I am facing a cookies problem in my website , I am using Scala with Play Framework 2.2.0.
If user replaces cookies with another user's cookies it works there i want to stop that please give me any solution.I have changed and modify in application.conf file with all security but i did not get any effect in my application.
If there is any type of trick or logic behind it please tell me.
As shown in the documentation it is just a config change https://www.playframework.com/documentation/2.8.x/SettingsSession.
Note: problems with deserialization might occur.
Related
I have a project on a 2.7.3 version of Scala Play framework. I need to address being able to set a cookie's Samesite value to 'None'. Currently in 2.7.3 you can only set to 'Lax' or 'Strict' via an enumeration. The ability to set the value to 'None' has been backported for 2.7.x but not yet released.
I need to address this now and can't wait for a future release. I am having a hard time figuring out how to accomplish setting a Cookie's Samesite value to 'None' within the given framework.
In order to modify the response result in a filter, I see I could call result.withCookie() which takes one or more play.api.mvc.cookie. I've tried to extend and modify play.api.mvc.cookie but the Samesite class is sealed abstract inside the Cookie class.
I thought I might be able to use an Essential Filter or an Action to modify the cookie right before the response goes out but don't see a way to get at an existing CSRF cookie or the Play_Session cookie and modify it.
Any ideas?
I think the workaround for this is probably to either use a proxy as #rowan_m mentions. Fortunately Lightbend got back to me and will be releasing their 2.8 version very soon - which I verified in the RC solved the issue using config settings: https://github.com/playframework/playframework/pull/9613#issuecomment-555305142
I am making a Firefox Extension and I want to log the errors/messages/exceptions produced by the extension code using Sentry.
I tried the JavsScript Raven client but I guess its not really made to live inside the "Content" context.
The error I get is: message = "debug" is read-only, but my actual question is, how do I go about integrating Sentry in a Firefox Addon?
PS: No, this wont go into general distribution, my api keys are safe.
What I did was just to omit calling .install() and just use the error/message reporting.
There will be no automatic catching and source code but it works for my purposes.
very new at this. Could someone tell me what is the best method of submitting a form when using phonegap and JMQ? What I want to be able to do is passing the form data to a php file and then having the results passed back into app so that the user isnt directly accessing the php file at any point.
I found the following page link which basically does what I want but I keep getting "Origin null is not allowed by Access-Control-Allow-Origin" when testing out the code. So I'm guessing this will only work if the app is located on a server also?
Any happy would be great. thank <3
To test your solution on the computer you need to launch chrome from the terminal with the argument --disable-web-security. See this answer: Disable same origin policy in Chrome
In your Phonegap application you add a line of code to your config.xml in the www-folder: <access origin="*.yourdomain.com" />. Build, and you are now allowed to request all domains and subdomains from yourdomain.com. For more details on whitelisting see http://docs.phonegap.com/en/3.0.0/guide_appdev_whitelist_index.md.html#Domain%20Whitelist%20Guide
You are not able to make post through the local files, so Yes, you need to have it running in a Web Server.
But if you deploy your application, it should work either in a emulator or in your device.
Could anybody help me to understand this issue?The problem is:
I have a two versions of my application that work in parallel. This means that I have sessions already started in one application that I should use in another app.
First version uses PHP sessions ($_SESSION with custom handlers) and second version of application built on Zend Framework and it should use Zend_Session.
So when I try to create new Zend_Session_Namespace("default") instance I get an error that session was already started and it's true.
So the question is — can I initialize Zend_Session object with the data already stored in PHP $_SESSION?
I had similar problem, and figured it out form zend site,
This worked for me:
in .htaccess file do:
php_value session.auto_start 0
For ref check: http://framework.zend.com/manual/en/zend.session.advanced_usage.html
Hope it helps
Ok, I solved this issue, and in case of me the solution is:
In old version I push member's ID into cookie
In new version I fetch that ID and use different sessions system with own handler.
The one thing that may up security and may help avoid collisions it's check member's email using pubcookie.
Hope my solution helps someone.
I am creating an FW/1 based plugin for Mura CMS, and after I installed it I was getting permanent redirect errors in my browser. I noticed that my URL which should be /plugins/studentms/?action=admin:main.default was being turned into /plugins/studentms/?action=admin%3Amain.default. I don't know what I might have set that is causing that. The template for the FW/1 plugin by Steve Withington works just fine, and when I was developing my app as a normal FW/1 application it worked fine.
If I try to go straight to either the root of the plugin (/plugins/studentms) or directly to the proper URL then it redirects to the URL encoded format.
Anyone have any ideas as to what would cause that?
PS I have tried in multiple browsers.