tried to find solution of this, and finally I got one.
Some answers suggested adding tags like
<meta http-equiv="Cache-Control" content="no-cache" />
<meta http-equiv="Pragma" content="no-cache" />
<meta http-equiv="Expires" content="Mon, 26 Jul 1997 05:00:00 GMT" />
or adding code into config like
$httpProvider.defaults.headers.get['If-Modified-Since'] = 'Mon, 26 Jul 1997 05:00:00 GMT';
// extra
$httpProvider.defaults.headers.get['Cache-Control'] = 'no-cache';
$httpProvider.defaults.headers.get['Pragma'] = 'no-cache';
but these couldn't solve this.
Finally I saw one answer said this may occurred by a kind of policy handling caches in Edge.
This may occur when I use local server to send requests or get responses.
And it will gonna disappear when test on other server not on local.
Actually, I'm still using local server, so I don't know whether this work or not.
Related
I'm relatively new to CakePHP (v3.7). I have an application in which I'm getting a "Missing Csrf Token Cookie" error.
In Application.php, I have:
$options = []; // I'm fine with the default options.
$csrf = new CsrfProtectionMiddleware($options);
$middlewareQueue->add($csrf);
The form page has a hidden form element with the _csrfToken in it.
I'm confused as to why it's not being found on the POST?
Digging further, I found that in CsrfProtectionMiddleware.php, the _validateToken() function below behaves as follows:
$cookies is null (there are no cookies set.)
thus, $cookie is null.
$post actually contains the content of the _csrfToken parameter from the hidden parameter on the page. However the function never looks at it. Because $cookie is null,
the if(!$cookie) statement causes an InvalidCsrfTokenException to be thrown.
protected function _validateToken(ServerRequest $request)
{
$cookies = $request->getCookieParams();
$cookie = Hash::get($cookies, $this->_config['cookieName']);
$post = Hash::get($request->getParsedBody(), $this->_config['field']);
$header = $request->getHeaderLine('X-CSRF-Token');
if (!$cookie) {
throw new InvalidCsrfTokenException(__d('cake', 'Missing CSRF token cookie'));
}
if (!Security::constantEquals($post, $cookie) && !Security::constantEquals($header, $cookie)) {
throw new InvalidCsrfTokenException(__d('cake', 'CSRF token mismatch.'));
}
}
}
Obviously, the middleware is expecting an actual cookie, in addition to a hidden parameter. Where is this cookie set (or supposed to be set?)
Update:
I checked on the browser side. The cookie is being set, but the browser isn't returning it on the POST request.
Here's CakePHP's RESPONSE to the original GET request to populate the page:
Connection: Keep-Alive
Content-Length: 3013
Content-Type: text/html; charset=UTF-8
Date: Wed, 08 May 2019 23:07:31 GMT
Keep-Alive: timeout=5, max=100
Server: Apache/2.4.33 (Unix) PHP/7.1.1
Set-Cookie: csrfToken=b553dd2e06e57f6d514ee41a120e1c60084adafddfbaa6f72db1f7f590fcf50143876ac817d29d6f1cf9a786031d6235ba21e265b9d3b2a0ee4535854f048b66; path=/webroot/
X-Powered-By: PHP/7.1.1
Note the csrfToken cookie.
... and here's the POST that the browser sends back with the form data
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 184
Content-Type: application/x-www-form-urlencoded
DNT: 1
Host: *************
Origin: ****************
Pragma: no-cache
Referer: ***************
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.131 Safari/537.36
Query String Parameters
redirect: /Users/login
Form Data
_method: POST
_csrfToken: b553dd2e06e57f6d514ee41a120e1c60084adafddfbaa6f72db1f7f590fcf50143876ac817d29d6f1cf9a786031d6235ba21e265b9d3b2a0ee4535854f048b66
username: xxxxxxxxxx
password: xxxxxxxxxx
Note that it's sending back the hidden form parameter _csrfToken, but NOT the cookie.
Thanks for any help...
This turned out to be a problem with the DOCUMENT_ROOT directory setting in Apache. It was set to the parent directory of webroot, instead of to webroot itself. When I changed it everything worked.
