I've installed mediawiki on an Amazon ec2 server.
The server has only apache, php, mariadb and mediawiki
I'm using mediawiki 1.35, with the bundled VisualEditor and ParsoidPHP
I can use VisualEditor to edit a new page, but it will not save, and when I edit an existing page, I get the blue progress bar followed by the error:
Error contacting the Parsoid/RESTBase server: (curl error: 28) Timeout was reached
I've tried configuring parsoid using instruction I've found on the web :
$wgVirtualRestConfig['modules']['parsoid'] = [
// URL to the Parsoid instance - use port 8142 if you use the Debian package - the parameter 'URL' was first used but is now deprecated (string)
'url' => 'http://myIpAddress:8000',
// Parsoid "domain" (string, optional) - MediaWiki >= 1.26
'domain' => 'myIpAddress',
// Parsoid "prefix" (string, optional) - deprecated since MediaWiki 1.26, use 'domain'
'prefix' => 'myIpAddress',
// Forward cookies in the case of private wikis (string or false, optional)
'forwardCookies' => true,
// request timeout in seconds (integer or null, optional)
'timeout' => null,
// Parsoid HTTP proxy (string or null, optional)
'HTTPProxy' => null,
// whether to parse URL as if they were meant for RESTBase (boolean or null, optional)
'restbaseCompat' => null,
];
The best effect I get is a 404, or a 400. This configuration is not working.
I haven't made any other changes to the settings.
if I call parsoid directly:
http://MyIpAddress/api.php?action=visualeditor&paction=parse&page=Main_Page
I see the timeout thusly:
{
"error": {
"code": "apierror-visualeditor-docserver-http-error",
"info": "Error contacting the Parsoid/RESTBase server: (curl error: 28) Timeout was reached",
"*": "See http://MyIpAddress/api.php for API usage. Subscribe to the mediawiki-api-announce mailing list at <https://lists.wikimedia.org/mailman/listinfo/mediawiki-api-announce> for notice of API deprecations and breaking changes."
}
}
Based on my testing, it appears that parsoid is using the $wgServer variable to make a local connection to rest.php
Using curl, I'm able to connect to http://localhost/rest.php/v1/page/Main_Page
But, not to http://myipaddress/rest.php/v1/page/Main_Page or http://mydomainname/rest.php/v1/page/Main_Page both of these timeout. The apache server can't connect to itself
So, theoretically, I should be able to set
$wgVirtualRestConfig['modules']['parsoid']['domain']='localhost';
But that results in a 404, instead of a timeout.
In the end, I added my domain name to /etc/hosts and pointed it to 127.0.0.1 and that works fine. It feels like a hack, and I must use a domain name, not just an iP.
We've run into this problem several times.
In one case, it was a matter of access control.
Parsoid makes HTTP requests to the MediaWiki site. We're restricting access to certain actions using the Lockdown extension,
and we had to exempt Parsoid, which can be done in several ways, e.g.:
if (($_SERVER['REMOTE_ADDR'] !== '127.0.0.1') && ($_SERVER['REMOTE_ADDR'] !== $_
SERVER['SERVER_ADDR'])) {
# don't lock down any pages for Parsoid, or the VisualEditor will break on them
wfLoadExtension('Lockdown');
}
Related
I have been having a long and frustrating experience trying to get AASA to work for webcredentials. My goal here is to allow usernames and passwords to be stored in the iOS keychain.
I did have this working on a root domain the other week but it is not sufficient for my scenario as I will explain. It didn't work for me straight away I have to say but it eventually started working after a clean build so I thought this was the issue then but now I am not so sure.
I am using Expo with EAS build. We have a multi-tenant application. From a single codebase we deploy to multiple apps in the store. All are on the same team ID but they are separate applications and use separate credentials, nothing is shared.
I am confident my apps textContentType of username and password on my TextFields is correct as this has not changed from when I managed to get it working originally and I have checked it countless times.
Expectation
For the "Save Password" prompt to be displayed after login. What I have noticed however is when going to store a password manually using "add password" via iCloudKeychain from the keyboard accessory this does accurately show the correct "TENANT_SUBDOMAIN.example.com". I find this confusing.
