How can I get more stacktrace in AngularJS - angularjs

I'm using the decorator to change the $exceptionHandler behavior, sending logs to the server. My problem with this is that the stackatrace of the exceptions seems useless, showing only part of the stack. For example:
Syntax Error: Token 'undefined' not a primary expression at column NaN
of the expression [expression here].
at Error (native)
at throwError (http://localhost:8080/angular/angular.js:6674:62)
at primary (http://localhost:8080/angular/angular.js:6918:9)
at unary (http://localhost:8080/angular/angular.js:6900:14)
at multiplicative (http://localhost:8080/angular/angular.js:6883:16)
at additive (http://localhost:8080/angular/angular.js:6874:16)
at relational (http://localhost:8080/angular/angular.js:6865:16)
at equality (http://localhost:8080/angular/angular.js:6856:16)
at logicalAND (http://localhost:8080/angular/angular.js:6847:16)
at logicalOR (http://localhost:8080/angular/angular.js:6839:41)
Is there some way to configure AngularJS to show more stacks? If I look at Chrome console, I can see more stack, and get the filename, but not in the exception handler.
Even if I change the Error limit I cannot see the original file:
Error.stackTraceLimit = Infinity;

1 Use a debugger, instead of Chrome console
Google Chrome provides a debugger that helps JS programmers to find bugs and problematic code.
As the complexity of JavaScript applications increase, developers need
powerful debugging tools to help quickly discover the cause of a
issue and fix it efficiently. The Chrome DevTools include several
useful tools to help make debugging JavaScript less painful.
You can try putting some breakpoints wherever you want (try to detect the problematic lines/ methods).
See the official documentation here: Google Chrome Debugger
2 Use a browser extension
Many plugins like ng-inspector or AngularJS Batarang helps you to print the status of your AngularJS program (controller instances, variable names/values, and scopes).
3 Use $log service (console.log wrapper)
The AngularJS $log service provides a simple resource to print the status of your variables in the browser console (if present).
Simple service for logging. Default implementation safely writes the
message into the browser's console (if present).
The main purpose of this service is to simplify debugging and
troubleshooting.
The default is to log debug messages. You can use
ng.$logProvider#debugEnabled to change this. AngularJS $log service
helps you to debug your program.
From my point of view, a good AngularJS debug includes the combination of all the above solutions.
I hope it is useful for you.

Related

localhost javascript bundled is trying to be injected to my website by an user. (Reported by Sentry an error and performance tracking tool)

I can see in Sentry report that,
Along with my vendors~main-6319dfea084cb55e85bf.js,main-6319dfea084cb55e85bf.js and other resource.scripts and resource.css files i can see https://localhost:49506/7pp3ab609c5236b3bf34c2b621ac79ba.js script is been injected and also- GET https://localhost:49506/storage/userId and GET https://localhost:49506/storage/pendingRequests api calls has been triggered.
The attacker tried this from EDGE browser.
The application was developed with typescript and Reactjs.
My questions are,
What type of attack it is?
How can i handled this?
Also if any additional info, please post here.
Thanks in advance.

Image violates the following Content Security Policy directive - Create React App

I'm getting the following Content Security Policy error in chrome when running my React app. I tried googling this for a long time, but I couldn't find enough information about how to fix this when using create-react-app. I would appreciate any help very much.
After a bit search about your issue, I ended up here in MDN. I will shortly define what the problem is but for more information I strongly suggest you read the provided link.
So what is happening here exactly?
This is because the website is configured to use Content Security Policy(CSP) to protect against someone maliciously loading code from a third party. The Content-Security-Policy meta-tag allows you to reduce the risk of XSS attacks by allowing you to define where resources can be loaded from, preventing browsers from loading data from any other locations. This makes it harder for an attacker to inject malicious code into your site.
How to solve this then?
According to the MDN link that I provided, we should solve this by adding the following meta tag to our index.html.
<meta http-equiv="Content-Security-Policy" content="default-src 'self' *.trusted.com">
NOTE: *.trusted.com should be the trusted site or list of them.
Then what should it happen on your own localhost?
I have faced several issues like yours and then found out when this error has shown up on your console, this is not necessarily showing you have this exact problem on your project, and the other problems in your main code could cause such an error. I just found some similar issues that will share below:
Same issue on angular
Same issue on ionic
Same issue on react
and so on
So what you have to do?
First of all, please check all your existing codes and paths in your project and make sure there are no errors in neither of them. When you get rid of all your errors this should be gone as usual, but if the problem insists to exist please make sure to disable all your extensions in your browser (you can safely test it on incognito without disabling anything) and then run the project and see if the error is gone or not.
So there is two-step at all to get rid of that:
Get rid of all your project and pathing errors
Make sure all your extensions are disabled

