After successful registration using sfGuard, I land on "sf/sf_admin/css/main.css" with 404 message.
Is there any way to set the app_sf_guard_plugin_success_signin_url to go to homepage?
As described in the documentation of the plugin (at the bottom), you can define it in your app.yml:
all:
sf_guard_plugin:
success_signin_url: #my_route?param=value # the plugin use the referer as default
success_signout_url: module/action # the plugin use the referer as default
Related
https://www.mediawiki.org/wiki/MediaWiki_1.35 is out and one of the advertise features seems to be the "built in"/"out of the box" Visual Editor that doesn't need an external server anymore.
So downloaded and installed the version just released and clicked "VisualEditor" so that it would appear in my LocalSettings.php as:
wfLoadExtension( 'VisualEditor' );
But when trying to edit a page the error message:
Error contacting the Parsoid/RESTBase server: http-bad-status
With no further hint on what to do.
The information in https://www.mediawiki.org/wiki/Extension:VisualEditor is still intimidating for me - it doesn't look like an "out of the box" configuration at all. I did not find anything there about the dialog's message content.
Where do i find the official information on how to avoid this dialog?
I've managed to wake up visual editor on an apache / ubuntu with mediawiki 1.37 set to private wiki.
This is what I've done
$wgServer = "https://example.org";
Note the https in wgServer!
End of my LocalSettings.php
if ( isset( $_SERVER['REMOTE_ADDR'] ) &&
in_array( $_SERVER['REMOTE_ADDR'], [ $_SERVER['SERVER_ADDR'], '127.0.0.1' ] ) ) {
$wgGroupPermissions['*']['read'] = true;
$wgGroupPermissions['*']['edit'] = true;
$wgGroupPermissions['*']['writeapi'] = true;
}
Making sure that $wgServer in LocalSettings.php has https and not http in the string solved it for me.
If you are using the HTTP based authentication of your webserver you have to allow localhost to be whitelisted, so MediaWiki can reach itself.
For Apache you can do this with
Require local
at the same spot where you configured the authentication. You can find detailed configuration descriptions in the MediaWiki Wiki.
https://www.mediawiki.org/wiki/Topic:Vwkv6abtipmknci8
However i would not recommend to use whitelisting based on the user agent. Attackers could circumvent the authentication just by changing their user agent string.
In my case I only run into this problem, when I use a "nested" or structured wiki page.
It works for pages like
TestPage, VideoCut, BestPractices but not pages like
TestPage/Test1, TestPage/Hugo and so on.
When looking at the webserver log page it seams the rest.php URL is not build correctly.
In the good case the build rest.php send the following POST request:
POST /wiki/rest.php/localhost/v3/transform/html/to/wikitext/TestPage/12 HTTP/1.1" 200 521 "-" "VisualEditor-MediaWiki/1.38.2"
In the bad case the request looks like:
POST /wiki/rest.php/localhost/v3/transform/html/to/wikitext/TestPage%2FTest1 HTTP/1.1" 404 981 "-" "VisualEditor-MediaWiki/1.38.2"
It ends-up in a 404 instead of a successful 200. The problem seams to be the coded %2F (/) inside the Page-Path (TestPage/Test1 -> TestPage%2FTest1).
We're running Cypress.io locally via http:// using Chrome, and when "SameSite by default cookies" is on (which they are starting to roll out to all users), our login tests fail because the session cookie cannot be set (is blocked because the connection is not secure). Any suggestions on a workaround? I looked into setting a Chrome flag as per:
https://docs.cypress.io/api/plugins/browser-launch-api.html#Examples
with flag:
https://peter.sh/experiments/chromium-command-line-switches/#unsafely-treat-insecure-origin-as-secure
but couldn't find an appropriate flag. Thanks.
I ended up fixing this by simply changing the session cookie's samesite attribute for my local/test environment from none, which requires secure, to lax. Hope this helps someone else!
I ran in to the same issue.
My solution was going to chrome://flags (after running chrome from cypress) and set SameSite by default cookies to Disabled.
You can actually write an interceptor in cypress to rewrite the headers of requests to use SameSite="None". This blog explains how in more detail.
https://www.tomoliver.net/posts/cypress-samesite-problem
This technique is good if you don't have control over the server sending the response. e.g a third party auth server.
What am I doing ?
I wrote a script that runs every 1 second and sends a POST request with some data to a server which is running locally. Since the page that I am trying this on has some response headers attached to it (CSP headers). Therefore, the request is unable to proceed to CSP policy in chrome.
Here is the error I get
Refused to connect to 'https://domain.in/api/users' because it
violates the following Content Security Policy directive: "connect-src
'self' https://.whatsapp.net https://www.facebook.com
https://.giphy.com https://.tenor.co blob:
https://crashlogs.whatsapp.net/wa_clb_data
https://crashlogs.whatsapp.net/wa_fls_upload_check
https://www.bingapis.com/api/v6/images/search
https://.google-analytics.com wss://*.web.whatsapp.com
wss://web.whatsapp.com https://dyn.web.whatsapp.com"
What I want ?
Since I am just testing few things, I can bear an insecure environment by disabling the CSP in chrome. So please tell me how to do that ?
What have I tried/read so far ?
I have tried searching for this online and even some of the questions on SO but none of them gave a satisfying and completely working example. Some have suggested using this plugin but I can't see it working in my case.
Please suggest all that you can.
Using the Disable CSP plugin actually works but it fails sometimes. This may be because the server sends the CSP header as soon as the connection between the client and server completes. I needed to toggle this plugin just before that for it to work.
That is how I got it working.
I have an app in a domain like this http://www.example.com/, but I need to replace the state to a subdomain, like this http://test.example.com/.
I'm trying to do this with replaceState like this:
history.replaceState({}, '', 'http://test.example.com/')
But in Firebug I'm getting an error:
Error: Security error
I understand this maybe is breaking Same Origin Policy. Is there a way to set the subdomain without reloading the page?
No. You can't change the origin of the page without reloading it, precisely because it would violate the same-origin policy.
i want to serve world clock into my SSL enabled website. when i use http chrome browser shows mixed content "this page include other resources which are not secure"
the clock url is: http://www.worldtimeserver.com/clocks/wtsclock001.swf?color=FF6633&wtsid=MY&
already try SSL proxy to display clock but no luck:
https://ssl-proxy.my-addr.net/myaddrproxy.php/http/www.worldtimeserver.com/clocks/wtsclock001.swf?color=FF6633&wtsid=MY&
this shows Clock fault. Undefined! Undefined.
also uploading that flash clock into web server and undefined error also occur.
is there anything should i try or any recommendation ssl enabled clock similiar to worldtimeserver to use?
updates:
javascript looks nicer http://randomibis.com/coolclock/
thanks to Graham
I don't know what proxy you're using, but it's entirely possible that you need to escape the "?" and "&" characters so they won't be interpreted by myaddrproxy.php and will instead be passed to the proxied URL.
https://ssl-proxy.my-addr.net/myaddrproxy.php/http/www.worldtimeserver.com/clocks/wtsclock001.swf%3fcolor=FF6633%26wtsid=MY
Buy as I say, I don't know your proxy script; you may have to experiment with how to escape special characters.
Or read the instructions from the proxy script. :-)