I am working on an Angular project on a SharePoint 2013 site. When using the console window in IE 11, I see 75 warnings like this:
SEC7132: The certificate protecting this web site uses weak cryptography,
SHA1. The web site should replace this certificate with a SHA2 certificate
before SHA1 is no longer allowed.
Now, please accept the premise that I have no control over my admins and I cannot force them to fix the certificate. I can't make the SOURCE of this warning go away.
I know I can disable showing all warnings. But I can't assume that my code will only generate errors, I will still have some warnings I want to see. How can I suppress a specific warning in the console?
You cannot. It has nothing to do with your code. It is Internet Explorer telling you on each request that the web server certificate using for the SharePoint zone you are hitting (IIS website) is using an obsolete and insecure algorithm. So best thing you can do, is make your admins aware they have some work to do :)
https://technet.microsoft.com/en-us/library/security/4010323.aspx
Related
I run Google Ads on my Google-App-Engine-hosted website (www.bigriddles.com), and they tell me I need to have an "ads.txt" file served from the root domain (i.e. http://bigriddles.com/ads.txt, as opposed to http://www.bigriddles.com/ads.txt).
My DNS is hosted on Gandi, and I created their "ALIAS" record (which I think just does CNAME flattening or something similar) to alias "bigriddles.com" to "ghs.googlehosted.com." I chose "ghs.googlehosted.com" because that's what I CNAMEd "www.bigriddles.com" to (many years back), and that CNAME has been working fine.
However, now when I visit "bigriddles.com", I get an "HTTP 301 Moved" to "www.bigriddles.com", and as far as I can tell, this response isn't coming from any code I wrote (I've looked through my code and don't see anything that would redirect this). Furthermore, there is a "Server: ghs" header in the response from "bigriddles.com", whereas if I visit "www.bigriddles.com", which works fine, the response includes the header "Server: Google Frontend". I'm not sure if there is some hint of my problem in the difference between those two Server headers.
Anyway, I'm not sure exactly what's going wrong. It could be a DNS issue. I say this because "dig www.bigriddles.com" comes back with the IP 172.217.14.115, whereas "dig bigriddles.com" comes back with "172.217.168.211", so maybe one of these really is a "ghs" server and the other is a "Google Frontend" server (I'm not sure the difference) and this "ALIAS" DNS solution just isn't going to work.
More likely though I feel like maybe there is just some settings problem with my App itself where it's not set up to allow the apex domain "bigriddles.com", and if I change that setting it will start working?
I have gone through the steps on https://cloud.google.com/appengine/docs/standard/python/mapping-custom-domains. When I view the "Custom Domains" for my project, I see "www.bigriddles.com" and "m.bigriddles.com", but I don't see the naked domain "bigriddles.com". However, when I try to add it on that page, it tells me that "bigriddles.com" is already mapped to a project, so I'm not sure what to make of that.
Any help would be appreciated, thank you!
This seems like an issue with your domain provider.
You can use this tool that might help you contact the domain provider with detailed info.
If they insist it's not an issue on their side (I strongly believe it is), then you should contact Google Cloud Platform Support so a deeper inspection can be made on your project.
If you're also using G Suites for your domain, the criminal is G Suites' Domain -> Redirect. If it is, it's a pity that Google does not let us turn off the so-called feature.
Since G Suites use as the same entry point as App Engine, you have no chance to solve this other than moving your site outside Google services or stop using G Suite.
I'm creating a VS Code extension with a webview that contains a React application. In the React code, I'm making a GET request to a REST API, but it keeps failing due to the following error:
Failed to load resource: net::ERR_CERT_AUTHORITY_INVALID
Any ideas on why this may be happening or a workaround? Maybe this is a restriction of webviews?
If I make the call in the extension code, it works fine.
I upgrade the version of my browser to the latest and it worked me.
find this below given link to know how to update browser version.
https://www.computerhope.com/issues/ch001388.htm
Assuming that you get this error about the certificate of the remote side (the one serving the REST API), you get this error because of one of the following:
the authority that signed the certificate is not recognized on the client side (ie : the authority is not installed on your PC)
the certificate has expired
your PC has a wrong date
You can correct the above, or as a workaround you can (depending on your tools) explicitly ignore the untrusted remote certificate. But this workaround should remain for test purpose only, as it is a security breach.