Goal Scenario
I am hosting a site on Netlify. I have it setup to support wildcard subdomains with a LetsEncrypt provisioned wildcard SSL certificate. I then have edge functions which change the content of my index.html and apple-app-site-association file dynamically based on the requested subdomain.
I have added the Associated Domains capability to my provisioning profile.
I am using the latest Expo 47 and EAS build. I have added in the appropriate associated domains configuration and I can see this when introspecting my entitlements under com.apple.developer.associated-domains and it is correct.
I am using TestFlight for testing. I am doing a --clean-build on EAS every time and I also increase the runtime version. I have also tried manually refreshing credentials outside of the build process which does this automatically. This must be using the correct provisioning profile otherwise I would get a build failure as the requested entitlements wouldn't match.
The AASA file is currently hosted just in the .well-known directory. I have tried using the root and also tried using both. There are no redirects taking place.
I am aware the AASA file is pulled on application installation and update. I repeatedly remove the apps and then reboot my phone in an attempt to reset any device caches.
The content-type of the file is application/json and I have confirmed this using developer tools in the browser.
There is no robots.txt or anything blocking the request from an infrastructure perspective. There are no additional firewalls or geo restricted access as I am just using plain Netlify to host this, nothing fancy.
I am confident the Team ID and bundle IDs are correct in the AASA file.
I remove the content-length header in the Edge function so it is correctly calculated by the network instead and I have confirmed this using curl.
When I check the file using https://app-site-association.cdn-apple.com/a/v1/site.example.com Apple has the correct file cached on it's CDN so I would expect it to work.
I added in an applinks section so I could use the Apple App Search API validation tool and the Branch.io AASA verification tool to verify correctness. Branch.io says the file is fine and Apple says it's fine also but because the App has not been deployed to the store yet I see Error no apps with domain entitlements. From what I can tell this is normal in development and makes sense as it uses the current released version of the app to verify the deep link configuration. So to me this means Apple can parse the file correctly.
When I stream my device console logs; on install I can see the AASA requesting the correct domains. I see no errors on swcd I just see the Beginning data task AASA-XXXX with the correct domains.
When I run Charles proxy on my phone with a verified SSL installation (also reinstalled a few times now) I do not see quite what I would expect - but the device logs seem to imply it is doing the correct thing. When I view the app-site-association... URL requests in Charles there is one per application install which is correct. The request is marked as Unknown and when I look at the request the host is shown but as you would expect from SSL I see no path. The info says METHOD: CONNECT with Error - Input Error: EOF. This is the only error I see, I am not sure if it is a red herring and something to do with Charles. Given the error as you expect there is no body in the request or response. It is worth noting in general testing I have no VPN enabled and I have do not have Private Relay enabled in my iOS settings.
When I perform a sysdiagnose I see the following at the timestamp in my console log in the swcutil_show.txt device log. This looks correct in comparison to other apps webcredentials and applinks services I see there and I see no errors:
Service: webcredentials
App ID: MYTEAMID.com.cf.example.b2c.ios
App Version: 1.0
App PI: <LSPersistentIdentifier 0x141816200> { v = 0, t = 0x8, u = 0x1e7c, db = 0094F7C4-3078-41A2-A33E-79D5A62C80A6, {length = 8, bytes = 0x7c1e000000000000} }
Domain: CORRECT_SUBDOMAIN.example.app
User Approval: unspecified
Site/Fmwk Approval: approved
Flags:
Last Checked: 2022-12-09 14:14:32 +0000
Next Check: 2022-12-14 14:03:00 +0000
Service: applinks
App ID: MYTEAMID.com.cf.example.b2c.ios
App Version: 1.0
App PI: <LSPersistentIdentifier 0x13fd38d00> { v = 0, t = 0x8, u = 0x219c, db = 0094F7C4-3078-41A2-A33E-79D5A62C80A6, {length = 8, bytes = 0x9c21000000000000} }
Domain: CORRECT_SUBDOMAIN.example.app
Patterns: {"/":"*"}
User Approval: unspecified
Site/Fmwk Approval: approved
Flags:
Last Checked: 2022-12-13 13:13:23 +0000
Next Check: 2022-12-18 13:01:51 + 0000
At end of file:
MYTEAMID.com.cf.example.b2c.ios: 8 bytes
(This seems correct for all apps)
Other Scenario
I have tried setting this up using an apex on another domain which hasn't been seen before by Apple. I have tried using a subdomain with a root domain serving the same content and I have tried the subdomain and root domain on their own. I have also tried not using the Edge functions and having static files but to no avail.
