Is there a way to use relative paths in substitution instead of absolute ones?
I want to write this, which doesn't work:
service {
password = "qwerty"
url = "http://example.com?user=John&password="${password}
}
Works only this case:
service {
password = "qwerty"
url = "http://example.com?user=John&password="${service.password}
}
Related
Hello and thank you for your help.
Sadly support over at CF does not think they need to help me.
I am learning to use workers, and have written a simple HTML injector just to see it working on my site.
this is the full worker code i have:
async function handleRequest(req) {
const res = await fetch(req)
const contentType = res.headers.get("Content-Type")
console.log('contentType: ', contentType)
// If the response is HTML, it can be transformed with
// HTMLRewriter -- otherwise, it should pass through
if (contentType.startsWith("text/html")) {
return rewriter.transform(res)
} else {
return res
}
}
class UserElementHandler {
async element(element) {
element.before("<div class='contbox'><img src='https://coverme.co.il/wp-content/uploads/2020/01/covermeLOGO-01-1024x183.png' style='width:200px;margin:20px;'><h1>testing inserting</h1></div>", {html: true});
// fill in user info using response
}
}
const rewriter = new HTMLRewriter()
.on("h1", new UserElementHandler())
addEventListener("fetch", event => {
event.respondWith(handleRequest(event.request))
})
it just uses element.before to inject some HTML.
in the worker preview pane i can see it!
but on the live site = nothing.
this is the active URL: [https://coverme.co.il/product/%D7%A0%D7%A8-%D7%91%D7%99%D7%A0%D7%95%D7%A0%D7%99-tuberosejasmine/]
these are the 4 routes i have set up to try to catch this, with and without encoding the letters:
coverme.co.il/product/נר-בינוני-tuberosejasmine/
*.coverme.co.il/product/נר-בינוני-tuberosejasmine/*
https://coverme.co.il/product/%D7%A0%D7%A8-%D7%91%D7%99%D7%A0%D7%95%D7%A0%D7%99-tuberosejasmine/
*.coverme.co.il/product/%D7%A0%D7%A8-%D7%91%D7%99%D7%A0%D7%95%D7%A0%D7%99-tuberosejasmine/*
thanks in advance!
I believe the problem here is that you've configured your routes to match "נר-בינוני" unescaped, but the browser will actually percent-encode the URL before sending to the server, therefore the route matching actually operates on percent-escaped URLs. So the actual URL is https://coverme.co.il/product/%D7%A0%D7%A8-%D7%91%D7%99%D7%A0%D7%95%D7%A0%D7%99-tuberosejasmine/, and this does not match your route because %D7%A0%D7%A8-%D7%91%D7%99%D7%A0%D7%95%D7%A0%D7%99 is not considered to be the same as נר-בינוני.
EDIT: Unfortunately, using percent-encoding in your route pattern won't fix the problem, due to a known bug. Unfortunately, it's just not possible to match non-ASCII characters in a Workers route today. We intend to fix this, but it's hard because some sites are accidentally dependent on the broken behavior, so the fix would break them.
What you can potentially do instead is match against coverme.co.il/product/*, and then, inside your worker, check if the path also has נר-בינוני-tuberosejasmine. If it does not, then your fetch event handler should simply return without calling event.respondWith(). This will trigger "default handling" of the request, meaning it will pass through and be sent to your origin server like normal. (Note that you will still be billed for a Workers request, though.)
So, something like this:
addEventListener("fetch", event => {
if (event.request.url.includes(
"coverme.co.il/product/נר-בינוני-tuberosejasmine/")) {
event.respondWith(handle(event.request));
} else {
return; // not a match, use default pass-through handling
}
})
I need to get the CN of a client certificate in NGINX to append it to the proxy headers.
I already found the following map code for this.
map $ssl_client_s_dn $ssl_client_s_dn_cn {
default "";
~/CN=(?<CN>[^/]+) $CN;
}
But sadly it only returns an empty string for the following $ssl_client_s_dn:
CN=testcn,O=Test Organization
I tested it with other DNs, too. But the problem is always the same.
The pattern you use requires the legacy DN, since it assumes the / to separate the RDNs. So (since nginx v1.11.6) the following works:
map $ssl_client_s_dn_legacy $ssl_client_s_dn_cn {
default "";
~/CN=(?<CN>[^/]+) $CN;
}
With $ssl_client_s_dn_legacy: /O=Test Organization/CN=testcn
As #christof-r mentioned, your regex matched with the legacy DN pattern. Please use this regex to match with the current ( > v1.11.6) pattern.
map $ssl_client_s_dn $ssl_client_s_dn_cn {
default "";
~CN=(?<CN>[^,]+) $CN;
}
using (var repo = new Repository("path/to/your/repo"))
{
LibGit2Sharp.PullOptions options = new LibGit2Sharp.PullOptions();
options.FetchOptions = new FetchOptions();
options.FetchOptions.CredentialsProvider = new CredentialsHandler(
(url, usernameFromUrl, types) =>
new UsernamePasswordCredentials()
{
Username = USERNAME,
Password = PASSWORD
});
repo.Network.Pull(new LibGit2Sharp.Signature(USERNAME, EMAIL, new DateTimeOffset(DateTime.Now)), options)
}
i do not konw how to set arguments,when i use it,one error will show-----Unsupported URL protocol.could you tell me how to set arguments?
