I'm using AppHarbor and had a problem where none my users where being authenticated due to the fact that the CRSF (Cross-Site-Request-Forgery) check was failing.
I found out that the problem was that the custom CRSF_Header used was not being forwarded to my AppHarbor (even though other custom headers were)
It turns out that the problem is that Headers with _ (underscore) on the name are not forwarded by AppHarbor internal proxies.
The fix was then to rename the header name from CRSF_Header to CRSF-Header.
My question is: Is there another way to do this? or I have to avoid _ on headers when using AppHarbor.
Note that IIS and Cassini had no probs with these headers (so far I only had this problem in AppHarbor)
Ok I found this AppHarbor article that confirms it: http://support.appharbor.com/discussions/problems/5442-custom-http-header-not-reaching-the-application
Annoyingly AppHarbor discussion search wasn't working properly when I had this issue since I didn't saw that article when searched for it
Related
I'm having a weird issue with Apache CXF and large (375MB) MTOM attachments are empty.
Running it locally in Eclipse produces the desired results, but deploying it to our server just gives an empty attachment.
The server is written in .NET and doesn't support chunking. With Chunking enabled the client works, but when i disable cunking it fails.
Sadly i'm unable to debug on the server, so i'm restricted to trace logging.
I've tried every trick i've been able to google.
Disable schema validation (CXF-4551) (CXF-7758)
Manually copying the file to java.io.tmpdir before sending, to ensure it can be read.
Custom DataSource
Disable WS-Security
Disable logging interceptor
Nothing seems to make a difference.
Every run i just get something like the following
</soap:Body></soap:Envelope>
--uuid:40ef745b-ac3c-4013-bbe7-a9cc28880423
Content-Type: application/xml
Content-Transfer-Encoding: binary
Content-ID: <7611ca0a-22f8-4637-b4f7-a5dfe7f20b81-3#www.somewhere.dk>
Content-Disposition: attachment;name="32_2018-03-28_output.xml"
--uuid:40ef745b-ac3c-4013-bbe7-a9cc28880423
Trying with a smaller (2KB) file on the server works just fine. A 75MB file gets attached correctly, but results in a HTTP 400 from the receiver (which i suspect is because the file is not fully transferred)
Does anyone have any ideas as to what might be causing this ?
After much trial & error, i finally managed to "solve" this. I enabled schema validation, and the data now appears. This is the exact issue that both bugs in my original question claims to fix.
Client client = ClientProxy.getClient(port);
BindingProvider bp = ((BindingProvider) port);
bp.getRequestContext().put("schema-validation-enabled", "true");
I can't add a comment so I'm posting this as an answer.
Jimmy could you perhaps comment on the latest CXF issue and provide some more details? Which version of CXF, what kind of client you are using, real code samples ideally, client logs?
While downloading excel file on IE8 over SSL, we are getting error: "Unable to download Document.ashx from MyHostName.Unable to open this Internet site. The requested site is either unavailable or cannot be found. Please try again later."
We tried couple of solutions, but none of them worked except regedit(which is not viable).
1)Tried the registry edit as per http://support.microsoft.com/kb/323308 and it worked. But, this is not a viable solution.
2) Tried the solution as per this link http://support.microsoft.com/kb/815313 where they say the files will download if you ‘copy shortcut’ and run it on via the browser URL. But, this solution was not consistent and worked sometimes but mostly did not work.
3) Update our java controller code to response.setHeader("Cache-Control", " must-revalidate, private "); response.setDateHeader("Expires", -1) but still when we look at the header it shows as "cache-control: no-cache". this solution is also not working
4) Un-Check the Option to ‘Not Save Encrypted files to Disk” on IE 8 Browser. But that also not working. http://blogs.msdn.com/b/ieinternals/archive/2010/04/21/internet-explorer-may-bypass-cache-for-cross-domain-https-content.aspx and
http://support.microsoft.com/kb/2549423
also searched on internet with various options suggested as above, but none of them are working full proof.
if anyone has solution other than listed above. please do share it.