When I do this I ensure I wait for the Apple CDN to catch up and remove/add entries prior to deleting the apps, rebooting my device, and reinstalling to test.
AASA File
AASA content comes back with the correct payload and Content-Type: application/json and Content-Length headers, both from Apples CDN and the origin. When I had this somehow working in my initial test it was on a root domain and I did not have an applinks section, this was only added so I could use the verification tools for universal links.
I am not sending back different content or duplicated content and I block the www subdomain - I have also tried it with a www subdomain for the record.
{
"applinks": {
"details": [
{
"appIDs": [
"MYTEAMID.com.cf.example.b2c.ios"
],
"components": [
{
"#": "no_universal_links",
"exclude": true,
"comment": "Matches any URL with a fragment that equals no_universal_links and instructs the system not to open it as a universal link."
}
]
}
]
},
"webcredentials": {
"apps": [
"MYTEAMID.com.cf.example.b2c.ios"
]
}
}
I have also tried this with the older format:
{
"applinks": {
"apps": [],
"details": [
{
"appID": "MYTEAMID.com.cf.example.b2c.ios",
"paths": [
"*"
]
}
]
},
"webcredentials": {
"apps": [
"MYTEAMID.com.cf.example.b2c.ios"
]
}
}
associatedDomains iOS. expo config
associatedDomains: [
`webcredentials:${SUBDOMAIN}.example.app`,
`applinks:${SUBDOMAIN}.example.app`,
],
Help :)
I have been trying to get this to work for a long time now and I am completely out of ideas. If anybody has any suggestions I would really appreciate it. I am very confused how the devices request seems correct and the CDN content is correct but it is still not working. It's worth also reiterating that I need to have different subdomains for each tenant as the credentials must not be shared across apps so the keychain->domain association store must be different.
I am wondering if it's the LetsEncrypt wildcard SSL certificate but I wouldn't expect it to verify and for Apple to cache the file if this was the case. It seems very unlikely to me but it is the only thing I haven't tried at this point.
Many Thanks,
Mark
https://www.mediawiki.org/wiki/MediaWiki_1.35 is out and one of the advertise features seems to be the "built in"/"out of the box" Visual Editor that doesn't need an external server anymore.
So downloaded and installed the version just released and clicked "VisualEditor" so that it would appear in my LocalSettings.php as:
wfLoadExtension( 'VisualEditor' );
But when trying to edit a page the error message:
Error contacting the Parsoid/RESTBase server: http-bad-status
With no further hint on what to do.
The information in https://www.mediawiki.org/wiki/Extension:VisualEditor is still intimidating for me - it doesn't look like an "out of the box" configuration at all. I did not find anything there about the dialog's message content.
Where do i find the official information on how to avoid this dialog?
I've managed to wake up visual editor on an apache / ubuntu with mediawiki 1.37 set to private wiki.
This is what I've done
$wgServer = "https://example.org";
Note the https in wgServer!
End of my LocalSettings.php
if ( isset( $_SERVER['REMOTE_ADDR'] ) &&
in_array( $_SERVER['REMOTE_ADDR'], [ $_SERVER['SERVER_ADDR'], '127.0.0.1' ] ) ) {
$wgGroupPermissions['*']['read'] = true;
$wgGroupPermissions['*']['edit'] = true;
$wgGroupPermissions['*']['writeapi'] = true;
}
Making sure that $wgServer in LocalSettings.php has https and not http in the string solved it for me.
If you are using the HTTP based authentication of your webserver you have to allow localhost to be whitelisted, so MediaWiki can reach itself.