I'm trying to PUT an event on iCloud calendar using CalDav. After several proper requests and responses and getting the user principal and calendars, when i try to PUT an event, the server returns Unauthorized error.
Here's the network log from fiddler:
Request:
OPTIONS https://p49-caldav.icloud.com/ HTTP/1.1
Authorization: Basic XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.2 (KHTML, like Gecko) Chrome/15.0.874.121 Safari/535.2
Host: p49-caldav.icloud.com
Content-Length: 0
Connection: Keep-Alive
Response:
HTTP/1.1 200 OK
Server: AppleHttpServer/1.9.12/0643601
Date: Sat, 16 Jul 2016 15:38:55 GMT
Content-Type: text/plain; charset=UTF-8
Content-Length: 0
Connection: keep-alive
X-Apple-Jingle-Correlation-Key: X27XPFLXYFCYHGGADAAWWCKMJE
apple-seq: 0
apple-tk: false
X-Responding-Instance: caldavj:44900101:pv42p49ic-zteg05101201:8501:16D67:82b3920
Allow: ACL, COPY, DELETE, GET, HEAD, LOCK, MKCOL, MOVE, OPTIONS, PROPFIND, PROPPATCH, PUT, REPORT, UNLOCK
DAV: 1, access-control, calendar-access, calendar-schedule, calendar-auto-schedule, calendar-managed-attachments, calendarserver-sharing, calendarserver-subscribed, calendarserver-home-sync
X-Accept-Client-Encoding: gzip
Strict-Transport-Security: max-age=31536000; includeSubDomains
via: icloudedge:br30p01ic-ztde01120601:7401:16D44:Berlin
X-Apple-Request-UUID: bebf7795-77c1-4583-98c0-18016b094c49
X-Apple-Xrail: false
access-control-expose-headers: X-Apple-Request-UUID
access-control-expose-headers: Via
Request:
PROPFIND https://p49-caldav.icloud.com/ HTTP/1.1
Authorization: Basic XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.2 (KHTML, like Gecko) Chrome/15.0.874.121 Safari/535.2
Depth: 0
Host: p49-caldav.icloud.com
Content-Type: text/xml
Content-Length: 89
<propfind xmlns="DAV:">
<prop>
<current-user-principal />
</prop>
</propfind>
Response:
HTTP/1.1 207 Multi-Status
Server: AppleHttpServer/1.9.12/0643601
Date: Sat, 16 Jul 2016 15:38:55 GMT
Content-Type: text/xml
Content-Length: 350
Connection: keep-alive
ETag: "B40001-1B000-578A54FB"
Last-Modified: Sat, 16 Jul 2016 15:38:35 GMT
DAV: 1, access-control, calendar-access, calendar-schedule, calendar-auto-schedule, calendar-managed-attachments, calendarserver-sharing, calendarserver-subscribed, calendarserver-home-sync
Accept-Ranges: bytes
X-Responding-Server: pv42p49ic-zteg04102301 21 a63660a6f7d1a25b5a7ed66dab0da843
X-Transaction-Id: b8d02729-1bcd-4df1-a1ce-3c2a545ed3f0
Vary: accept-encoding
Strict-Transport-Security: max-age=31536000; includeSubDomains
via: icloudedge:br30p01ic-ztde01120601:7401:16D44:Berlin
X-Apple-Request-UUID: b8d02729-1bcd-4df1-a1ce-3c2a545ed3f0
X-Apple-Xrail: false
access-control-expose-headers: X-Apple-Request-UUID
access-control-expose-headers: Via
<?xml version='1.0' encoding='UTF-8'?>
<multistatus xmlns='DAV:'>
<response>
<href>/</href>
<propstat>
<prop>
<current-user-principal>
<href>/10430699202/principal/</href>
</current-user-principal>
</prop>
<status>HTTP/1.1 200 OK</status>
</propstat>
</response>
</multistatus>
Request:
PROPFIND https://p49-caldav.icloud.com/10430699202/principal/ HTTP/1.1
