I am simplifying my question:
When I route all my .aspx pages on my web app root the following way in global.asax:
routes.MapPageRoute("RootPages", "{file}", "~/{file}.aspx");
it all works fine as far as the routing goes, but none of my requiredfieldvalidators are firing anymore, it just does a full postback without validating my fields. When I remove the above code from the validators work again.
Can someone please verify if they are getting the same problem, or am I doing something wrong?
*When you test this please make sure you do a hard refresh (CTRL-F5) on your browser screen after you add or remove the code. BTW I have tested this on IE, FireFox and Chrome, they all behave the same way.
Thank you,
The answer it in this piece of code that needs to be added to the global.aspx:
routes.Ignore("{resource}.axd/{*pathInfo}");
please refer to this article for more details:
article
I hope this may help someone, I'd spent over too days scratching my head over this.
Related
I'm doing a CTF activity that I have been working on for the past week and I cannot seem to figure out what is going wrong. To break it down it goes something like this:
It is an application that consist of 3 tabs, "Balances", "Transactions", and "Payments"
Everytime you click on one of those tabs, information is displayed which comes from an API.
But the API call for "Balances" is broken, when it is requested, nothing shows up under the Balance tab and it returns a 404 resource not found error.
So far I've used cURL to try and talk to the API through that and made sure there was no errors in the spelling of the requested site but still no luck.
I would appreciate it if someone could guide me in the right direction or maybe suggest an approach to take instead of giving out what to do step for step which would be much appreciated :).
Edit: The API call is intentionally broken, the challenge is to figure out why it is broken and how to fix it.
Thanks!
kek just solved this very challenge.
Have you considered that the "Cyber Gang" (context of the challenge) may have changed the endpoint from balances to something else?
Considering that you get a 404 balance from curling get-balances, perhaps you could figure out a way to find other subdomains :)
I am trying to open jsfiddle to see demos for some questions on StackOverflow or any other place, but when I open it and it opens normally, but the place where it has to run says this message:
fiddle.jshell.net’s server IP address could not be found.
Screen Shot
I tried to create my own fiddle and trying in different browsers(I use chrome), but the same problem happened. This is really annoying since jsFiddle is everywhere. Thanks for help.
This maybe late but, earlier I had the same problem.
But, I hope that this will help future visitor.
I fixed it just by :
Checking my Proxy
Using VPN
if you tried other ways but not working try these:
-Clearing browser cache.
-Using VPN ( browsec extension is the best).
-reinstalling the browser.
I need a little help here, i hope someone here can help me for a hint or clue.
First of all, I'm not programmer. I'm just web admin who can use cms and basic html.
I was using PrestaShop for my online shop. In the backend, I can't upload new product image anymore.
The error just blank without any sign for me. Here for the screenshot:
I appreciate it, if someone can help me, thanks, and sorry for my english.
#PanjiWiyono This errors don't really give us a quality information, but this is a start. In your JS code should be a ajax query that has an error when converting results to json (first error). You should check what's the exact error that this request is returning by inspecting in browser developer console.
If you detect that the second error is in fact, the response of this ajax query, well now we almost have the problem.
The second error should be related to data size. Check this: Error while sending QUERY packet
Anyway, you should check DbPDO.php class. You can use debug_backtrace function to display the complete stack, but definitly if error is related to a basic PHP class issue you will have not help knowing wich classes are in calling stack.
Good luck.
Simple solution
maybe a extra module is in a conflict with the prestashop core files. go to advanced parameters, performance and disable third party modules and try again.
other option is reupload admin folder with other name and
js folder check again
hope it will work for you
I'm trying to a CSRF protection to an existing MVC4 web application which uses DevExpress grids. I've added the Html.AntiForgeryToken() into the forms on the aspx pages (which contain ascx as partials containing the grids) and can see the __RequestVerificationToken and it's value clearly in developer tools when a save is called.
