This is a weird problem and I apologize beforehand that I may not give enough details:
We have a pretty standard Angular app that needs to access an API on a different (sub-)domain, using CORS. Everything works perfectly fine on Chrome and Firefox. We also got it working on IE >=9.
Unfortunately, some of our customers need to access our public website from within their company intranet. In this case, using IE, only a couple API requests go through. Chrome and Firefox cause no problems.
They can create a sessionThey get the result of a second GET requestBut the third request fails
In the console, we see an Access Denied message caused by a GET request.
**AND**: When they reload the page, the third request goes through. One customer could bypass his intranet and access our website directly. Then, everything worked like a charm.
Please note that we are only aware of issues with IE 11.
Any help is really appreciated.
Related
It seems keeping all the browsers happy is a challenging task, what with all the security they are adding and the complexities of certificates.
I have a SPA (Vuejs) which is using oidc-client.js to implement OIDC, communicating with an Identity Server (Identity Server 4).
First thing to note is that everything works if I run both client and server on localhost.
It is when I deploy the Identity Server to a Staging Server inside our network that things go awry.
So, the hostname of the Idp now differs to that of the SPA (which would be normal in production).
After much work, I've got everything working except IE11 (yep IE).
I had to do several things to get me there such as:
solve the samesite cookie issue of Chrome
create self-signed certificates and install the root certificate in the Trusted Certificates
add Babel config code and Core.js at the client, to enable IE to not throw errors when promises come into play
So, it's been a long road, yet still, I have to deal with this (see animation):
I just can't quite figure out why IE is doing that.
It is not possible to use the dev tools to see any info.
The logs at the server do not contain any information that seems relevant.
Has anyone else seen these "Browser symptoms" in IE.
Happy to provide more information (code, logs etc.) if people think that will help. Just didn't want to dump all that in the initial question, as many people don't like that.
Here are a couple of Fiddler screenshots. The first is from Chrome:
The second on is for IE11.
For some reason, the Silent Refresh is being invoked over and over again with IE11.
I think I can see what is happening, but not sure how to fix it.
There appears to be 2 calls to the Authorize endpoint which fail, conspicuously missing the .AspNetCore.Antiforgery cookie. This results in 2 invocations of silent-refresh.html.
Then, for some reason there is some king of GET request to the base url of the Idp and immediately following on the heels of that request is a request to the Authorize endpoint which does have the .AspNetCore.Antiforgery cookie.
The ship is set straight until the next call to the Authorize endpoint which is the beginning of the next cycle.
However, with Chrome, after the user is logged in, the next call to the Authorize endpoint does contain the cookie.
So, I guess it is the missing cookie which is the issue.
Perhaps this has something to do with the code which I used from this post to solve the Chrome samesite cookie issue?
Cheers
I am implementing single page application(SPA) using of Angular Js, MongoDb. And I am using rest call with promises. Rest call working fine in Chrome, Mozila browser which is using for development. But rest call is not working in IE-11. It is giving me 500 Internal Server Error.
I am not able to find out line of rest call. Because it is not showing line number. But I can share sample code of rest call.
Rh.all('apicall').get('dbname/_aggrs/'+ ar_dep +'?avars=' + query).then(function (d) {
console.log("response data");
});
Above call is not printing console. Because It is breaking in IE-11, But these rest call working fine in other browser.
If I putt direct path not with variable then it is working in IE-11.
Working Rest Call below
Rh.all('apicall').get('dbname').then(function (d) {
console.log("response data");
});
NETWORK in Console(IE-11)
IN CHROME
I am updating my question. Because I found some difference parsing url, Because of restheart.
IN CHROME:
Rh.all('apicall').get('dbname/_aggrs/'+ ar_dep +'?avars=' + query)
After parsing
localhost:8080/apicall/dbname/_aggrs/rout?avars={%22routes%22:%22US%22}
In query object I have routes:us. So in chrome it parsing %22--%22 place of " ".
IN IE-11
Rh.all('apicall').get('dbname/_aggrs/'+ ar_dep +'?avars=' + query)
After parsing
localhost:8080/apicall/dbname/_aggrs/rout?avars={"routes":"US"}
In IE-11, It is not parsing double qoutes to %22 %22. It is parsing same as string.
A 500 error is always related to the server. The symptoms may only occur with a specific browser, but it is the server that is failing; the request that is being sent to the server is causing the server-side code to fail in some way.
Error 500 on its own is too generic; without knowing more details about the error, it is always very hard to diagnose, and frankly I won't be able to give you a definitive answer here.
At your end, you should rule out the obvious, and check your browser settings in IE. Specifically, any settings that might cause it to fail to communicate properly with the server. For example, make sure that cookies are enabled and are working properly.
But the first thing you should do is discuss with the vendor or developers of the API because they will have access to the server error logs, and they will want to know about it if their code is throwing a 500 error.
However, if you do want to investigate at your end, the fact that it is specific to one browser is a clue. If the other browsers are working, then what this tells us is that this one browser (IE11) is sending the request with something about it that is different to the other browsers, and it is that something that is triggering the server-side code to fail. This gives us something to work with in the investigation.
So the first thing to do is to examine the request in all browsers. Use the F12 dev tools in Chrome, Firefox and IE, and get to the point where you've made the same call in all three of them, and it works in FF and Chrome but not in IE11.
In the dev tools, you should now be able to examine the request details for all three. Compare them.