Authorization: Basic XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.2 (KHTML, like Gecko) Chrome/15.0.874.121 Safari/535.2
Depth: 0
Host: p49-caldav.icloud.com
Content-Type: text/xml
Content-Length: 122
<propfind xmlns="DAV:">
<prop>
<calendar-home-set xmlns="urn:ietf:params:xml:ns:caldav" />
</prop>
</propfind>
Response:
HTTP/1.1 207 Multi-Status
Server: AppleHttpServer/1.9.12/0643601
Date: Sat, 16 Jul 2016 15:38:56 GMT
Content-Type: text/xml
Content-Length: 446
Connection: keep-alive
DAV: 1, access-control, calendar-access, calendar-schedule, calendar-auto-schedule, calendar-managed-attachments, calendarserver-sharing, calendarserver-subscribed, calendarserver-home-sync
Accept-Ranges: bytes
X-Responding-Server: pv42p49ic-zteg04102001 22 a63660a6f7d1a25b5a7ed66dab0da843
X-Transaction-Id: 9b4aa58d-69d9-4e82-bd90-48380b1650cc
Vary: accept-encoding
Strict-Transport-Security: max-age=31536000; includeSubDomains
via: icloudedge:br30p01ic-ztde01120601:7401:16D44:Berlin
X-Apple-Request-UUID: 9b4aa58d-69d9-4e82-bd90-48380b1650cc
X-Apple-Xrail: false
access-control-expose-headers: X-Apple-Request-UUID
access-control-expose-headers: Via
<?xml version='1.0' encoding='UTF-8'?>
<multistatus xmlns='DAV:'>
<response>
<href>/10430699202/principal/</href>
<propstat>
<prop>
<calendar-home-set xmlns='urn:ietf:params:xml:ns:caldav'>
<href xmlns='DAV:'>https://p49-caldav.icloud.com:443/10430699202/calendars/</href>
</calendar-home-set>
</prop>
<status>HTTP/1.1 200 OK</status>
</propstat>
</response>
</multistatus>
Request:
PUT https://p49-caldav.icloud.com/10430699202/calendars/ee451a47-c242-40c1-b295-4f1251a5d0cd.ics HTTP/1.1
Authorization: Basic XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.2 (KHTML, like Gecko) Chrome/15.0.874.121 Safari/535.2
Host: p49-caldav.icloud.com
If-None-Match: *
Content-Type: text/calendar
Content-Length: 302
BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//tracky/iCal//FUBU v1.0//EN
BEGIN:VEVENT
UID:ee451a47-c242-40c1-b295-4f1251a5d0cd
DESCRIPTION:
DTEND:20160716T202635
DTSTAMP:20160716T155652Z
DTSTART:20160716T202635
LAST-MODIFIED:20160716T155652Z
SEQUENCE:1468684613
SUMMARY:
END:VEVENT
END:VCALENDAR
Response:
HTTP/1.1 301 Moved Permanently
Server: AppleHttpServer/1.9.12/0643601
Date: Sat, 16 Jul 2016 15:56:53 GMT
Content-Type: text/html;charset=utf-8
Content-Length: 216
Connection: keep-alive
Location: https://p49-caldav.icloud.com/10430699202/calendars/ee451a47-c242-40c1-b295-4f1251a5d0cd.ics/
X-Responding-Server: pv42p49ic-zteg04092901 6 a63660a6f7d1a25b5a7ed66dab0da843
X-Transaction-Id: e537a470-ddf6-4a8f-a059-580d52075840
Strict-Transport-Security: max-age=31536000; includeSubDomains
via: icloudedge:br30p01ic-ztde01130201:7401:16D44:Berlin
X-Apple-Request-UUID: e537a470-ddf6-4a8f-a059-580d52075840
X-Apple-Xrail: false
access-control-expose-headers: X-Apple-Request-UUID
access-control-expose-headers: Via
<html><head><title>Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>Document moved to https://p49-caldav.icloud.com/10430699202/calendars/ee451a47-c242-40c1-b295-4f1251a5d0cd.ics/.</p></body></html>
The server redirects me and removes the authorization header causing the unauthorized error:
