"Content Security Policy" problem with sample web viewer app - bentley-itwin

I'm trying to create a basic app with the following command:
npx create-react-app aleapp4 --template #itwin/web-viewer --scripts-version #bentley/react-scripts
when I open the browser, the viewer does not start for security issues:
"Content Security Policy of your site blocks the use of 'eval' in JavaScript`"
I have tied to modify index.html to add a security content policy, but could not find a solution...
How may I fix ?

Related

Anyone know how to fix the new OAuth2 error when trying to authenticate a PyDrive application?

I don't think this issue is specific to PyDrive, but rather Google OAuth. However, some of the solutions I've seen on stackoverflow don't seem to be transferable over to my PyDrive application, which is just a python script to upload files programmatically to a shared drive. It worked fine 2 months ago but I tried to rerun it today and it's not working. Here is the error I'm getting:
Authorisation Error
Error 400: invalid_request
You can't sign in to this app because it doesn't comply with Google's OAuth 2.0 policy for keeping apps secure.
You can let the app developer know that this app doesn't comply with one or more Google validation rules.
Request Details
The content in this section has been provided by the app developer. This content has not been reviewed or verified by Google.
If you’re the app developer, make sure that these request details comply with Google policies.
redirect_uri: urn:ietf:wg:oauth:2.0:oob
I am using a web application OAuth 2.0 Client ID creds on GCP. All secrets are stored in a local client_secrets.json file.
I run my script, it sends a message to the console that says
Go to the following link in your browser:
https://accounts.google.com/o/oauth2/auth?client_id=blahblahblah.apps.googleusercontent.com&redirect_uri=urn%3Aietf%3Awg%3Aoauth%3A2.0%3Aoob&scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fdrive&access_type=offline&response_type=code
Enter verification code:
How it used to work: After I click the link above, it returns a code I paste into the console and then its authenticated. FYI: I plan on running this 24/7 on a remote server.
Now: I click the link above and get the error I posted above. I've tried to change the redirect uri to 127.0.0.1 and it does allow me to auth, then I get a code in my URL, but once I copy that and paste it into the console, I get more errors.
Anyone know the solution for this?

how to set a github token for github pages deploy

Until a few days ago I was deploying my html on Github pages with:
ng deploy --base-href=/documentation/
Today I get this error: "remote: Support for password authentication was removed on August 13, 2021. Please use a personal access token instead.
remote: Please see https://github.blog/2020-12-15-token-authentication-requirements-for-git-operations/ for more information.
fatal: unable to access 'https://github.com/BioComputingUP/ProSeqViewer-documentation.git/': The requested URL returned error: 403"
I have set a token on my github settings, but I don't understand how to use it to deploy my pages. How should this be done?
I discovered 2 ways:
use the token when the IDE prompt asks for the password. I have tested this end it works.
set keys. (I have not tested this).

Not able to publish my library in private repo hosted on gemfury

I am getting this error while publishing my library to gemfury.
npm ERR! 503 Service Unavailable - PUT https://npm-proxy.fury.io/<username>/#<scope>%2f<package-name>
Please ensure to use the full access token which will be available in the last tab of this page. You can also use the push token which can be generated from the second tab of the same page for added security.
Note: replace <account> in the URL with your account slug

API connect published api in developer portal can't work

https://new-console.ng.bluemix.net/docs/services/apiconnect/apic_tutorial.html#apic_tutorial_01
Follow previous link to do create loopback project named ibmsvt and do test locally, we can post and get.
then publish this api as running api app on bluemix and we will get api target url and tls file.
type url and tls in api designer invoke, and publish api product again.
check api connect service and we can find that published api product has been published, configure developer portal, and invite developers
login developer portal and register one app
subscribe app to api product and run post command.
We will see that we only get can't post error information...
Please see attachment info for error info and api file.
From the screen capture provided, it looks like you're displaying the logs for the loopback application deployed on bluemix. It also looks like the POST request from APIConnect hit the Bluemix application as well. However, I'm unable to see the exact message of the error. What error did you get when you execute the POST from APIConnect? I suspect the POST did not include the $(request.path), what did you change the invoke url to be ? Can provide the x-ibm-configuration section in your yaml file? It will be located in your /definitions.
Thanks and best regards,
I am just have the exact problem, and struggled for days on redoing the tutorial several times, but still met with the same problem until found the upper reply, and gave me a hint.
In the tutorial, it says like the following:
Update the following fields with the values you copied previously:
Invoke URL: Insert the API target URL. You must specify the secure protocol HTTPS. For example:
apiconnect-ca3283b0-525c-488d-993b-3ab72fca78d0.youremail-dev.apic.mybluemix.net
TLS Profile: Insert the API invoke tls-profile.
For example:
client:Loopback-client
The origininal URL is $(runtime-url)$(request.path)$(request.search).
And the correct URL after updating is like following:
https://apiconnect-ca3283b0-525c-488d-993b-3ab72fca78d0.youremail-dev.apic.mybluemix.net$(request.path)
no slash before $(request.path), and $(request.search) should be deleted.
I also checked a tutorial video, it also do like this, but the screen for this step is passed away very quickly, you will not pay attention to this detail normally.
https://www.youtube.com/watch?v=Qku71JLv8vA&list=PLFa8jnU0KqE2eW5E449ziaurv8obSbcou&index=3&cm_mc_uid=24774488665514672571374&cm_mc_sid_50200000=1468400063

How to Fix 401 Authentication Error when Publishing to Self-Hosted NuGet Server

I followed these instructions to host a NuGet Server (version 2.2.2) on our Intranet. It works great as far as listing the packages and retrieving them in VS 2012. But when I create a package using the Nuget Package Explorer and try to publish it I am prompted with a Windows Security dialog prompting for credentials. No matter what credentials I enter it keeps re-prompting me for a user name and password and returns a 401 authentication error. Why is the NuGet server prompting me for Windows credentials and how can I get rid of it? It only does this for publishing and nothing else.
There are one more thing apart from permissions configuration for Packages folder. In my case I have to use URL like
http://<server>/<nuget_virtual_dir>/api/v2/package/
for pushing. It was the only solution in my case.
When you use NuGet push you need to put /api/v2/package after the NuGet server URL (example http://myhost/myNuGetServer/api/v2/package)
If you use the NuGet user interface (NuGet Package Explorer) you need to put just the server url than URL (example http://myhost/myNuGetServer/)
Take care also of apikey configuration in Web.config and use it in NuGet push!
I think a found a solution (at least to my problems):
I gave up to the Nuget problem, and I focused in the ISS 401 error. Then I gave permissions to the user "IIS AppPool\DefaultAppPool" to the app's root (or your AppPool that use the app, in my case "ASP.NET v4.0"). Then it work like charm!.
More info (and good explanation about the problem): ApplicationPoolIdentity in IIS7 401 errors
You may find this SO answer helpful, as it covers how to configure credentials on a publishing workstation (or build server, but in either case it's accurate info.)