I have a .mobileconfig file in one URL. I am sending the Http post from xcode(When a button is clicked), the http post contains the .mobileconfig url. Can i download that file when the button is clicked ?
When it comes to serving up this file. It needs to be served up with a MIME Content-Type of application/x-apple-aspen-config. You may be able to do this by adding a line to your server's configuration or .htaccess file in the folder with:
<IfModule mod_mime.c>
AddType application/x-apple-aspen-config .mobileconfig
</IfModule>
If serving the file from within PHP, you may do something like:
header('Content-type: application/x-apple-aspen-config; charset=utf-8');
header('Content-Disposition: attachment; filename="company.mobileconfig"');
echo $mobileconfig;
Small correction: that is not "chatset", it is Charset. Be sure which charset you want:
header('Content-type: application/x-apple-aspen-config; Charset=utf-8');
header('Content-Disposition: attachment; filename="company.mobileconfig"');
echo $mobileconfig;
Related
I need some help to download email attachments from S3 bucket, email formats are MIME files. How can I read this email file and download attachment? Any good source is appreciated too
Content-Type: application/octet-stream;
name="3c1bd1393c7543cd9f38c1ff26d474ab.snappy.parquet"
Content-Disposition: attachment;
filename="3c1bd1393c7543cd9f38c1ff26d474ab.snappy.parquet"
Content-Transfer-Encoding: base64
Content-ID: <f_l6z42itv0>
X-Attachment-Id: f_l6z42itv0
after upgrading to 9.5.17 i get in the reports the following security messages:
Server Response on static files:
www.mydomain.de/typo3temp/assets/43cd7f07.tmp/2500f854.html.wrong
unexpected content-type text/html
www.mydomain.de/typo3temp/assets/43cd7f07.tmp/2500f854.1.svg.wrong
unexpected content-type image/svg+xml
www.mydomain.de/typo3temp/assets/43cd7f07.tmp/2500f854.php.wrong
unexpected content PHP content
www.mydomain.de/typo3temp/assets/43cd7f07.tmp/2500f854.php.txt
unexpected content PHP content
what does this mean?
I inspected the folder /typo3temp/assets/ - there is no folder 43cd7f07.tmp
Thanks!
The error messages you are receiving are part of a security feature that has been integrated into recent TYPO3 v9.5.17 and v10.4.2 releases, see https://docs.typo3.org/c/typo3/cms-core/master/en-us/Changelog/9.5.x/Feature-91354-IntegrateServerResponseSecurityChecks.html
Basically it means that your current server system
is evaluating files like test.php.txt (.php not at the end of the filename) still as PHP content - this can cause a security vulnerability in case somebody manages to upload a similar file (which might be considered as text/plain file, but is actually executable PHP code)
potentially remote code execution
is serving files like test.html.wrong (.html not at the end of the filename) still as text/html which triggers the browser to execute HTML tags and potential dangerous <script> tags
potentially cross-site scripting
Call for action
In case this is a live and in production server, you should adjust your web server configuration.
The fix is to limit those web server mime-type mapping only to those files having e.g. .html at the very end, like shown in this example for the Apache HTTP web server
<FilesMatch ".+\.html?$">
AddType text/html .html .htm
</FilesMatch>
Find more details and explanation in the TYPO3 security guidelines for server admins at https://docs.typo3.org/m/typo3/reference-coreapi/10.4/en-us/Security/GuidelinesAdministrators/Index.html#file-extension-handling
Update May 17th, 2020
https://gist.github.com/ohader/11d737de95895f8ca16495a8b7001c45 contains examples how to adjust an .htaccess file in case settings cannot be changed on a (shared) hosting environment.
<IfModule mod_mime.c>
RemoveType .html .htm
<FilesMatch ".+\.html?$">
AddType text/html .html
AddType text/html .htm
</FilesMatch>
RemoveType .svg .svgz
<FilesMatch ".+\.svgz?$">
AddType image/svg+xml .svg
AddType image/svg+xml .svgz
</FilesMatch>
RemoveHandler .php
<FilesMatch ".+\.php$">
# IMPORTANT: `php-fcgid` is using in THIS example
# Most probably is different for each individual configuration
SetHandler php-fcgid
# SetHandler php-script
# SetHandler application/x-httpd-php
</FilesMatch>
</IfModule>
Current handler identifier php-fcgid was identified for the example above using a phpinfo(); and searching for $_SERVER[REDIRECT_HANDLER]:
$_SERVER['REDIRECT_HANDLER'] php-fcgid
For shared hosting it can be quite hard to find out the correct handler for php.
some specialty for 1&1 Ionos, might be even special to this particular shared hosting package:
shared hosting with php 7.3 (confirmed in phpinfo), but $_SERVER['REDIRECT_HANDLER'] gives "x-mapp-php5" (not sure why, could be that the hosting is running for many years and was upgraded to php 7 and they somehow alias it for whatever reason)
The working solution for me was:
<IfModule mod_mime.c>
RemoveType .html .htm
<FilesMatch ".+\.html?$">
AddType text/html .html
AddType text/html .htm
</FilesMatch>
RemoveType .svg .svgz
<FilesMatch ".+\.svgz?$">
AddType image/svg+xml .svg
AddType image/svg+xml .svgz
</FilesMatch>
RemoveHandler .php
RemoveType .php
<FilesMatch ".+\.php$">
AddType x-mapp-php5 .php
AddHandler x-mapp-php5 .php
</FilesMatch>
</IfModule>
I had to remove both the handler/type and add them again within the filesmatch.