I've tried commenting out all my ValidateAntiForgeryToken attributes bar one - I went with the delete post method for simplicity (And also to eliminate the DevExpress grids messing with it) and I still keep coming up against this error:
There was a HttpAntiForgeryException
Url: http://localhost:54653/Users/Delete/f86ad393-0039-44e8-beed-a66dbab9266e?ReturnURL=http%3A%2F%2Flocalhost%3A54653%2FUsers
The exception message is
The required anti-forgery form field "__RequestVerificationToken" is not present.
Does anyone have any idea why this might be happening? Could it be that the error is non-descriptive and it's actually that the token doesn't match rather than that it doesn't exist? In previous answers to this question people just say "oh, you have to add the token," which is obviously not helpful here.
Are you submitting the form manually through Ajax? If that's the case, you need to pass the anti forgery token as another parameter with the name "__RequestVerificationToken".
Point 1 : Make sure if your application is has https secure protocol. Please load in https.
Point 2 : In case of DevExpress you have to call in the below pattern.
ViewContext.Writer.Write(Html.AntiForgeryToken().ToHtmlString());
After struggling with this for days I had a thought - maybe the browser is stopping the cookie being written. I did a search for dev servers and cookies not being written, and found that with Chrome and IE10 and up that there's problems writing the cookies.
I downloaded Firefox and tried it with that and it worked instantly. I then reapplied all the validate attributes to the all the controller methods and the all worked, every single one of them! Even the DexExpress postbacks seem to be working correctly.
I'll carry out more exhaustive testing, but for now, I think we're there.
Not exactly. If MVC AntiForgeryToken is already defined on page where you are using MvcxGridView and you want to protect grid actions you should send this token back to server during grid client side begin callback event.
settings.ClientSideEvents.BeginCallback = "function(s,e) { e.customArgs[\"__RequestVerificationToken\"] = $('input[name=\"__RequestVerificationToken\"]', $(s.GetMainElement())).val(); }";
We have one page that is causing the Session_start to run and I cannot figure out why. Anytime home.aspx is called, Session_start in global.asax is called and a new sessionid is created.
The sessionid looks to be created right when session_start is called. I think that is normal. I just don't know why it is called all from this page.
Home.aspx uses a different master page than the others. I have not found anything in it that is causing this. I checked the Response.Redirect calls, because others have indicated that could be the issue. I found none being called.
Using firebug, I found this:
Server Microsoft-IIS/5.1
.
.
Location /ent4_sql/(S(unfzfplfp5ltgxcrtpt2bk3f))/Home.aspx?_TSM_HiddenField_=ctl00_ctl04_HiddenField&_TSM_CombinedScripts_=%3b%3bAjaxControlToolkit%2c+Version%3d4.1.40412.0%2c+Culture%3dneutral%2c+PublicKeyToken%3d28f01b0e84b6d53e%3aen-US%3aacfc7575-cdee-46af-964f-5d85d9cdcf92%3ade1feab2%3af9cec9bc%3aa67c2700%3af2c8e708%3a8613aea7%3a3202a5a2%3aab09e3fe%3a87104b7c%3abe6fb298
The session in the url is different than the one that is displayed in the browser address bar. The browser seems to always keep the original.
From searching the web, this issue seems to be one that doesn't really have a direct answers. I am just out of things to look for. Any suggestions would be helpful.
Update***
Using fiddler, I found that the system is actually going to ent4_sql/Home.aspx?.....
Notice the session is not in the URL
That displays a page
<html><head><title>Object moved</title></head><body>
<h2>Object moved to here.</h2>
</body></html>
and seems to redirect whatever is calling that to a url with session. I am trying to find more information on if others have seen the AjaxControlToolkit doing this.
The problem had to do with the Ajax Control Toolkit and cookieless sessions, as expected. Here is an issue reported in 2009 dealing with the same problem. Fix is now included on the issue
http://ajaxcontroltoolkit.codeplex.com/workitem/23443