isomorphic/universally-rendered React 15 app breaks with Cloudflare HTTP Proxy ("orange cloud")

I have an isomorphic/universal React app, meaning it is rendered on the server by the same JS that powers the client-side, Single Page App user experience.
I configure this app's DNS using Cloudflare, and use their "orange cloud" feature to accelerate and protect my site's traffic, as explained in the following graphic and in their support article:
From the linked-to article: "Cloudflare can operate in two modes - DNS only (unproxied; 'grey cloud') and as a HTTP proxy ('orange cloud') with our security, CDN & performance features."
I have discovered that running my app with React 15 and Cloudflare's "orange cloud" HTTP Proxy feature results in an error:
reactProdInvariant.js:31 Uncaught Error: Minified React error #32; visit http://facebook.github.io/react/docs/error-decoder.html?invariant=32&args[]=2 for the full message or use the non-minified dev environment for full errors and additional helpful warnings.
The text of the linked-to bug:
Unable to find element with ID 2.
This ID probably refers to the head tag of my page:
<!doctype html>
<html lang="en-us" data-reactroot="" data-reactid="1" data-react-checksum="-1233854461"><head data-reactid="2">...
I do NOT get this issue with React 14.
I do NOT get this bug when using the raw, un-DNS-ed address of my app, nor do I get it when I switch to the "grey cloud" to use Cloudflare as only a DNS service.
I do NOT get this issue when I disable server-side rendering.
When I google the text of the linked-to "actual" error, I find this Github thread that confirms that this has something to do with server-side rendering.
However, my situation differs slightly: that thread's author encounters the error with an "unable to find element" ID referring to a style tag, whereas in my case the unfound element ID refers to the head tag.
When I google the text of the production "wrapped" error, I find this Github thread that confirms that this has something to do with Cloudflare's HTTP Proxy. This comment says: "If you're using CloudFlare, please disable auto-minification of HTML."
So far, I can't figure out how to do that. It's hard for me to find good information on what exactly Cloudflare does with their HTTP Proxy, and how I can configure it.
Questions:
Why exactly does this bug happen?
Where can I find information about what exactly the "orange cloud" does?
What is the best way to fix this problem while maintaining the benefits of Cloudflare's HTTP Proxy?
React on the server needs to render the application to a string of HTML that makes sense to the browser. At the same time, React in the browser needs to read this HTML and understand it in relation to your JS code: it needs to identify which DOM tree came from which React component, in a very detailed way. Thus, in effect, the intermediate HTML is a serialization format between React on the server and React on the client with an additional requirement for it to make sense for the browser even in the absence of React.
When you enable advanced Cloudflare functionality, it treats the HTML as a “regular” HTML, not fancy server-side rendered compnents. My baseless speculation on one thing that could be going wrong is stripping HTML comments. In general, this is a natural thing to do for minification. But React uses HTML comments to put a <!-- empty --> placeholder where a React component returns null. Naturally, stripping these breaks React.
Cloudflare is there to make serving websites faster at a lower cost. They have a wide variety of tools to achieve that, see their introduction guide. Minifying HTML is completely natural and it is unfortunate it breaks your use case, but this is what we get when the meaning of nodes and attributes and flexibility changing them in our HTML is not strictly defined.
I think the most straight-forward way for you to move forward for now is to disable HTML minification in Cloudflare settings.