Start by looking at the request data -- ie the actual query string that was sent. If there are differences, consider whether any of these differences may be responsible for the error. Something may stand out obviously; eg if IE has truncated a variable or something like that. If this solves the problem, then great.
If it doesn't help, then you need to look in more detail. Maybe there are some differences but they don't look like they should break anything? Modern browser dev tools allow you to edit and re-send a request, so try editing the request in Chrome or Firefox's dev tools, and make the parameters the same as the ones from IE that failed. Now try re-sending that request. If you're lucky, this will cause the request to fail in the other browser, which will allow you to show that a specific set of data is the problem (rather than a specific browser). You mentioned that it's a third party API, so you'll then need to discuss with the API vendor to find out why that query breaks their API.
If you still haven't found the problem at this point, and you're sending identical queries in both browsers, and you're logged in as the same user, then the next step is to look at the request headers.
There is one request header that will definitely be different: the User Agent string. But there may be others too. Again, try re-sending request that works in Chrome, but with headers from the failing request in IE (including the UA string). Does the request now fail in Chrome? If so, narrow down which headers are different that make it fail.
Again, if this allows you to find a specific set of request data and headers that causes the problem, then you will need to discuss with the API vendor.
If all of this doesn't help, then try looking at the cookies. You already checked that cookies are working, so this seems like a long shot now, but again compare the cookies between browsers, and see if there's anything obviously different about them.
I hope the above is enough to help you diagnose the issue.
I have a VM that I set up to do development on two sites hosted on Acquia with the same codebase. I'm using version Drupal 7.26. I have it where I can access both sites from the host computer, but when I try to log in using /user/login on either site, I get nothing. The POST returns a 404 containing the log in page again.
I've tried settings $cookie_domain = '.my-site.dev' as well as $cookie = 'www.mysite.dev'. Neither has any effect. I also tried adding a bunch of random charactersto the file to make sure I was editing the correct file; with the random characters, pages didn't load at all. (See https://www.drupal.org/node/611920#comment-3110010.)
I also tried doing repair table sessions. I forgot which site I saw that recommendation from. I also tried delete from sessions just for kicks. Neither worked.
Any ideas? Thanks!
edit: Per https://www.drupal.org/node/261411#comment-3182566, I tried to go to www.mysite.dev/?q=user/login. This did not give me a 404, but I had tried (unsuccessfully, it seems) to reset my password through the database. I'm at least getting an error about a bad username/password combination rather than nothing at all. Still, I would think /user/login should have worked, too.
edit 2: The production site uses CAS, but logging in through /user/login still works.
Well, I'm having a weird error here:
I'm developing one GAE app to read some Twitter Data, and after read a lot of docs, I have it working on my test server (Running on my pc) but after deploy and test on the real (my appspot domain) it shows this message:
401:Authentication credentials (https://dev.twitter.com/pages/auth) were missing or >incorrect. Ensure that you have set valid consumer key/secret, access token/secret, and the >system clock is in sync.
message - Could not authenticate you
code - 32
I've tried to recreate my OAuthAppToken and OAuthAppTokenSecret keys, even changing the permissions to "Write, Read and Direct Messages" and even assingning one Callback URL but nothing seems to work...
I've tried using twitter4j.properties OR using setOAuthConsumer(TW_CONSUMER_KEY, TW_CONSUMER_SECRET) OR a ConfigurationBuilder whith the correct constants and I'm experimenting the same Issue.
I'm working with AppEngine 1.8.3 and Twitter4j 3.0.4
Iv'e been writing on log and the Twitter object seems to be well created... I dont understand why is working on my PC but not on the real app.
On some other post someone says that could be because it needs to use Sync clock.. but he doesn't explains where to change that property...
Did someone had a clue?
Ok, the problem was me (and Twitter.... well..... I really think it was Twitter problem for being so dark on his api messages)...
On testing server I was looking for an existing account and on the cloud I was looking for an inexistent one. So, It was my mistake. But seriously, what about Twitter saying: "Access Forbidden"? That doesn't have any sense...
(yes - cross-posted from the google-appengine google group...I can't tell if they answer support questions like this there or here or what...it's all kind of a mess :) )
I am having a problem logging in to the appengine console using certain accounts on my google apps domain (but not others).
No matter what browser I use (Firefox, Chrome, Safari, IE), I get a "too many redirects" error on https://appengine.google.com/start when I try to log in using a specific account. I have tried resetting all the browsers as well (clearing all cookies, cache, etc - even trying it on a clean install of an OS) - with no luck. Going directly to https://appengine.google.com/a/domain.name causes the same loop for those accounts. The same thing happens when running the browsers with privacy mode enabled.
One of the accounts having problems is the user nathan.toone on the k9webprotection.com google apps domain - however we can log in with the user "admin" or the user "build-agent" on the same domain just fine (but not "build.agent" or "user2"). It seems to be all over the place as to which accounts are able to log in without the redirect loop and which ones aren't.
I have contacted google apps for your domain support, and they have said that it is outside their scope. They very "helpfully" pointed me to https://developers.google.com/appengine/kb/general - which didn't help AT ALL. :(
Again - the odd thing is that there are some of the accounts on the same domain that are able to log in just fine. Does anyone have any idea what could be happening, or have a way for me to contact someone to get this worked out? I have found a couple of other people saying they have had this problem, but have not been able to encounter a solution.
-Nathan