For Apache you can do this with
Require local
at the same spot where you configured the authentication. You can find detailed configuration descriptions in the MediaWiki Wiki.
https://www.mediawiki.org/wiki/Topic:Vwkv6abtipmknci8
However i would not recommend to use whitelisting based on the user agent. Attackers could circumvent the authentication just by changing their user agent string.
In my case I only run into this problem, when I use a "nested" or structured wiki page.
It works for pages like
TestPage, VideoCut, BestPractices but not pages like
TestPage/Test1, TestPage/Hugo and so on.
When looking at the webserver log page it seams the rest.php URL is not build correctly.
In the good case the build rest.php send the following POST request:
POST /wiki/rest.php/localhost/v3/transform/html/to/wikitext/TestPage/12 HTTP/1.1" 200 521 "-" "VisualEditor-MediaWiki/1.38.2"
In the bad case the request looks like:
POST /wiki/rest.php/localhost/v3/transform/html/to/wikitext/TestPage%2FTest1 HTTP/1.1" 404 981 "-" "VisualEditor-MediaWiki/1.38.2"
It ends-up in a 404 instead of a successful 200. The problem seams to be the coded %2F (/) inside the Page-Path (TestPage/Test1 -> TestPage%2FTest1).
I'm a serious newbie as it comes to Zend and I'm now forced to work with Zend 3 (and learn it). Fellow developers have done parts of the application and now I'm cloning it on my side.
I receive "Database not selected" in the error log - I have set database.local.php and I think they've set everything else. Credentials are correct.
I'm working on Windows.
Is there anything else I could be missing as it comes to settings or database connection?
Thanks. I will provide any additional info if needed.
As we're dealing with both Zend Framework AND a configuration issue, for your next question, please make sure to also include file paths and such.
I'm proceeding with this answer under the assumption that you've created your file here: /config/database.local.php.
Note: using ZF3 myself, I, of course, tried to find your error message "Database not selected", however it comes back with no results. Make sure you copy and paste error messages so users of any framework, cms or another system can more easily help you out.
You'll find the problem you're facing in the application.config.php file (in the /config folder. In here you'll find the following config:
// Retrieve list of modules used in this application.
'modules' => require __DIR__ . '/modules.config.php',
// These are various options for the listeners attached to the ModuleManager
'module_listener_options' => [
// ... other config
// An array of paths from which to glob configuration files after
// modules are loaded. These effectively override configuration
// provided by modules themselves. Paths may use GLOB_BRACE notation.
'config_glob_paths' => [
realpath(__DIR__) . '/autoload/{{,*.}global,{,*.}local,{,*.}deploy,{,*.}development}.php',
],
// ... other config
],
Any of the *.local.php or *.global.php config files should be placed in /config/autoload/. Though, if you modify the above config, you could technically place it wherever you'd like.
Next, make sure you have the Zend\Db module enabled in your configuration. Open up the /config/modules.config.php file and make sure Zend\Db is in the list of Zend modules to be loaded in.
Lastly, you have not provided the config you used, so I'm assuming you made a mistake there. Use something like the config below in your /config/autoload/database.local.php file. Technically you could split this over 2 files; a global and a local file. Local files are (/should) not be committed into version control history and as such can contain usernames and passwords. Any other config, such as using Pdo for a driver could go into global config.
'db' => [
'driver' => 'Pdo',
'dsn' => 'mysql:dbname=zf3;hostname=localhost',
'username' => 'root',
'password' => 'root',
'driver_options' => [
PDO::MYSQL_ATTR_INIT_COMMAND => 'SET NAMES \'UTF8\''
],
],
I am currently deploying an application using Apache Tomcat 7
Debugged the errors now and by changing localhost -> I.P., we are able to access the pages, but other users are not able to access the datasets. This maybe due to many reasons, MySQL is not allowing them etc
Backend #1 : My own MySQL Server at Local
ERROR : dataset is not defined
This could be due to the reason that mysql server is not allowing access to other users as privileges are not given yet.
Backend #2 : Then, I tried my company's MySQL server.
