making errors more generic in october cms - error-handling

I am new to coding. I am trying to create a project in october cms.
My question is regarding the error handling. The errors seem to be too informative, and telling about the file name.
For example
error example
I just want to show the error and not the file. How can this be achieved. So users won't be able to see the file names.

In order to achieve this you need to set debug inside config/app.php to false. This will render a generic page when either a 404 or 500 is hit.
These templates can then be overridden by creating a /500 (server error) and /404 (page not found) in the CMS.
From the docs:
Debug mode
The debug setting is found in the config/app.php configuration file with the debug parameter and is enabled by default.
When enabled, this setting will show detailed error messages when they occur along with other debugging features. While useful during development, debug mode should always be disabled when used in a live production site. This prevents potentially sensitive information from being displayed to the end-user.
The debug mode uses the following features when enabled:
Detailed error pages are displayed.
Failed user authentication provides a specific reason.
Combined assets are not minified by default.
Safe mode is disabled by default.
Important: Always set the app.debug setting to false for production environments.
Source: https://octobercms.com/docs/setup/configuration#debug-mode

Related

Moodle File Upload errors: An error occured whilst communicating with the server

With some Uploads in Moodle (3.9) Uploads are not successful, mainly pdf.
The message that comes up is: "An error occured whilst communicating with the server".
not successful requests show
POST /course/dndupload.php undefined
successful requests show
POST /course/dndupload.php HTTP/1.1
When a pdf is reexported with libre office for example the same pdf can be uploaded without problems.
any ideas?
Is the LibreOffice pdf smaller? It could be PHP timing out.
https://docs.moodle.org/311/en/File_upload_size#Modifying_the_php.ini_file
What is the value for max_execution_time ? You can check the PHP values here -
Site administration > Server > PHP info
Also, try switching debug to developer level and see what the error message is.
Site administration > Development > Debugging
Debug messages = Developer
Display debug messages = checked
Although be cautious changing the debug level if its a production site. If you have access to the config.php file then you can specify a user.
// You can specify a comma separated list of user ids that that always see
// debug messages, this overrides the debug flag in $CFG->debug and $CFG->debugdisplay
// for these users only.
// $CFG->debugusers = '2';
Thanks for the response, in the meantime a solution to the problem was found. On the server a measurement against log4j2-vulnerability has been implemented: https://support.f5.com/csp/article/K59329043#proc2. This caused the misbehaviour, the iRule has been removed, now it works again.

Persits ASPPDF ImportFromUrl ServerXMLHTTP Error: The request has timed out

We have a test website that uses Persits ASPPDF to build a PDF using the ImportFromUrl method. It works fine on our test domain, but when I use the same code on another domain (and crucially perhaps, a sub-domain) I get the "MSXML2::ServerXMLHTTP Error: The request has timed out." error.
This leads me to think its related to the problem outlined in
https://support.persits.com/show.asp?code=PS080709171
"the calling Active Server Page (ASP) should not send requests to an ASP in the same virtual directory or to another virtual directory in the same pool or process. This can result in poor performance due to thread starvation."
So perhaps the config of the two servers hosting the two sites (test and live) are different - and if so what would that be? - Or you can't run this method on a sub-domain? Any guidance out there please?
I've had the same issue for weeks and finally found out what the problem was. In my case, it was because I had set to True the options that allow the debug of classic ASP code, without which I could not debug using visual studio. Setting those options back to False fixed the issue.

Browsersync causes "Refused to execute inline script ... " error in SPA, if route in not root