I just downloaded the latest version of xCode (9.0 beta (9M136h)).
However, when I try to make a request to my server in iOS 11 simulator (Using NSURLConnection sendAsynchronousRequest), an error is received:
NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9807)
NSURLConnection finished with error - code -1202
NSError object contains the message - #"NSLocalizedDescription" : #"The certificate for this server is invalid. You might be connecting to a server that is pretending to be “***” which could put your confidential information at risk."
The plist contains:
<key>NSAppTransportSecurity</key>
<dict>
<key>NSAllowsArbitraryLoads</key>
<true/>
</dict>
so it is not the problem in this case (I guess)
Needless to say that it is working in iOS 10/9/8
Any suggestions?
Thanks in advance!
You need to allow your application to run HTTP (no S) connections. By default, Apple only allows HTTPS:
go to your info.plist
then press the plus icon on any of them
Search for "App Transport Security Settings"
click the little arrow to the left and find "Allow arbitrary loads", by default it is set to "NO" change it to "YES"
For all of you who get this error in iOS 11, please make sure you're working against valid (secured) certificate in your server.
In our case, the certificate wasn't strict enough.
Once our server guy integrated new valid certificate, the problem has gone.
One way to check if the certificate is secured, is to past the problematic link in the browser.
As a result, you might see that the connection is not secured:
Since you've got an invalid certificate error, I'll make the following suggestion based on my personal security practice.
If you're still in your servicing terms with your CA, ask them to issue a new valid certificate for you.
Check your Keychain setting and make sure no CA cert is missing.
Alternatively, you can issue your own self-signed certificate for testing purposes, and add it to your local Keychain as trust anchor. A search for "how to create self-signed x509 certificate" will return something you might find useful.
I have links which are pointing to a javascript method. The javascript method call some ajax logic and decides which file to download. If i add my site URL into trusted sites clicking on these links shows up a yellow bar as a warning which then allows me to download the file. Can anyone suggest how to avoid that yellow bar. Or whats the reason behind it.
You have to change it to a custom setting, even trusted sites disables automatic download. Look in the security settings under Download -> Automatic prompting for file downloads, and change it to Enable. Disable means you get the bar. Changing the security level to Low also does this.
It's a security mechanism to prevent unexpected drive-by downloads in sites, even trusted ones.
I'm working on a Windows Phone 7 application that makes a REST service call. The third party that hosts the web services has an invalid certificate in the current environment. When I hit the URL in Firefox, I get a warning about the cert and I am asked if I want to continue. I'm also using the Poster FF extension to test the call. It works with Poster if I first accept the invalid cert in Firefox. If I don't, then POSTER wont make the request.
In my WP7 Emulator, I can't make the request at all. I get a 404 at the EndGetResponse method. I making the same request as in Poster, so I know there is nothing wrong with the request. I have successfully hit another web service using the same code (no certs involved), so I don't think it's the code. The only thing I can think of is that WP7 doesn't allow requests to an invalid cert. Has anyone had experience with this situation? Is there any way around it?
Is there a way I can tell my app to accept all communication, even if there is an invalid cert?
There is sadly no way to do this on the phone. Ordinarily, i.e. on the desktop this simple line of code will disable certificate checking.
System.Net.ServicePointManager.ServerCertificateValidationCallback = (se, cert, chain, sslError) => { return true; };
If you look at the ServicePointManager on the phone, there's no callback to hook into. It's a massive pain in the arrrrse.
Have you considered writing to the service owner and asking why they're being bad internet citizens? (essentially, what you're seeing here is web security in action, for better or worse)
As Matt says, you might be able to code a simple relay on a web server. It doesn't have to be a special service, but maybe just a web page that does the call for you and spits out RAW text or XML. Your phone client just GETs this page and picks through the response manually.
Where there's a will there's a way.
Luke
You need to install the root CA cert of the issuing party on the phone.
You can do this by emailing the RootCA to the user of the phone. They click on the attachement and it will prompt them to ask if they want to install the certificate on the phone.
Once you have done that your requests should go through.
I dont believe there is a way to do this programatically in your app however.
I'm not aware of a way to install additional certificates on the phone.
In this situation I'd create a proxy service between your app and the 3rd party site and have your app call that. If you need to, you could put the proxy behind a valid cert.