Thanks
I had the same problem and I discovered, that a header:
Pragma: private
will fix this.
Make sure that "no-store" and "no-cache" occur in your header in that order. IE8 pukes if it's reversed.
Check out the update at the end of this post: Internet Explorer Cannot Download https://something
I found that I needed to also remove the "pragma" header to make it work. Apparently, pragma is not intended for responses although I don't know if any old browsers out there require it.
Source: Difference between Pragma and Cache-control headers?
The problem is that if the server sends to the browser an http header that disables caching, Explorer gives an error. We also tried all the solutions you said without luck, but analyzing the http response we saw that the application server added no-cache= "Set-Cookie" http header automatically and it disabled IE8 caching... There is a setting that can be made on the AS but in our case we could not do it, so we changed our cookie-management code server side and we resolved the problem.
I have faced this issue and following entry resolve this problem
response.setContentType("application/vnd.ms-xls; charset=utf-8");
response.setHeader("Content-disposition","attachment;filename="+filename);
response.setHeader("Pragma", "public");
response.setHeader("Cache-Control", "public, max-age=3800");
We have scaled-out some portions of our ASP.NET app to run on one server, and other portions to run on another server (& under a subdomain).
The two servers share (SQL Server) Session. We used this MS article to create a tiny HTTP Module to sync app domain name between the two servers (sans the cookie domain code, which can be configured in the web.config. I later found this CodeProject article which is essentially the same.)
Everything's working well, except for a small issue: deployment changes or web.config tweaks require a manual app pool recycle (the auto-recycle no longer works - instead we get the "web server is currently unavailable / hit refresh" error).
I tried moving the app domain naming code from the HTTP Module into the Application_Start section of the Global.asax (maybe this is a better place for it?) - but received the same problem.
I know that one solution is to hard-code the app name in one of the SQL Server Session stored procedures; but am a bit hesitant to do this.
Edit: The app is ASP.NET 3.5 under IIS 6.0 (thanks #Chris & #bzlm)
You should check if proper Recycling Events are turned on in IIS, maybe this can help http://support.microsoft.com/kb/332088
Update. We opened a tech support case with Microsoft about this. After a week or so of back & forth, they said they had reproduced the issue in their environment and understand the cause (a timing issue deep inside the ASP.NET internals) - but that there is no resolution that they're aware of. I complained that the HTTP module is Microsoft code, but they said that this code is under "FAST PUBLISH" terms - intended to help & advise customers; yet not warranted.
Ah well. We now just manually recycle the app pool after making a web.config change.
greetings all
i am using spring security 3.0.2
and i am using apache,tomcat
i was discovering the sessions on my web app
and found out too many sessions with used time=0
and the description of one of them was something like:
Attribute name : SPRING_SECURITY_SAVED_REQUEST_KEY
Attribute value : DefaultSavedRequest[http://someStrangeWebsite.com/myappname/]
i am wondering why such a weird behaviour occurs ?
also i added a filter in the app to debug the incoming request urls
and i found out that many request urls where something like:
http://someStrangeWebsite.com/myappname/
which is also very strange to me.
can anyone help me please ?
Perhaps somebody sends HTTP requests with
Host: someStrangeWebsite.com
to your site. Since Tomcat doesn't know DNS names of the server it's running on, these requests look valid.
I have made a small log service that i want to publish to a subdomain on my webhotel. I make the wcf service and test it locally - no problem. I then go to the [Build] menu and choose [Publish], type in my FTP location and publishes it to the location. No problems.
The problem arise when i need to use it, i try to navigate to the .svc file but gets this error:
This collection already contains an address with scheme http. There can be at most one address per scheme in this collection.
Parameter name: item
What am I doing wrong?
That's because of your IIS configuration. This has already been discussed here: WCF service startup error "This collection already contains an address with scheme http"
Solved! The problem is that i cannot access the IIS configuration, since its on a hosted environment. The solution is described on my blog, since i had so much trouble getting this to work.
http://www.vikingworks.dk/post/WCF-Service-on-hosted-environment.aspx