I am trying to register middleware for all routes to protect against csrf in Slim. I have installed the files for Slim csrf protection using composer and I have added the dependency to my dependencies file, but when I try to register the middleware in my middleware file, I get an error telling me that my dependency container variable is undefined.
I am a programming newbie and do not understand how to troubleshoot things within a framework. So I have just tried fiddling with it.
Dependency in dependencies.php:
$container['csrf'] = function ($c) {
return new \Slim\Csrf\Guard;
};
Register middleware in middleware.php:
use Slim\App;
return function (App $app) {
$app->add($container['csrf']);
};
It should work, especially considering I literally did exactly what the documentation says to do in order to set this up, but when I refresh my page after I get a notice message telling me $container is not defined. Because I am completely new to using a framework I could really use some insight. Thanks.
The App is not the container itself; it holds the container, so you need to get at it first.
Try:
return function (App $app) {
$app->add($app->getContainer()->get('csrf'));
};
Note that I've also used the get() method on the container for retrieval. This is the method that PSR-11 uses and so will work with a variety of containers. Using array access to retrieve items from the container is Pimple specific.
Related
Our application is a React/Node app built with Webpack and renders server side in production. In this production scenario, the mapbox-gl package has a problem loading on the server side. I suspect this has something to do with the way mapbbox-gl.js is an already browserified library, and doesn't play well with this server side environment that is built with webpack. Below is the relevant error when I try to load the page for the first time and we don't get any of the component's html generated on the server side (though everything works when it then loads in the browser client).
The relevant line of code in mapbox-gl.js that generates the error at the top of the stack reads "module.exports=self;".
Node app is running on port 5000
ReferenceError: self is not defined
at Object.112 (webpack:///./~/mapbox-gl/dist/mapbox-gl.js?:225:29)
at s (webpack:///./~/mapbox-gl/dist/mapbox-gl.js?:1:602)
at eval (webpack:///./~/mapbox-gl/dist/mapbox-gl.js?:1:653)
at Object.110../window (webpack:///./~/mapbox-gl/dist/mapbox-gl.js?:221:25)
at s (webpack:///./~/mapbox-gl/dist/mapbox-gl.js?:1:602)
at eval (webpack:///./~/mapbox-gl/dist/mapbox-gl.js?:1:653)
at Object.24.../package.json (webpack:///./~/mapbox-gl/dist/mapbox-gl.js?:48:26)
at s (webpack:///./~/mapbox-gl/dist/mapbox-gl.js?:1:602)
at e (webpack:///./~/mapbox-gl/dist/mapbox-gl.js?:1:773)
at eval (webpack:///./~/mapbox-gl/dist/mapbox-gl.js?:1:791)
Hopefully there are some tweaks I can add to our webpack build config to make this work. Sorry there isn't a lot of info here, I'm hoping that someone has come across this problem and there might be an easy fix.
Actually, when it comes to server-side rendering, this kind of scenario is very common which is some library rely on DOM exist or browser environment.
Solution:
1. In the webpack configuration, define a variable for indicating whether the application is running on server side.
new webpack.DefinePlugin({
__CLIENT__: true
// Other global variables
}),
2. Inside the files that using the mapbox library
let mapboxGl;
if (__CLIENT__) {
mapboxGl = require('mapbox-gl')
}
3. Server side entry code
global.__CLIENT__ = false;
4. For using webpack for both client-side and server-side, using webpack-isomorphic-tools
I was facing the same problem on Nuxt.js. In order to solve this problem the mapbox package should be imported on the client side only.
Here's the code:
let mapboxgl;
// Check if the process is on the client side
if (process.client) {
mapboxgl = require('mapbox-gl');
}
I have an Eclipse RAP 2.3 application with two entry points, say /first and /second.
In the GUI of the first entry point, there is a button with which I would like to open the second entry point in a new browser tab. The event handler of that button is currently
UrlLauncher launcher = RWT.getClient().getService( UrlLauncher.class );
launcher.openURL( "/second");
This already doesn't work when the application is deployed as myapp.war in a Tomcat web server (should then be /myapp/second).
My questions:
What's the best way to determine the URL to open within the event handler?