I got the following error in my Vue SPA:
Refused to execute inline script because it violates the following Content Security
Policy directive: "default-src 'self'". Either the 'unsafe-inline' keyword,
a hash ('sha256-KpHv3zgivMSB4dPnfYfqMt2lBibsYvM36EdoBBAsfbM='), or a nonce ('nonce-...')
is required to enable inline execution. Note also that 'script-src' was not explicitly set,
so 'default-src' is used as a fallback.
This error caused by Browsersync:
First, this error occurs only if browser has been reloaded by browsersync in non-root route. For example, this error occurs in http://localhost:3001/sign-in, but never occurs in http://localhost:3001.
Next, this error occurs only in SPA, but never occurs in normal website (multiple pages, no manipulations with HTML5 history). So, I suppose, vue-router is involved.
My hypothesis about the cause is the BrowserSync was wrong. The cause is my past incomprehension how front-end routing works. Let's see what's going on in history mode of vue-router:
Once building complete, new tab in browser with route "/" will open.
Vue-router generates the routes including /sign-in.
When we go to non-root page, e. g. to http://localhost:3000/sign-in
If we make corrections in code, the project will be re-built.
Browser-sync will reload the page http://localhost:3000/sign-in. But Browser Sync does not know what he must to return for http://localhost:3000/sign-in route! It's the static server, it knows only http://localhost:3000/ and can return files relative to directory respective to http://localhost:3000. There is no file sign-in, so it error will occur.
This routes like sign-in has been created by vue-router in http://localhost:3000/ page during routing initialization, but this data will be lost on next browser reloading.
Solutions
I am sure that more than 10 approaches exists (for various project building tools), but I am satisfied with hash mode on local development mode. To enable the history mode on production and/or testing mode, the appropriate server setup required. Most likely it's possible to setup the Browser Sync to redirect like http://localhost:3000/sign_in => http://localhost:3000/.
I don't use the tools like create-vue-app, but I suppose the Webpack pre-setted somehow to avoid above issue (Webpack hot module replacement?).

Angular2 error after deployment on AWS server ""Only void and foreign elements can be self closed "head" ("[ERROR ->]<head/>"

After having finished and tested an Angular2 application on my local machine, I decided to move it to an AWS cloud server with Apache.
I cloned the sw from git but, as soon as I launched the app, I got an error on the browser console stating:
EXCEPTION: Template parse errors:
Only void and foreign elements can be self closed "head" ("[ERROR ->]<head/>
After some research I found that all of my external html templates are magically enriched with a starting <head/> tag which I do not see trace of in my code.
To fix this I had to turn off mod-pagespeed .Since I am not familiar with Apache configuration I do not know which side effects this may have and whether there is any better solution. Any help would be very much appreciated.
I believe mod-pagespeed has an option where it automatically adds a head tag to an html document if it cannot find it in the document (before the body). To turn off this feature add this to your pagespeed apache configuration (ie. in the .htaccess):
To prevent javascript alterations also forbid a couple more filters
ModPagespeedForbidFilters add_head,rewrite_javascript,rewrite_javascript_inline,combine_javascript,inline_javascript
This way you can still enjoy the rest of the mod-pagespeed features :)

