I have an ember/ember-cli application that I am upgrading from 1.10 to 1.12. This application uses an API that runs on port 8000 in development. I have the following environment.js:
module.exports = function(environment) {
var ENV = {
modulePrefix: 'myapplication',
environment: environment,
baseURL: '/',
locationType: 'auto',
EmberENV: {
FEATURES: {
}
},
contentSecurityPolicy: {
'default-src': "'none'",
'script-src': "'self'",
'font-src': "'self'",
'img-src': "'self'",
'style-src': "'self'",
'media-src': "'self'"
},
APP: {}
};
if (environment === 'development') {
ENV.APP.API_NAMESPACE = '';
ENV.APP.LOG_VIEW_LOOKUPS = true;
ENV.contentSecurityPolicy['connect-src'] = "http://localhost:8000";
}
if (environment === 'test') {
// [snipped]
}
if (environment === 'production') {
// [snipped]
}
return ENV;
};
So this worked before, but now, when a request is made to the API, it is being made to port 4200, so returning as not found.
The crossdomain.xml has the following:
<site-control permitted-cross-domain-policies="none"/>
but changing this to "all" didn't help. It seems that ember-cli-content-security-policy has been updated from 0.3.0 to 0.4.0, incidentally.
EDIT
After proxying ember serve --proxy http://localhost:8000 I get the following error:
Content Security Policy violation:
{
"csp-report":{
"document-uri":"http://localhost:4200/",
"referrer":"",
"violated-directive":"connect-src http://localhost:8000 ws://localhost:35729 ws://0.0.0.0:35729 http://0.0.0.0:4200/csp-report",
"effective-directive":"connect-src",
"original-policy":"default-src 'none'; script-src 'self' localhost:35729 0.0.0.0:35729; font-src 'self'; img-src 'self'; style-src 'self'; media-src 'self'; connect-src http://localhost:8000 ws://localhost:35729 ws://0.0.0.0:35729 http://0.0.0.0:4200/csp-report; report-uri http://0.0.0.0:4200/csp-report;",
"blocked-uri":"http://localhost:4200/myapp",
"source-file":"http://localhost:4200/assets/vendor.js",
"line-number":9827,
"column-number":10,
"status-code":200
}
}
I believe you need to add multiple hosts, one for port: 8000 and port: 4200
Related
I just finished my project in Strapi and deployed in AWS, when I run my Public ipv4 :1337 says: 'server is running successully' but when I want to log in admin panel just spinning and not showing panel.
server.js
module.exports = ({ env }) => ({
host: env('HOST', '0.0.0.0'),
port: env.int('PORT', 1337),
cron: { enabled: true},
url: env('URL', 'http://localhost'),
admin: {
auth: {
secret: env('ADMIN_JWT_SECRET', 'MY_JWT_SECRET'),
},
},
});
I want to set token to cookies after user logged in on the website.
I found this apollo-server-plugin-http-headers package.
So I'm trying to do this in my resolver.
async loginUser(_, { loginInput }, context) {
...
const token = generateToken(user);
context.setCookies.push({
name: "cookieName",
value: token,
options: {
httpOnly: true,
maxAge: 3600,
path: "/",
sameSite: true,
secure: true
}
});
console.log(context, 123)
return {
...
token
}
In setting up apollo server in
const httpHeadersPlugin = require("apollo-server-plugin-http-headers");
const server = new ApolloServer({
typeDefs,
resolvers,
plugins: [httpHeadersPlugin],
context: {
setHeaders: new Array(),
setCookies: new Array(),
}
});
I'm checking browsers cookies tab, in Chrome application -> cookies, but nothing is set there. I'm not sure what am I doing wrong? Maybe there is another way to do it?
All the help will be much appreciated
You cannot set the cookie option secure for localhost, i.e. in development mode. Try setting secure: process.env.NODE_ENV === 'production'
That is:
context.setCookies.push({
name: "cookieName",
value: token,
options: {
httpOnly: true,
maxAge: 3600,
path: "/",
sameSite: true,
secure: process.env.NODE_ENV === 'production'
}
});
Trying to do cookies with schema stitching was a bear for me to figure out. For a deeper dive you can check out this repo which uses the apollo-server-plugin-http-headers plugin.
I am working on an ember app ( Ember 2.11.0 ). Here is my content security policy settings:
contentSecurityPolicy: {
'default-src': "'none'",
'script-src': "'self'",
'font-src': "'self'",
'connect-src': "'self' 'localhost:4200' 'some-url'",
'img-src': "'self'",
'style-src': "'self' *",
'media-src': "'self'"
}
I am getting the following error when I try to make the following XMLHttpRequest:
XMLHttpRequest cannot load url-to-sccess. No
'Access-Control-Allow-Origin' header is present on the requested
resource. Origin 'http://localhost:4200' is therefore not allowed
access.
Any suggestions?
I am unable to deploy my ember application in Firebase. I can only see the welcome page of Firebase hosting:
You're seeing this because you've successfully setup Firebase Hosting. Now it's time to go build something extraordinary!
I have installed the EmberFire add-on, as well as the Firebase tool.
My config file looks like this:
module.exports = function(environment) {
var ENV = {
modulePrefix: 'sample',
environment: environment,
rootURL: '/',
locationType: 'auto',
firebase : {
apiKey: 'xxxxxx',
authDomain: 'xxxxx',
databaseURL: 'xxxx',
storageBucket: 'xxxxx',
messagingSenderId: 'xxxxx'
},
EmberENV: {
FEATURES: {
// Here you can enable experimental features on an ember canary build
// e.g. 'with-controller': true
}
},
APP: {
// Here you can pass flags/options to your application instance
// when it is created
}
};
if (environment === 'development') {
// ENV.APP.LOG_RESOLVER = true;
ENV.APP.LOG_ACTIVE_GENERATION = true;
ENV.APP.LOG_TRANSITIONS = true;
ENV.APP.LOG_TRANSITIONS_INTERNAL = true;
ENV.APP.
LOG_VIEW_LOOKUPS = true;
}
Firebase.json:
{
"database": {
"rules": "database.rules.json"
},
"hosting": {
"public": "dist",
"rewrites": [
{
"source": "**",
"destination": "/index.html"
}
]
}
}
I have built the app and deployed using following commands:
ember build --prod
firebase login
firebase init
firebase deploy
Thanks in advance :-)
When you initialise your ember.js app with firebase init command for the first time, you will be prompted that
? File dist/index.html already exists. Overwrite? (y/N)
respond with No. Responding with yes will allow the default firebase hosting welcome page override your ember app index.html file, which is why you are still greeted with the firebase hosting welcome page.
For an HTTP test I've got these providers ..
providers: [
MockBackend,
BaseRequestOptions,
{
provide: Http,
useFactory: (pBackend: MockBackend, pOptions: BaseRequestOptions) => {
return new Http(pBackend, pOptions);
},
deps: [MockBackend, BaseRequestOptions]
}
]
I can mock a success response ..
let backend = injector.get(MockBackend);
backend.connections.subscribe(
(connection: MockConnection) => {
connection.mockRespond(new Response(
new ResponseOptions({
body: {mydata:'somedata'}
}
)));
});
and an error response ..
let backend = injector.get(MockBackend);
backend.connections.subscribe(
(connection: MockConnection) => {
connection.mockError(new Error('error'));
});
but please, how do i mock a non 200 response. E.G. how do I respond with HTTP status code 418 for example?
Thanks
Just add a status property to the ResponseOptions
new ResponseOptions({
body: {mydata:'somedata'},
status: 418
})
See the docs for other properties