Protractor tests stopped working after upgrade to Angular 2

I have a manually bootstrapped Angular application with a large number of Protractor tests written. Around June 2016, the tests worked, but no longer do. Since then, the following changes have occurred:
Angular 2 has been released
The login portion of the application has been rewritten. Originally, the login page did not use Angular at all. Now it uses Angular 2. The rest of the app is still Angular 1.
If I do not interact with the app beyond logging in, and run a single test (such as "expect(true).toBe(true)"), then everything runs to completion, with no error messages generated.
If my test automation does interact with the app, then the following occurs:
If my conf.js file contains "useAllAngular2AppRoots: true", I get the error message: "Timed out waiting for Protractor to synchronize with the page after 11 seconds. Please see https://github.com/angular/protractor/blob/master/docs/faq.md"
If my conf.js file does not contain "useAllAngular2AppRoots: true", I get the error message: "Error while waiting for Protractor to sync with the page: "Could not find testability for element."
In either case, the automation proceeds through login and into the Angular1 portion of the application.
The questions I have are:
Is this kind of application (Angular2 login page, everything else Angular1) possible to test with Protractor?
Should "useAllAngular2AppRoots: true" be used?
The error messages I am getting don't seem to point to a particular area of my test code to fix. How can I go about determining what the problem is?
EDIT 27 Oct 2016
After the first answer this question received, I attempted to pin down exactly what was failing, and where.
I found that:
setting rootElement in my conf.js file had no effect. Whether I left it out entirely, specifically set it to 'body', or set it to a random nonsense string, I got the same behavior.
following the given suggestions, I was still getting an error message 'AfterAll Failed: Error while waiting for Protractor to sync with the page: "Could not find testability for element."' Note that I was not trying to make any tests in my AfterAll function, just clicking a Logout button
if I set 'browser.ignoreSynchronization=true' in the beforeAll function of my test, I could make calls that interacted with the app, such as clicking on screen elements. Without this line, no such call had any effect. However, I'm sure that this is not something I should do, or that I should need to.
even with 'browser.ignoreSynchronization=true', I would still get error messages when I tried to make Angular1-specific calls, such as trying to match an element with by.repeater(). This would occur in the part of the app which is still written in Angular 1, and is therefore using ng-repeat rather than ngFor.
Does this additional information give any further insight on what might be going on, and what else I might try?
First of all, you need to make sure you are using the latest protractor (4.0.9) and zone.js >= 0.6.25.
Then, make sure you set browser.ng12Hybrid to true for each page that contains a hybrid angular 1 + 2 app, i.e.:
beforeEach(function () {
browser.ng12Hybrid = true;
browser.get('/somepage.html');
});
afterEach(function () {
browser.ng12Hybrid = false;
});
You can also find example in protractor's own test specs.
As for useAllAngular2AppRoots: true, it should only be used once your app is completely migrated to Angular 2 and you have removed the upgrade adapter, as explained here.
Good luck with your project!

Strange, isolated errors "$compile:tpload"

We're having strange, sporadic JavaScript error messages in our production log files (JavaScript errors are logged in the backend):
Uncaught Error: [$compile:tpload] http://errors.angularjs.org/1.2.16/$compile/tpload?p0=modules%2Fsome%2valid-directive-path.tpl.html
The error occurs only with directives. I'm not able to reproduce the errors locally. The templateUrl for the directives are all valid.
The only possible scenario that came to my mind was if the user presses the cancel/stop button in the browser while the page is loading (then i'm able to reproduce the error).
Does anyone have another idea or explanation? Or even a solution :-)
Cheers
Michael
We resolved the issue like this:
Since we are caching our HTML templates with $templateCache using the grunt ngTemplate plugin (https://www.npmjs.com/package/grunt-angular-templates) we do not have the above issues anymore.
Out of interest I was able to recreate this issue. By adding logging to angular I established that when the template load fails it does so with a status of 0 which made me think that the request was actually cancelled. This theory was backed up by the fact that we see no server side errors.
If I emulate a device that cannot support html5 routing and then add an arbitrary query string to the end of the route, it causes an infinite digest loop and in the end the whole page reloads a few times. This in turn was causing the outstanding template requests to be cancelled leading to exactly the errors I was seeing in the logs.
So, for me at least, this is really nothing to do with the loading of the templates, it's just an angular bug (which hopefully is going to be fixed in angular 1.3.8)

Resources