PUT https://p49-caldav.icloud.com/10430699202/calendars/ee451a47-c242-40c1-b295-4f1251a5d0cd.ics/ HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.2 (KHTML, like Gecko) Chrome/15.0.874.121 Safari/535.2
If-None-Match: *
Content-Type: text/calendar
Host: p49-caldav.icloud.com
Content-Length: 302
BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//tracky/iCal//FUBU v1.0//EN
BEGIN:VEVENT
UID:ee451a47-c242-40c1-b295-4f1251a5d0cd
DESCRIPTION:
DTEND:20160716T202635
DTSTAMP:20160716T155652Z
DTSTART:20160716T202635
LAST-MODIFIED:20160716T155652Z
SEQUENCE:1468684613
SUMMARY:
END:VEVENT
END:VCALENDAR
Response:
HTTP/1.1 401 Unauthorized
Server: AppleHttpServer/1.9.12/0643601
Date: Sat, 16 Jul 2016 15:56:53 GMT
Content-Type: text/html;charset=utf-8
Content-Length: 141
Connection: keep-alive
WWW-Authenticate: x-mobileme-authtoken realm="MMCalDav"
WWW-Authenticate: basic realm="MMCalDav"
X-Responding-Server: pv42p49ic-zteg05101701 1 a63660a6f7d1a25b5a7ed66dab0da843
X-Transaction-Id: 25cf8cf5-3c86-4c11-915f-f51ee9c79c86
Strict-Transport-Security: max-age=31536000; includeSubDomains
via: icloudedge:br30p01ic-ztde01130201:7401:16D44:Berlin
X-Apple-Request-UUID: 25cf8cf5-3c86-4c11-915f-f51ee9c79c86
X-Apple-Xrail: false
access-control-expose-headers: X-Apple-Request-UUID
access-control-expose-headers: Via
<html><head><title>Unauthorized</title></head><body><h1>Unauthorized</h1><p>You are not authorized to access this resource.</p></body></html>
When I targeted the redirecting URL encountered another error:
<html><head><title>Conflict</title></head><body><h1>Conflict</h1><p>cannot PUT to non-existent parent</p></body></html>
What am I doing wrong?
You are trying to PUT an event into the calendar homeset collection:
PUT https://p49-caldav.icloud.com
/10430699202 # user scope
/calendars # calendar home
/??? # calendar
/ee451a47-c242-40c1-b295-4f1251a5d0cd.ics # event
A calendar homeset contains calendars, not events. So the next step is selecting the calendar you want to put your event into (e.g. the default calendar).
You can list the available calendars (and todo lists) with another PROPFIND Depth:1 on the homeset.
We are battling trying to get html5mode working with AngularJs, the last hurdle is to recreate the courtesy redirect that IIS does as such:
Request
GET http://localhost/foo HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
Host: ws7-agentry2
IIS Response
HTTP/1.1 301 Moved Permanently
Content-Type: text/html; charset=UTF-8
Location: http://localhost/foo/
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Fri, 18 Jul 2014 17:09:20 GMT
Content-Length: 147
<head><title>Document Moved</title></head>
<body><h1>Object Moved</h1>This document may be found here</body>
The issue is that regardless of the request containing a trailing slash or not, the request object in the Nancy pipeline is identical. Since we can not differentiate between the two, we can not return a redirect without causing an infinite loop of redirects. We have tried to use url rewrites to accomplish this but to no avail, ideally I would like to get the raw url.