Do I have to fetch the HttpServletRequest, get the context path and so some string manipulation?
Is it actually safe to call RWT.getRequest() at this point?
Update
According to RĂ¼diger's comment I can acquire the context path in two different ways.
The first approach is
RWT.getRequest().getContextPath();
where RWT.getRequest() is documented with
This method is not recommended
Secondly, I could obtain it with
ApplicationContextImpl ac = (ApplicationContextImpl) RWT.getApplicationContext();
String contextPath = ac.getServletContext().getContextPath();
where the IDE displays the warning
Discouraged access: The type ApplicationContextImpl is not accessible due to restriction on required library ...\org.eclipse.rap.rwt_2.3.2.20150128-1013.jar
Despite the warning, it still works when deploying a WAR file with OSGi bundles to Tomcat.
So, in both cases there is some kind of warning, which makes the solutions look rather like workarounds.
Using RWT.getRequest() is not recommended because usually RWT would shield you from the lower-level servlet API and certain direct interactions with the request could even interfere with RWTs life cycle and yield funny responses.
While in your case it would be safe to access the ServletContext via RWT.getRequest(), I recommend to use
RWT.getUISession( display ).getHttpSession().getServletContext();
to access the servlet context.
The second approach accesses internal classes that aren't part of the public API and therefore shouldn't be use. The accessed classes may change or be (re)moved in the future without further notice and break your application.
Like Rails is there any way to add custom error message to validator?
Like:
if(this.password != this.passwordConfirmation){
this.errors.add('password', {rule: 'invalid'})
}
You can create custom validations on your models. Or create custom objects and inject them into your models to resusable code. Its actually in the docs!
http://sailsjs.org/#/documentation/concepts/ORM/Validations.html?q=custom-validation-rules
You can create a custom config file for error handling. You can reach that global config object by sails.config.error for example. Advantage of this solution is, that you can access this object in services and other places, where you have no access to the res object.
Next step would be creating a policy which would pass this config error object to res.locals. Or it could be handled in a response file, but I have no experience with that.
Out of the box, Sails.js does not support custom validation messages. But there's a workaround, using hooks.
http://sailsjs.org/documentation/concepts/models-and-orm/validations#?custom-validation-rules
Says the official site.
I am using zf-boilerplate for my zend framework project. I am using the Gedmo extensions and need to get an instance of the doctrine event manager in the bootstrap.
ie. I would like to be able to do the following:
$evm = $this->getDoctrine()->getEventManager()
How can I do this?
You can access the entity manager by calling
Zend_Registry::get('em');
If you're in the middle of bootsrap, then make sure you bootstrap entity manager before accessing it.
Just like resource methods, you use the bootstrap() method to execute resource plugins. Just like with resource methods, you can specify either a single resource plugin, multiple plugins (via an array), or all plugins. Additionally, you can mix and match to execute resource methods as well.
(Zend Framework manual)
i.e. execute the code below first
// Execute all resource methods and plugins:
$bootstrap->bootstrap('doctrine');
UPDATE
Didn't notice the question was about EventManager. Use the code below in order to get access to it
Zend_Registry::get('doctrine')->getEventManager ();
Symptoms:
PumaLocator is unusable, every findXXX-method returns empty results or throws an exception because nothing was found.
Analysis:
The problem seems that, due to the ICEfaces specific architecture, the method GenericPortlet.doView is invoked only for the first time the Portlet is loaded, and not for the following (AJAX) page updates, e.g. in case of a called ActionListener.
If I use PumaLocator inside the doView-method, everything works fine.
I tried the following attempts yet:
Get the PumaLocator in doView, put it into Session and use it later - didn't work
Get the RenderRequest in doView, put it into Session and use it later to get a PumaLocator by passing that request - didn't work
I would be very glad to have any hints. Thank you!
PUMA checks the authorization for results by using information found in the Context. You must add JavaEE security roles in the deployment descriptor for the AJAX backend servlets the ICEFaces uses. As a thumb of rule if request.getRemoteUser() and request.getUserPrincipal() return something besides null you know PUMA will work. Otherwise it will NOT work and that is intended behaviour.
Alternatively you can attempt to disable the security checks of PUMA like this.