Elmah and removing sensitive info, server variables from error page - elmah

In the Elmah error log page it shows server variables. However, while it is nice to have this extra info I'd like to turn this off as it displays authorization tokens which are sensitive. Is there way to configure Elmah to turn this feature off so they aren't displayed?

I think the only way to do this will be to create a custom Log viewer. From the Elmah Project Home Page:
Use ErrorLogDataSourceAdapter together with ObjectDataSource from ASP.NET to create your own custom views of the error log, almost purely in server-side markup and without a line of code!
Also, have you considered just restricting access to viewing the Elmah logs? See Securing Error Log Pages for more details.

Related

devtools: Open response HTML in new tab

If an ajax/fetch request fails, my framework (django) displays a nice debug page, which contains a lot of useful information.
In chrome devtools I can see a preview of this debug page. But the window in the devtools is way too small.
Is there a way to open the output of the POST request in a new tab?
If I use right-button-click "open in new tab" then chrome does a GET. But the GET does not trigger the exception which I would like to debug.
I think the best you can do is recreate the scenario in Postman. Postman has a tool called interceptor which syncs cookies and captures requests from Chrome.
Postman interceptor uses a chrome extension which sends the captured requests to Postman app if you enable interceptor from the app.
But there could be security risk that the chrome extension will have Site access to all pages, maybe you can limit it by limiting the site access from extension settings(from settings>extensions>Postman interceptor):
Alternativly, if you do not want to use interceptor, then you can copy the payload(form data) and request headers from Headers section, then put them in Postman and make a request. Or you can use requests library to do the same.
How about using the full-screen mode of dev tools instead of opening in the separate browser tab?
Click on the three dots on the right-hand side of the chrome dev tools
Click on the first option (the two overlapping squares) and it would open the chrome dev tools in the full-screen mode.
Please refer to the image below.

Postman - How to see request with headers and body data with variables substituted

I am using the Postman Chrome plugin to invoke HTTP requests for software testing. I use the Environments feature with Environment and Global Variables to substitute variables in my requests headers and body.
The variable substitution is working correctly (I can tell as the responses from the HTTP Server indicate that).
However, I would like to be able to see the Request Header and Body values AFTER the variables have been substituted. How can I do that?
As of now, Postman comes with its own "Console." Click the terminal-like icon on the bottom left to open the console. Send a request, and you can inspect the request from within Postman's console.
Update 2018-12-12 - Chrome App v Chrome Plugin - Most recent updates at top
With the deprecation of the Postman Chrome App, assuming that you are now using the Postman Native App, the options are now:
Hover over variables with mouse
Generate "Code" button/link
Postman Console
See below for full details on each option.
Personally, I still go for 2) Generate "Code" button/link as it allows me to see the variables without actually having to send.
Demo Request
Demo Environment
1) Hover over variables with mouse
2) Generate "Code" button/link
3) Postman Console
Update: 2016-06-03
Whilst the method described above does work, in practice, I now normally use the "Generate Code" link on the Postman Request screen. The generated code, no matter what code language you choose, contains the substituted variables. Hitting the "Generate Code" link is just faster, additionally, you can see the substituted variables without actually making the request.
Original Answer below
To see the substituted variables in the Headers and Body, you need to use Chrome Developer tools. To enable Chrome Developer Tools from within Postman do the following, as per http://blog.getpostman.com/2015/06/13/debugging-postman-requests/.
I have copied the instructions from the link above in case the link gets broken in the future:
Type chrome://flags inside your Chrome URL window
Search for “packed” or try to find the “Enable debugging for packed apps”
Enable the setting
Restart Chrome
You can access the Developer Tools window by right clicking anywhere
inside Postman and selecting “inspect element”. You can also go to
chrome://inspect/#apps and then click “inspect” just below
requester.html under the Postman heading.
Once enabled, you can use the Network Tools tab for even more
information on your requests or the console while writing test
scripts. If something goes wrong with your test scripts, it’ll show up
here.
If, like me, you are still using the browser version (which will be deprecated soon), have you tried the "Code" button?
This should generate a snippet which contains the entire request Postman is firing. You can even choose the language for the snippet. I find it quite handy when I need to debug stuff.
Hope this helps.
I'd like to add complementary information:
In postman app you may use the "request" object to see your subsituted input data. (refer to https://www.getpostman.com/docs/postman/scripts/postman_sandbox in paragraph "Request/response related properties",
ie.
console.log("header : " + request.headers["Content-Type"]);
console.log("body : " + request.data);
console.log("url : " + request.url);
I didn't test for header substitution but it works for url and body.
Alex
You can easily check the content of requests and responses with help of the postman console.
Here is a nice short video explanation How to debug postman request explained.
You can see below the snippet of how the log will show data.
You can check above video for learning how to log custom information.
On web version, if you click code tab on the right, code snippet will appear with multiple language and format choices.
Even though they are separate windows but the request you send from Postman, it's details should be available in network tab of developer tools.
Just make sure you are not sending any other http traffic during that time, just for clarity.