It depends on the url you are using.
For instance, issue 649 clearly states:
git.git supports relative URLs in remote configurations and resolves them relative to the working directory.
libgit2 currently fails with "Unsupported URL protocol".
It expects paths to be absolute.
So if your url is actually a local path, make sure it is an absolute path (and not a relative one).
As commented by 崔重阳, using an https instea of an sssh url is supported.
I've got a weird one (to me): Using Nexus 2.11.4-01 and a another piece of software (Talend) is interfacing with it.
When Talend tries to talk to Nexus it throws an error, looks like it's trying to hit a URL of the form http://servername:8081/nexus/service/local/repositories/scratch/content which throws a 403 when browsed to with Chrome.
The Nexus logs show:
2015-09-07 15:47:30,396+0000 WARN [qtp131312334-65] admin org.sonatype.nexus.security.filter.authz.NexusTargetMappingAuthorizationFilter - Cannot translate request to Nexus repository path, expected pattern /service/local/repositories/([^/]*)/content/(.*), request: GET http://servername:8081/nexus/service/local/repositories/scratch/content
For any repo that I try, now "scratch" should match the pattern and the source here (for Nexus 2.11.3 admittedly) which I found via some googleing suggests it should work too:
http://grepcode.com/file/repo1.maven.org/maven2/org.sonatype.nexus/nexus-core/2.11.3-01/org/sonatype/nexus/security/filter/authz/NexusTargetMappingAuthorizationFilter.java
private String getResourceStorePath(final ServletRequest request) {
String path = WebUtils.getPathWithinApplication((HttpServletRequest) request);
if (getPathPrefix() != null) {
final Pattern p = getPathPrefixPattern();
final Matcher m = p.matcher(path);
if (m.matches()) {
path = getPathReplacement();
// TODO: hardcoded currently
if (path.contains("#1")) {
path = path.replaceAll("#1", Matcher.quoteReplacement(m.group(1)));
}
if (path.contains("#2")) {
path = path.replaceAll("#2", Matcher.quoteReplacement(m.group(2)));
}
// and so on... this will be reworked to be dynamic
}
else {
// what happens here: router requests are formed as: /KIND/ID/REPO_PATH
// where KIND = {"repositories", "groups", ...}, ID is a repo ID, and REPO_PATH is a repository path
// being here, means we could not even match anything of these, usually having newline in string
// as that's the only thing the "dotSTAR" regex would not match (it would match any other character)
log.warn(formatMessage(request, "Cannot translate request to Nexus repository path, expected pattern {}"), p);
return null;
}
}
return path;
}
So my question is what am I doing wrong, what am I missing?
The solution is that the version of Nexus shipped with Talend 5.6 (and that it is written to interface with) is pretty ancient and that the newer versions of Nexus use a different interface.
I'm using the following function to convert paths into a valid Virtual Path:
public string GetFullPath(string path)
{
Ensure.Argument.NotNullOrEmpty(path, "path");
if (path[0] == '~') // a virtual path e.g. ~/assets/style.less
{
return path;
}
if (VirtualPathUtility.IsAbsolute(path)) // an absolute path e.g. /assets/style.less
{
return VirtualPathUtility.ToAppRelative(path,
HostingEnvironment.IsHosted ? HostingEnvironment.ApplicationVirtualPath : "/");
}
// otherwise, assume relative e.g. style.less or ../../variables.less
return VirtualPathUtility.Combine(VirtualPathUtility.AppendTrailingSlash(currentFileDirectory), path);
}
This passes all my tests other than for when the input path is a relative path, above the website directory.
For example given a currentFileDirectory of ~/foo/bar and a relative path of ../../../ I want to detect this and attempt to fix the path.
Server.MapPath is an easy way to validate either virtual or dos style paths. Validation is restricted for security reasons from validating any physical paths that are outside the web site. See my comment above.
To elaborate on Mike's answer we can validate whether a relative path attempts to go outside of the physical web site directory by:
Getting the combined path of the current path and relative path using Path.GetFullPath
Getting the file system path of the attempted path using Server.MapPath
Getting the file system path of the root of the application
Validating that the attempted path exists within the root path
Example:
var currentFileDirectory = "~/foo/bar";
var relativePath = "../../../";
var attemptedPath = Path.GetFullPath(Path.Combine(Server.MapPath(currentFileDirectory), relativePath)); // 1 + 2
var rootPath = Server.MapPath("~/"); // 3
if (attemptedPath.IndexOf(rootPath, StringComparison.InvariantCultureIgnoreCase) == -1) // 4
{
throw new Exception(string.Format("Path {0} is outside path {1}",
rootPath, HostingEnvironment.ApplicationPhysicalPath));
}