When app is running without nginx then Flask forms work fine. But when I use NGINX then i get "{'csrf_token': ['The CSRF tokens do not match.']}" error every time I try to submit the form.
What could be an issue?
I have tried:
to clear all the cookies from the browser.
submit the form while accessing an app in incognito mode.
reviewed all of the forums in stackoverflow that are related with this issue.
Nothing helped. What could be an issue here?
I found out the answer in this article: https://nickjanetakis.com/blog/fix-missing-csrf-token-issues-with-flask
Appearantly Flask does not loke (cookie likewise) to use IP addresses as SERVER_NAME parameter. So at least set it to localhost.domain or something similar and everything will be ok :)
Related
I have a personal website: https://www.${DOMAIN-NAME}.web.app (advertising my real site may annoy some people)
This web app is working fine on my devices. I sent this link to my friend and it's showing him "ERR CERT COMMON NAME INVALID" error page. He is on a very secure computer.
Here is a screenshot of the error page:
I found one solution to this along with a process to recreate this error page. I went on a new device that has never visited my web app. Then, I wrote http://www.${DOMAIN-NAME}.web.app ("http" here) and got this error page. Changing from "http" to "https" here doesn't help. However, I solved this by closing the tab, and writing https://www.${DOMAIN-NAME}.web.app on a new tab. This immediately establishes the green secure lock.
However, this didn't help my friend. Is there something that I don't know that's causing this issue? I'll await any helpful answers. Regards,
You cannot add a www. in front of a Firebase Hosting .web.app domain. That's why you're seeing invalid cert. Try just https://${DOMAIN-NAME}.web.app.
i already tried to find an answer here on nearly at any place at the web, but didn't find an answer that helped me out here - so i'm trying it here with this question:
i have to to get some information from a server in a domain, using https via indy components and the windows authentication. that's working quite fine (via IdHTTP1.Get(sURI)), the server logs are showing this (domain/user/request) and the response is always valid.
afterwards i try to post now some new values to the requested data, but this fails, since i get a "401" authenticaion error. BasicAuthentication=false, and HTTPOptions=[hoInProcessAuth,hoForceEncodeParams] via IdHTTP1.Post(sURI, Req_Json), where Req_Json is a UTF-8 encoded TStringStream. Now (and only when trying to POST) the IdHTTP1Authorization event is triggered twice, even if I do a handled=true there (read somewhere in a forum) it fails, if I do nothing there I get the same result: 401. There were some tips about the IdHTTP1SelectAuthorization event, but with that I had no luck, too.
Any ideas, where to start to get this solved? If there are any questions open, don't hesitate to ask!
p.s.: trying to post the same information via postman works correctly - so i guess it's about delphi/indy ...
I've been using Postman in my app development for some time and never had any issues. I typically use it with Google Chrome while I debug my ASP.NET API code.
About a month or so ago, I started having problems where Postman doesn't seem to send the cookie my site issued.
Through Fiddler, I inspect the call I'm making to my API and see that Postman is NOT sending the cookie issued by my API app. It's sending other cookies but not the one it is supposed to send -- see below:
Under "Cookies", I do see the cookie I issue i.e. .AspNetCore.mysite_cookie -- see below:
Any idea why this might be happening?
P.S. I think this issue started after I made some changes to my code to name my cookie. My API app uses social authentication and I decided to name both cookies i.e. the one I receive from Facebook/Google/LinkedIn once the user is authenticated and the one I issue to authenticated users. I call the cookie I get from social sites social_auth_cookie and the one I issue is named mysite_cookie. I think this has something to do with this issue I'm having.
The cookie in question cannot legally be sent over an HTTP connection because its secure attribute is set.
For some reason, mysite_cookie has its secure attribute set differently from social_auth_cookie, either because you are setting it in code...
var cookie = new HttpCookie("mysite_cookie", cookieValue);
cookie.Secure = true;
...or because the service is configured to automatically set it, e.g. with something like this in web.config:
<httpCookies httpOnlyCookies="true" requireSSL="true"/>
The flag could also potentially set by a network device (e.g. an SSL offloading appliance) in a production environment. But that's not very likely in your dev environment.
I suggest you try to same code base but over an https connection. If you are working on code that affects authentication mechanisms, you really really ought to set up your development environment with SSL anyway, or else you are going to miss a lot of bugs, and you won't be able to perform any meaningful pen testing or app scanning for potential threats.
You don't need to worry about cookies if you have them on your browser.
You can use your browser cookies by installing Postman Interceptor extension (left side of "In Sync" button).
I have been running into this issue recently with ASP.NET core 2.0. ASP.NET Core 1.1 however seems to be working just fine and the cookies are getting set in Postman
From what you have describe it seems like Postman is not picking up the cookie you want, because it doesn't recognize the name of the cookie or it is still pointing to use the old cookie.
Things you can try:
Undo all the name change and see if it works( just to get to the root of issue)
Rename one cookie and see if it still works, then proceed with other.
I hope by debugging in this way it will take you to the root cause of the issue.
I'm trying to retrieve user and password from the url http://user:password#domain.com using nginx but I cannot find these variables name in nginx documentation or google.
Is there anyway to achieve this or to get the url that the user has truly typed in his browser ( i.e. http://user:password#domain.com ) ?
Many thanks for your help!
Ok, in fact my problem was related to the fact that my browser (FireFox) seems to not handle request like http://user:password#domain.com anymore.
I have tried curl and nginx successfully pass user and password to php.
#user1723580 The basic authentication in URL is working fine in Firefox event on the latest Nightly version.
Getting sporadic errors from users of a CMS; Ajax requests sometimes result in a "501 Method not implemented" response from the server. Not all the time; usually works.
Application has been stable for months. Users seem to be getting it with Firefox 3. I've seen a couple references via Google to such problems being related to having "charset=UTF-8" in the Content-type header, but these may be spurious
Has anyone seen this error or have any ideas about what the cause could be?
Thanks
Ian
You may want to check the logs of the server to see what's causing the issue. For example, it might be that these requests are garbled, say, because of a flaw in the HTTP 1.1 persistent connection implementation.
Try this
Try clearing your cookies and your cache
Type about:config into the URL bar, list of configuration settings for Firefox
Locate the setting for 'network.automatic-ntlm-auth.trusted-uris'
Set the value of names of the servers to use NTLM with.
Locate the setting for 'network.negotiate-auth.trusted-uris'
Set the value of names of the servers to use NTLM with.
network.automatic-ntlm-auth.allow-proxies = True
Restart Firefox - Test URL to application
The problem occurs as your app is not running on the same domain as your service. You need to configure your Server to accept those calls by adding the 'Access-Control-Allow-Origin' Header.