This database can be accessed by all, using a particular set of credentials and also the particular "Host".
ERROR : XMLHttpRequest cannot load http://localhost:8080/composite2/Tablev1/datejson. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://172.21.24.24:8080' is therefore not allowed access.
dataset is not defined
In the second case, my "Datasource.groovy"
environments {
development {
dataSource {
//dbCreate = "update" // one of 'create', 'create-drop', 'update', 'validate', ''
url = "jdbc:mysql://10.1.70.13/ewacs?useUnicode=yes&characterEncoding=UTF-8"
username = "w"
password = "w#123"
}
}
test {
dataSource {
//dbCreate = "update"
url = "jdbc:mysql://10.1.70.13/ewacs?useUnicode=yes&characterEncoding=UTF-8"
username = "w"
password = "w#123"
}
}
production {
dataSource {
//dbCreate = "update"
url = "jdbc:mysql://10.1.70.13/ewacs?useUnicode=yes&characterEncoding=UTF-8"
username = "w"
password = "w#123"
}
}
}
In both the cases, the datasets are not loading. What am I doing wrong in case #2?
The access should be there for other users to hit the mysql server.
Why am I getting the error? Tried looking it up, but did not find any relevant link yet.
I went through this link : Question
But, I'm a beginner here, not able to understand this at all.
UPDATE:
Ok, so I noticed that in my javascript files, I was still using localhost, big mistake!
I changed localhost -> 10.1.70.13
So, new error now...
GET http://10.1.70.13:8080/composite2/Tablev1/datejson net::ERR_CONNECTION_REFUSED
OR
Failed to load resource: net::ERR_CONNECTION_REFUSED
What is the issue here?
All approaches/suggestions are most welcome.
Is possible to intercept 404 error without using web server (browsing html file in the filesystem) ?
I tried with some javascript, using an hidden iframe that preload the destination page and check for the result and then trigger a custom error or redirect to the correct page.
This work fine but is not good on perfomance.
A 404 error is an HTTP status response. So unless you are trying to retrieve this file using an HTTP request/response, you can't have a genuine 404 error. You can only mimic one in something like the way you suggest. Any "standard" way of handling a 404 error is dependent on your flavour of web server anyway...
404 is a HTTP response code, and as such only delivered through the HTTP protocol by servers that speak it. The file:// extension isn't a real protocol response as such, it's a hack built into clients (like browsers) that enable local file support, however it's up to browsers / clients themselves whether they expose any response codes from their file:// implementation. In theory they could report them in the DOM, for example, but they would be response codes exposed to themselves, and as such rarely implemented. Most don't, and there isn't a standard way for it. You may look into browser extensions, like Firefox, and see if they support it, but then, this is highly unstandard and will likely break if you pop it on the web.
Why don't you want to use the server?
I don't believe that it's possible to handle a 404 error client-side, because a 404 error is server-side.
Whenever you load a webpage, you make a request to the server. Thus, when you ask for a file that's not there, it's the server that handles the error. Regular HTML/CSS/JavaScript only come into the picture when the server sends back a response to tell you that it can't find the file.
Steve
Because I was looking for this today. You can now do this without a server by using a Service Worker to cache the custom 404 page, and then serve it when a fetch request status is 404. Following the instructions on the google cache lab, the worker files looks as follows:
const filesToCache = [
'/',
'404.html'
];
const staticCacheName = 'pages-cache-v1';
self.addEventListener('install', event => {
console.log('Attempting to install service worker and cache static assets');
event.waitUntil(
caches.open(staticCacheName).then(cache => {
return cache.addAll(filesToCache);
});
);
});
self.addEventListener('fetch', event => {
console.log('Fetch event for ', event.request.url);
event.respondWith(
caches.match(event.request).then(response => {
if (response) {
console.log('Found ', event.request.url, ' in cache');
return response;
}
console.log('Network request for ', event.request.url);
return fetch(event.request).then(response => {
console.log('response.status:', response.status);
// fetch request returned 404, serve custom 404 page
if (response.status === 404) {
return caches.match('404.html');
}
});
});
);
});