I am working on DjangoRest Framework, if I update values from the API, and see the content on the frontend, the changes are not getting reflected without server startup. For debugging, I also directly changed the value in the database, but the changes are not getting reflected either in this case too.
What could be the reason behind this? Can someone point me out in the right direction?
I read about it and someone told this is happening because of .pyc files I even deleted them. But nothing solved my issue yet.
If you need to see any screenshot or logs. I am happy to provide it. But How can i resolve it ?
Related
I'm currently developing my first app with DRF and I'm pretty impressed by it and the browsable API it has build in. However, when I change the port where I host my application (both in manage.py aswell as in the runserver command), all the buttons stop working. I can still click on links to make sure resources where created, but that's about it. I also can't log in and the POST forms don't appear, which is really the most annoying part. Moreover, when I change the port back to the default 8000, it's still broken.
Don't really know if I can post an example of this. It doesn't seem to depend on anything in the actual code. It just happens when I change the port.
So while I don't know what exactly caused it, a CTRL-reload has fixed it for now. Still pops up from time to time.
I have updated the global configuration file, I changed the cookie_path variable, and I restarted the HTTTP Server and cleared cache files from Admin Panel. But, still I get old cookie_path value on response headers.
I do not have any experience before with Joomla, please help.
Thanks.
My client gave me a copy of the site. And I was checking the real one's headers. So, there is no such a problem.
I'm in a brain-breaking problem here. I've created a nice Magento 2.1.7 installation with two websites (two stores, two domains) and somehow after a while we are unable to login the backend of Magento.
Invalid Form Key. Please refresh the page.
Now, after trying a few options, still no success. Checked core_config_data, edit max_input_vars, nothing works. The strange thing is, on the front it's still possible to checkout and do your shopping.
Anyway, I'm stumped here. Why is this happening, and how can this be fixed. Any help is welcome.
I often get this error, clearing the cookies for that site, then opening the admin panel in a new tab will resolve this.
You can recreate this error message if you double click the login button after filling out your login information.
Here are a few other reasons you may experience this issue
The form key inputs are outside of the form, you should check the html on the admin panel to check these inputs and exists and have correct values
Make sure the link you use to get to the admin page does not already have a form key in the url
Does this issue generate anything in var/log/system.log ?
Eventually, nothing helped, but what did the trick was creating a new install, setup this new install with all necessary modules (fortunately there were only four), configure the fresh installment like the old one (long live GitHub) and compare your fresh installation to the old one in the database table core_config_data. Basically reproduce your entire setup without any products in it, but just create your stores and categories.
If you spot any differences between the new installment and the old one in the core_config_data, edit them in the old one to be the same as your new one.
Next, edit your env.php with the database credentials to the old database which you've compared and edited.
And the last step, recompile, flush/clean cache and reindex.
Oh, and word of advice, if you're going to use https for your store, setup magento on https. I think something went very wrong when we've changed the base url's from insecure to secure.
I recently did a successful Django install, and everything went as expected. No errors. But, nothing shows up. It is as if I had never installed Django.
There are no errors. Checking Django/Python versions returns as expected. From the console, I can create new projects/apps, run migrations, create users, etc. Everything seems to work. Except, when I go to mydomain.com, it just loads the old site's index.html as if Django doesn't exist.
I realize the above question isn't a good question. I figured out my problem before posting the question and decided to post my answer below with the question for future reference should others have the same issue later.
After the fruitless task of deleting and recreating my project files, I eventually figured out what happened with my Django installation. I had never enabled Passenger. On the web host in this case, DreamHost, it is just a simple checkbox in the control panel to enable, but I never did.
Other than the fact that I should have remembered I need to do enable Passenger for Django to show up, a couple things should have tipped me off. There was no tmp folder with a restart.txt file. I manually added it (that file's important), but didn't stop to think about why it wasn't there. Also, the html files were loading without being in the public folder.
That gave me an hour or so of frustration today, so I thought others might google this later and find this useful. Searching for "Django site has no errors but still doesn't work" wasn't a fruitful avenue for me.
A client I'm working for has mysteriously ended up with some malicious scripting going on on their site. I'm a little baffled however because the site is static and not dynamically generated - no PHP, Rails, etc. At the bottom of the page though, somebody opened a new tag and a script. When I opened the file on the webserver and stripped the malicious stuff and re-uploaded, it was still there. How is this possible? And more importantly, how can I combat this?
EDIT:
To make it weirder, I just noticed the script only shows up in the source if the page is accessed directly as 'domain.com/index.html' but not as just 'domain.com'.
EDIT2:
At any rate, I found some php file (x76x09.php) sitting on the web server that must have been updating the html file despite my attempts to strip it of the script. I'm currently in the clear but I do have to do some work to make sure rogue files don't just appear again and cause problems. If anyone has any suggestions on this feel free to leave a comment, otherwise thanks for the help everyone! It was very much appreciated!
No it's not possible unless someone has access to your files. So in your case someone has access to your files.
Edit: It's best if you ask in serverfault.com regarding what to do in case the server is compromised, but:
change your shell passwords
have a look at /var/log/messages for login attempts
finger root
have a look at last modification time of those files
There is also a high propability that the files where altered via http by using a vulnerability of a software component you use together with the static files.
To the point about the site not having pages executing on the server, XSS is absolutely still possible using a DOM based attack. Usually this will relate to JavaScript execution outputting content to the page. Just last week WhiteHat Security had an XSS vulnerability identified on a purely “static” page.
It may well be that the attack vector relates to file level access but I suggest it’s also worthwhile taking a look at what’s going on JS wise.
You should probably talk to your hosting company about this. Also, check that your file permissions aren't more lenient than they should be for your particular environment.
That's happened to me before - this happens if they get your ftp details. So, whoever did it, obviously got ahold of your ftp details somehow.
Best thing to do is change your password and contact your webhosting company to figure out a better solution.
Unfortunately, FTP isn't the most secure...