I need to set an HTTP response header for all pages in my site and I don't know if seam provides some hooks in a config file to do that, or? Anyone done this before?
thanks.
I could not find this documented anywhere but by playing with autocompletion in eclipse, editing pages.xml, I found that this works:
<page view-id="*">
<header name="X-UA-Compatible" value="IE=8"/>
Related
I'm setting up a Drupal API, using jsonapi. In the frontend application, we would like to get all content, regardless of content type, with one request. I came across this issue that adresses exactly that and a module has been worked on: JSON:API Cross Bundles I have already installed the module, but I cannot seem to find how to use it. I assumed that I would just be able to request /jsonapi/node to get a response with all my nodes, but that doesn't seem to be how it works. Has anyone actually used this module and can explain to me how to use it ?
Calling jsonapi/node actually works for me. I just enabled the module and it worked out of the box.
When I search my problem I find this old question.
How to find out what technology a program is using?.
Its define how to show but not how to hide ? I have several asp.net sites .Some of my sites use CKEditor and others JavaScript Libraries.
when I type my url in :
http://builtwith.com/
its show :
Is there any web.config setting or another setting not to show technology or program used by my site.I search a lot but unable to find any thing.Any help would be much appreciated .Thanks.
By default ASP.NET shouts about itself a lot. It sends HTTP headers with each response telling the world and dog what version of ASP.NET your site is hosted on and even what version of MVC you are using. Below is an example of the extra headers needlessly being sent with every request:
To fix this problem you need to do a few things. The first is to set the enableVersionHeader setting on the httpRuntime section to false.
<!-- enableVersionHeader - Remove the ASP.NET version number from the response headers. Added security through obscurity. -->
<httpRuntime targetFramework="4.5" enableVersionHeader="false" />
Then you need to clear the custom headers as shown below.
<httpProtocol>
<customHeaders>
<!-- X-Powered-By - Remove the HTTP header for added security and a slight performance increase. -->
<clear />
</customHeaders>
</httpProtocol>
for more read this post: Securing the ASP.NET Web.config
And also there is project in github which called NWebsecand NWebsec lets you configure quite a few security headers, some are useful for most applications while others are a bit more specialized. Here's the project link:
Getting started with NWebsec.
In addition to obfuscating your scripts, your website may also give away information in the form of http headers and html meta tags. For example one of my sites shows these http response headers:
Server: Microsoft-IIS/8.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
These show my site is running iis8.5 and which .net version which is the first information shown on builtwith.com. Most if not all web servers have a way of suppressing these and of course you can control the meta tags.
Also the url can contain clues as well. If you have urls that end in .aspx, .jsp, .php that is a dead giveaway. You can solve this using SEF urls or by using some sort of url rewriter for whatever server technology you are using
Please, note that there are already exact same questions about it:
StackOverflow
Nick says that if you're running apache, you can set your ServerTokens to Prod and set your ServerSignature to Off to remove the used modules from http requests. I hope you could find a similar property for your asp.net application.
Authentictech also says on behalf of gary that you can ask them to remove your sites from their lookup service on this link. Looking at that link, you (as a domain owner) can remove your sites' entries from their lookup index forever.
WebMasters
Su' says that there's a BuildWith's page that tells:
The technology has to be discoverable in either the page body, cookies
or server headers.
It also mentions Security through obscurity, but concludes that (on a security point of view) the modules' security is much more important than hiding what you're using
Assuming that you are interested on general explanations (since there might be other builtwith-like sites doing similar things):
Those kind of applications probably analyzes also hints like the html structure, the html attributes, the html meta tags, the http headers, the built url and its file extensions, and the html view state, which enables it to analyze and (given a few technology-specific patterns/standards) infer which technologies you use like asp.net, jsf, and others. So, even you could some way really obfuscate the generated script, customize the built url, and handle the http headers, I think you won't be fully able to hide the used technologies due to html structure including its attributes, meta tags and view state controls.
We use the Vaadin valo-theme and component icons like the arrow of the combobox or the icon of the datefield are missing. We tried to put font-awesome manually, but the icons are still missing. We can't explain why.
Can somebody help?
My log output is full with stuff like this:
INFORMATION: Requested resource [/VAADIN/themes/valo/fonts/open-sans/OpenSans-Light-webfont.woff] not found from filesystem or through class loader. Add widgetset and/or theme JAR to your classpath or add files to WebContent/VAADIN folder.
I'm not sure if its related to our problem.
Instead of the icons there are just this signs
We changed the Java version of the project form 1.7 to 1.6. That solved the problem.
I just had exactly the same problem.
We are using Wildfly 8.2 to deploy the application. The problem occured by enabling GZip compression for the server (following this blog post: How to enable GZIP compression in Wildfly 8.2).
Disabling it made everything work again. Currently I am still investigating why this is a problem.
I am having a small problem with my MVC 3 application. The server has GZIP compression functionality and it works great. However, from to time, we place folder with static html pages in the root of our application: /somefolder/index.html and for some reason when I navigate to this URL first time (uncompressed) it shows the page fine, but next time it comes up with an error in the browser saying "Content Encoding Error" like here:
https://encrypted-tbn2.google.com/images?q=tbn:ANd9GcS-a0WLnasCsHWHPaszTvyLoHCWO_6EtlUBxZ6-aFADBtl8QoRp
Does anyone know how to fix this? Do I need to exclude html files from compression? This folder is out of MVC3 framework, so maybe adding a route to it, or ignoring this path will fix it? Please advise, Thanks.
If someone ever encounter this:
The problem was that I had a cassette project along with GZIP functionality of the server. The minifying library was throwing an error and browser didn't know what do to with it, so it bummed out. The fix is to add this line settings.IsHtmlRewritingEnabled = false; to cassette configuration file's Configure() method.
is there any way to find if a particular request is for JS or CSS in httphandler
to improve the performance of my website i was using HttpCompress from Code Project
http://www.codeproject.com/KB/aspnet/httpcompression.aspx?msg=2544100
but since it is combining all the js it is breaking my javascript in many places...so i want to write a httphandler so that iwould be able to serve the js and css compressed.( i have already minified them using YUICompressor). i know this will cause multiple http request but in my case i have a deadline and so dont want combining of javascripts and css.
so any approach to do so???????
also i have seen in the source codes of compression module that they check if the file is already on the browser and send a 304 Not Modified response header but it is a little confusing to me so can anyone break it down as to how to proceed if i want to do the same....
i do not want whole answer just simple pointers would do...
thanks a lot
P.S i am on shared hosting and do not have access to IIS
In the example config file for HttpCompress they give two options for excluding files from being compressed: Exclusion by MIME type and Exclusion by path.
The following config file presumes that your server is serving javascript as text/javascript (something you should double check before setting).
<DCWeb>
<HttpCompress compressionType="GZip">
<IncludedMimeTypes>
<add mime="text/html" />
</IncludedMimeTypes>
<ExcludedMimeTypes>
<add mime="text/javascript" />
</ExcludedMimeTypes>
<ExcludedPaths>
<add path="~/PathToYourJavascriptFiles/" />
</ExcludedPaths>
</HttpCompress>
</DCWeb>