In a Symfony 5.x project I use knplabs/knp-snappy-bundle.
Having private data-folders for different users results in generating PDF-documents that require images from folders which are not publicly accessable.
When trying to generate a PDF-document with an image in such a folder knpsnappy runs into a 60 sec timeout. The Symfony log says
Guard authenticator does not support the request.
I assume something regarding the "external" tool knpsnappy calling from outside the application but from the same server but does not triggering any security definition I defined.
I am unsure on how to allow knpsnappy to access a specific route.
Maybe someone can lead me into the right direction...?
I was misslead.
The cause of the problem wasn't access rights but the way the img-pathes were defined.
knp snappy wont be able to render images with URL-routes.
I switched the pathes to be absolut server pathes and now it works.
Found the solution here:
KnpSnappyBundle and Symfony 3.4 : images and/or css cause timeout
Related
Good morning,
I'm trying to develop a smartphone application connected to an API Platform API.
I need the option to upload some files from the application.
I cannot trust those who send files.
I've followed the https://api-platform.com/docs/core/file-upload/ guidlines. Thus, I can't see how to prevent a CWE-434 vulnerability (Unrestricted Upload of File with Dangerous Type, https://cwe.mitre.org/data/definitions/434.html). I've done it myself on my system, so the vulnerability works with my configuration. I cannot believe that it was forgotten from the vichuploaderbundle. It must be something else, but I can't figure out what.
Should I write my own image handler, or is there a way to use vichuploaderbundle with safety ?
I've been searching symfony docs and SO for an explanation of what changing symfony's debug flag to true does exactly. I feel stupid for not finding it ... can anyone provide a link to the doc?
Read Working with environments for more informations about the debug.
You are right, the Symfony Documentation related to the Debug component will help for use it but not give detailed explanations about the features added to the environment.
If you use debug=true in your environment, you will get the debug-bar containig all informations related to your environment, and other features related to debug in a PHP framework.
I will list the main additional features added by enabling debug :
Toolbar added with all informations about requests, security, deprecations, translations, configuration, and errors in your current request.
Cache files are dynamically rebuilt on each request.
Enable debugging features in packages and third-party libraries based on debug (such as Twig dump)
Errors displaying are no longer managed by the debug, it's just configured in the front-controller (e.g. app_dev.php and app.php)
Informations coming from Configuration and environments
Symfony documentation is very vast and it's surely not the bigger part, but very important to know, I discover it too.
When i tried to add "Add-CORS" Assign message policy to an existing API proxy i got this Error repeatedly.
I tried to undeploy and re-deploy the App but none worked.
This is issue is because of bundle size and not because of CORS policy. Check if bundle size can be reduced. Or else please log a ticket with support to get help on the resolution of the bundle size.
It is something to do with the package size. If you are using NodeJS to develop your bundle:
Reduce your API Proxy bundle size by removing unnecessary files and un-used modules.
Import resources separately through the Management API
Run NPM install on the server through the Management API
[Replace the placeholders in URL with actual value]
See the discussion here.
We use JAWR to serve content, but would like to also make use of a CDN to distribute scripts. For instance, to use jQuery, we have:
jawr.js.bundle.jquery.id=/bundles/jquery.js
jawr.js.bundle.jquery.mappings=/js/lib/.license,/js/lib/jquery-1.8.2.js
jawr.js.bundle.jquery.productionURL=http://ajax.googleapis.com/ajax/libs/jquery/1.8.2/jquery.min.js
That works great. We get the local library in debug mode, and the one from CDN in production mode. However, let’s add:
jawr.js.bundle.bootstrap.id=/bundles/bootstrap.js
jawr.js.bundle.bootstrap.mappings=/js/lib/bootstrap-2.1.0/js/.license,/js/lib/bootstrap-2.1.0/js/bootstrap.js
jawr.js.bundle.bootstrap.dependencies=jquery
Now, upon access (not upon startup) of a page using /bundles/bootstrap.js, JAWR throws a nasty exception:
java.lang.IllegalStateException: The bundleDataHashCode must be set before accessing the url prefix.
at net.jawr.web.resource.bundle.JoinableResourceBundleImpl.getURLPrefix(JoinableResourceBundleImpl.java:560)
...
at net.jawr.web.taglib.AbstractResourceBundleTag.doStartTag(AbstractResourceBundleTag.java:68)
...
Does that mean I cannot depend on a bundle with a productionURL?
There is an open issue on JAWR about this and a thread (without any answers) in the forum. The answer (from myself) for now is:
You can use productionURL, but do not depend on these bundles. All that is broken
is the dependency mechanism. Manually adding all the necessary <jawr:.../> tags works.
I have just updated my company website and it looked fine at first. Then a few seconds after loading, I encounter this error:
System.MissingFieldException: Field not found: xxx.include.NaviBar.ASPnetMenu1.
Couple questions:
1.) Are you on a shared server that is perhaps running in a Medium Trust environment
2.) Is this a custom site or a framework, like dotnetnuke?
The missingfieldexception usually comes up when you're using reflection and are trying to access a property or method that doesn't exist. Medium Trust environments sometimes won't allow the reflection classes to be called, or the access to the functionality is limited.
http://msdn.microsoft.com/en-us/library/system.missingfieldexception.aspx