InfoPath cannot call web service when uploaded to Office 365 Sharepoint

Not my normal line of questions, sometimes we've got to be flexible!
I've designed an InfoPath form that I'd like to upload to a Sharepoint site.
On my form I've got a data source that is consuming the following SOAP service
https://SharepointServer/Site/_vti_bin/UserProfileService.asmx?WSDL
I call the Operations "GetUserProfileByName" and get various information about the account looking at the form. In preview this works very well. I've got the header saying "Hello Pete" and I'm able to filter lists based on the user's data. However. When it comes to uploading the form to the server, I'm greeted with the following exception:
Warning
An error occurred querying a data source.
Click OK to resume filling out the form. You may want to check your form data for errors.
HIDE ERROR DETAILS
An error occurred while trying to connect to a Web service.
An entry has been added to the Windows event log of the server.
Log ID:5566
Correlation ID:19df2c9d-a036-2000-3929-0bce8940cf2a
Any ideas what I'm doing wrong? Is there limitations due to the way that my account details are being used on SharePoint? If so what's the work around? I'm not a full admin on the server, so I've only got access to a Sandbox site.
Any help greatly appreciated,
Pete
The issue is loopback protection. In o365, it cannot be disabled. Stupid though, there are a lot of useful web services available for information. See this link: Error message when you connect an infopath form to a sharepoint online web service

TikiWiki Login Error Message

I just finished installing Tiki Wiki on my server (standard Hostgator account), and was able to log in as an admin. I am trying to create a new file gallery, but I keep receiving this error when I fill out the gallery settings and hit the "Save" button:
Youre are not logged in. Go to the Log In Page.
Problem is, that doesn't make sense. How could I even access the admin interface to create a new file gallery if I wasn't logged in as an admin!?
Any ideas what's going on, and how to fix it?
Thanks,
Lukas
Additional information would be helpful:
- What Tiki version?
- Are you storing Tiki session info in DB or File System?
- Did you turn on Tiki error reporting, and is anything shown?
- Are there any errors in your server log?
For best support, try the Tiki forums: http://tiki.org/forums

Sitecore: We experienced a technical difficulty while processing your request. Your data may not have been correctly saved

It is throwing the following exception after submitting the data using Web form created after it is upgraded from Web Form for Marketers 2.1.0 to 2.3.0. Followed the step by step upgrade instructions.
Exception in the Log file:
6772 22:24:13 WARN Web Forms for Marketers: an exception: has occured while trying to execute an action.
Error/Warning on the UI:
Sitecore: We experienced a technical difficulty while processing your request. Your data may not have been correctly saved
However, it is saving the data to database, and when I view the report for the same form using Web Form Reports, nothing is shown.
Action Method : Save to Database
The reading/creating counters warning is covered by adding the 'Performance log users' role to the account used by the application pool as previously answered here. It seems unlikely that this is causing the WFFM error, but it's worthing getting rid of the warning, restart IIS, and try again.
This is related to smtp setup on Send Email Message action which is used on webforms for marketers.
Refer:
http://blog.arkesystems.com/post/2010/05/18/SiteCoreWeb-Forms-for-Marketers-Send-Email.aspx