IIS shows 500 Internal server error on everything

I have a shared Windows hosting account with IIS7.5 and Plesk 10.4 .
Now, when I try to visit every page, an aspx page, some php pages, or even a jpg file, it shows This error:
Server Error
500 - Internal server error. There is a problem with the resource you
are looking for, and it cannot be displayed.
This is last lines of log file: (which plesk shows for me)
2012-03-01 18:25:59 W3SVC100 H105 208.67.23.51 GET /15iya/31.jpg - 80
109.162.226.165 HTTP/1.1 Mozilla/5.0+(Windows+NT+6.2;+WOW64)+AppleWebKit/535.7+(KHTML,+like+Gecko)+Chrome/16.0.912.63+Safari/535.7 jsuid=1735775291;+_cfduid=dcb02ca5c638c5a33cf10003ae6ac2c561326405625;+_utma=117785567.65259312.1326369096.1330372520.1330376628.15;+_utmz=117785567.1327165762.11.5.utmcsr=2barnamenevis.com|utmccn=(referral)|utmcmd=referral|utmcct=/
ghiasi.net 500 19 13 1380 627 531 2012-03-01 18:26:13 W3SVC100 H105 208.67.23.51 GET / - 80 - 109.162.226.165 HTTP/1.1 Mozilla/5.0+(Windows+NT+6.2;+WOW64)+AppleWebKit/535.7+(KHTML,+like+Gecko)+Chrome/16.0.912.63+Safari/535.7 jsuid=1735775291;+_cfduid=dcb02ca5c638c5a33cf10003ae6ac2c561326405625;+_utma=117785567.65259312.1326369096.1330372520.1330376628.15;+_utmz=117785567.1327165762.11.5.utmcsr=2barnamenevis.com|utmccn=(referral)|utmcmd=referral|utmcct=/
ghiasi.net 500 19 13 1380 615 515
try check with your asp.net version enable properly in plesk
https://www.motherhost.com/help/plesk-windows-hosting/iis-shows-500-internal-server-error-on-everything/
To configure ASP.NET Settings for a site:
If you are subscribed to several hosting packages and have access to several webspaces associated with your account, in the Subscription menu at the top of the screen, select the required webspace.
Go to the Websites & Domains tab and click your website's domain name.
Click ASP.NET Settings.
Set up the strings that determine database connection data for ASP.NET applications that use databases. This option is available only for ASP.NET 2.0.x.
When you open the ASP.NET configuration screen for the first time, sample connection parameters with common constructions are displayed. You can delete them and specify your own strings.
To add a string, enter the required data into the Name and Connection Parameters input fields and click next to them.
To remove a string, click next to it.
Set up custom error messages that will be returned by ASP.NET applications in the Custom Error Settings field:
To set the custom error messages mode, select an appropriate option from the Custom error mode menu:
On - custom error messages are enabled.
Off - custom error messages are disabled and detailed errors are to be shown.
RemoteOnly - custom error messages are displayed only to remote clients, and ASP.NET errors are shown to the local host users.
To add a new custom error message (which will be applied unless the Off mode was selected), enter the values in the Status Code and Redirect URL fields, and click .
Status Code defines the HTTP status code resulting in redirection to the error page.
Redirect URL defines the web address of the error page presenting information about the error to the client.
Due to possible conflicts, you cannot add a new custom error message with an error code that already exists, but you can redefine the URL for the existing code.
To remove a custom error message from the list, click next to it.
Configure compilation settings in the Compilation and Debugging field:
To determine the programming language to be used as default in dynamic compilation files, choose an entry from Default web page language list.
To enable compiling retail binaries, leave the Switch on debugging checkbox empty.
To enable compiling debug binaries, select the Switch on debugging checkbox. In this case, the source code fragments containing error will be shown in a diagnostic page message.
Note. When running applications in debug mode, a memory and/or performance overhead occurs. It is recommended to use debugging when testing an application and to disable it before deploying the application into production scenario.
Configure encoding settings for ASP.NET applications in the Globalization Settings section:
To set an adopted encoding of all incoming requests, enter an encoding value into the Request encoding field (default is utf-8).
To set an adopted encoding of all responses, enter an encoding value into the Response encoding field (default is utf-8).
To set an encoding which must be used by default for parsing of .aspx, .asmx, and .asax files, enter an encoding value into the File encoding field (default is Windows-1252).
To set a culture which must be used by default for processing incoming web requests, select an appropriate item from the Culture list.
To set a culture which must be used by default when processing searches for a locale-dependent resource, select an appropriate item from the UI Culture list.
Set a code access security trust level for ASP.NET applications in the Code Access Security field.
CAS trust level is a security zone to which applications execution is assigned, defining what server resources the applications will have access to.
Important: When an assembly is assigned a trust level that is too low, it does not function correctly. For more information on the permissions levels see http://msdn.microsoft.com/library/en-us/dnnetsec/html/THCMCh09.asp?frame=true#c09618429_010.
Enable the usage of the auxiliary scripts in the Script Library Settings field. Specifying the script library settings is necessary if the validation web controls are used on your web site. This option is available only for ASP.NET 1.1.x.
If you need to use auxiliary scripts (specifically, scripts implementing objects for validating input data), provide the settings for .NET framework script library. To do so, enter the path beginning with the domain root directory preceded by the forward slash into the Path to Microsoft script library field, or click the folder icon next to the Path to Microsoft script library field and browse for the required location.
To initiate the auto-installation of files containing the scripts to the specified location, select the Install checkbox. If the files already exist there, they will be rewritten.
Set client session parameters in the Session Settings field:
To set up the default authentication mode for applications, select an appropriate item from the Authentication mode list. Windows authentication mode should be selected if any form of IIS authentication is used.
To set up time that a session can remain idle, type the number of minutes into the Session timeout box.
Click OK to apply all changes.
windows hosting india