thanks in advance
In case anyone else needs to achieve the same results, which is to get html5mode working with IE9 & NancyFx, had to build a httpmodule as this article shows though I believe the title is wrong:
public class CourtesyRedirectModule : IHttpModule {
public void Dispose() {}
public void Init(HttpApplication context) {
context.BeginRequest += context_BeginRequest;
}
private void context_BeginRequest(object sender, EventArgs e) {
if (HttpContext.Current.Request.Url.PathAndQuery.Equals(HttpContext.Current.Request.ApplicationPath))
HttpContext.Current.Response.Redirect(HttpContext.Current.Request.ApplicationPath + "/");
}
}
I have an issue with my ZF2 based application and Backbone at frontend. Somewhere at frontent I run
this.model.save({
city_id: parseInt( this.$el.find( '#city_id' ).val() ),
from: this.$el.find( '#from' ).val(),
to: this.$el.find( '#to' ).val(),
price: parseInt( this.$el.find( '#price' ).val() )
});
I turn on my Chrome sniffer and see the request details:
PUT /account/trip/2 HTTP/1.1
Host: jamydays.ru
Connection: keep-alive
Content-Length: 186
Accept: application/json, text/javascript, */*; q=0.01
Origin: http://jamydays.ru
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_5) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.65 Safari/537.31
Content-Type: application/json
Referer: http://jamydays.ru/account
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=pekjbefmi1jn01q5fgm4gu6jk0; _ym_visorc=w
And request payload is:
{"from_formatted":"10 маÑ","to_formatted":"19 маÑ","url":"/account/trip","id":2,"city_id":65170,"city":"Baardheere","from":"10-05-2013","to":"19-05-2013","price":500,"is_active":1}
Conroller used to handle this request runs appropriate action:
class TripController extends AbstractRestfulController{
...
public function update( $id, $data ){ var_dump( $id, $data );exit(); }
...
}
My trouble is that I see in result this:
string(1) "2"
array(1) {
["{"from_formatted":"10_мая","to_formatted":"19_мая","url":"/account/trip","id":2,"city_id":65170,"city":"Baardheere","from":"10-05-2013","to":"19-05-2013","price":500,"is_active":1}"]=>
string(0) ""
}
Here we see that id parsed good, but all data fall into key of some strange array. Now I am retrieving data from this key, but guess this is bad way. Could anybody help me to figure out how to make controller parse data appropriate.
UPDATE
Well it seems the solution is just to update ZF2 to 2.2 stable version.
Question is solved. If you face the same trouble just update your ZF2 to 2.2 stable version or later.
I have an AngularJS app that parses HTML which largely comes from emails. In some cases data-bind-html will throw a Parse Error but not all cases. I've been unable to determine why.
Does anyone know some types of tokens or syntax that can cause the error?
Here's a sample of a file which trips it up:
,
I received the following error message...:
------------------------------------------------------------------------ The server encountered an unexpected condition that prevented it from
fulfilling the request.
HTTP_Status = 500 (Internal Server Error)
URL =
----------------------------------------- Request Headers
----------------------------------------- POST /ss/servlet/FooServlet/ HTTP/1.1 Accept: Accept: / Host: mydomain.org Content-Length: 141
User-Agent: FooBar/2.1.94 Pragma: no-cache Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded; charset="utf-8"
Connection: Keep-Alive Cookie:
BIGipServerpool_cookie_apps_ss_8188=rd860o00000000000000000000ffff0a0ad0aco8188;
JSESSIONID=5215F941A173B6127E9A95B3E99E3A74
----------------------------------------- Response Headers
----------------------------------------- HTTP/1.1 500 Internal Server Error Server: Apache-Coyote/1.1 Set-Cookie:
JSESSIONID=A9B7C98E5359D961DC8958F87CCCF49E; Path=/ss
Content-Disposition: attachment; filename="spreadsheet.csv"
Content-Description: spreadsheet.csv Content-Transfer-Encoding: binary
Content-Type: application/csv;charset=ISO-8859-1 Transfer-Encoding:
chunked Date: Wed, 06 Mar 2013 18:46:19 GMT Connection: close
-------------...
Emails can contain a lot of arbitrary encoding and invalid HTML, such as <email#domain.com>. To eliminate the Parse Errors I've implemented my own filter which takes effect before it goes through ngSanitize/bind-html.
ng-bind-html="obj.emailContent | sanitizeEmail"
myModule.filter('sanitizeEmail', function() {
return function(input) {
return input.replace(/<[\w-]*\.[\w-]*>/g, '').replace(/<[\w\.\$-]+[\:#].*>/g, '');
};
});