Took me quite a while to get this working, hope this helps.
For host-europe $_SERVER['REDIRECT_HANDLER'] was empty, php7.4:
<IfModule mod_mime.c>
....
RemoveHandler .php
RemoveType .php
<FilesMatch ".+\.php$">
# only this handler seems to work
AddType application/x-httpd-php .php
AddHandler application/x-httpd-php .php
</FilesMatch>
</IfModule>
The following solution was recommended to me by the support team of ALL-INKL.COM.
I had to contact them, because the remove statements (RemoveHandler .php) did not work.
<FilesMatch "\.(php[0-9,x]*|phtml)\.">
SetHandler text/plain
</FilesMatch>
Thanks to the ALL-INKL.COM-Support-Team
Here is some Domainfactory speciality.
Mind the ForceType directive (set your specific PHP version there). If not used, its webserver would still use mimetype-sniffing.
To be used on the bottom of the newest .htaccess template (10.4, 9.5) which includes the strict handling for .svg[z]/.htm[l] already
# DomainFactory-special:
# 1) remove mimetype-sniffing anything for PHP
# 2) force PHP 7.3 mimetype on .php files
<IfModule mod_mime.c>
RemoveType .php
<FilesMatch ".+\.php$">
ForceType application/x-httpd-php73
</FilesMatch>
</IfModule>
This works for JWEILAND, WEBGO and PHP:
<IfModule mod_mime.c>
RemoveHandler .php
RemoveType .php
<FilesMatch ".+\.php$">
SetHandler application/x-httpd-php
AddType application/x-httpd-php .php
AddHandler application/x-httpd-php .php
</FilesMatch>
</IfModule>
I try to compress my CSS and JS files, for that I set the compressionLevel in the Installtool to 9 for BE and FE. and I added following Typoscript to my setup.txt in my template:
config.compressCss = 1
config.compressJs = 1
config.concatenateCss = 1
config.concatenateJs = 1
plugin.tx_vhs.settings.asset {
fonts1 {
type = css
name = font1
path = https://fonts.googleapis.com/css?family=Istok+Web:400,700
standalone = 1
external = 1
}
styles {
type= css
name = main-style
path = EXT:my_template/Resources/Public/css/main.css
standalone = 1
}
}
Now some CSS files from extensions get compressed, but the one I add via vhs.asset does not get compressed at all.
Any idea why the compression does not work with the CSS (and JS) added via vhs.asset?
Although such an option exists in TYPO3 CMS, it is not a CMS job, but rather server's job (Apache, nginx, etc.).
So, if you have an nginx server, it can be done with following configuration (and, probably, it is already turned on in /etc/nginx/nginx.conf):
gzip on;
gzip_comp_level 6;
gzip_types text/plain text/html text/xml text/css text/javascript application/json application/xml application/xml+rss application/x-javascript;
For Apache you need a mod_deflate and following lines in your .htaccess:
<IfModule mod_deflate.c>
AddOutputFilterByType DEFLATE text/plain
AddOutputFilterByType DEFLATE text/html
AddOutputFilterByType DEFLATE text/xml
AddOutputFilterByType DEFLATE text/css
AddOutputFilterByType DEFLATE text/javascript
AddOutputFilterByType DEFLATE application/xml
AddOutputFilterByType DEFLATE application/xml+rss
AddOutputFilterByType DEFLATE application/javascript
AddOutputFilterByType DEFLATE application/x-javascript
</IfModule>
Benefits:
separation of responsibilities: server serves the assets, while CMS provides them;
more types can be compressed, not just CSS and JS;
no matter how the assets are served - TS, VHS, just linked via link or style tags - they will be always compressed;
Size of compressed data will be same in both cases (sure, depends also on compression level set), because same libraries and algorithms are used.
Try this to include your css / js :
#-------------------------------------------------
# Distribution Configuration/TypoScript/setup.ts
#-------------------------------------------------
page = PAGE
page {
# CSS files to be included
includeCSS {
myTemplate = EXT:my_template/Resources/Public/Css/main.css
}
# JS to be included (mind how other JS is included)
# includeJSFooter is also very common
includeJS {
myTemplate = EXT:my_template/Resources/Public/JavaScript/script.js
}
}
(ps: you do have to include your static template in this case)
I have installed the mod_deflate on centos. In virtual host file I have added the following
SetOutputFilter DEFLATE
SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip dont-vary
SetEnvIfNoCase Request_URI \.(?:exe|t?gz|zip|bz2|sit|rar)$ no-gzip dont-vary
SetEnvIfNoCase Request_URI \.pdf$ no-gzip dont-vary
DeflateFilterNote Input input_info
DeflateFilterNote Output output_info
DeflateFilterNote Ratio ratio_info
LogFormat '"%r" %{output_info}n/%{input_info}n (%{ratio_info}n%%)' deflate
CustomLog /var/log/httpd/deflate_log deflate
its show the compression in log also but not showing improvement in pageloading time.
Please guide for the same.
if its still not working a possible reasone will be you have not included this
LoadModule deflate_module modules/mod_deflate.so
in apache
httpd.conf
I am trying to make the iPhone cache a HTML5 web application such that I can be offline when I use it. The web application is at www.prism.gatech.edu/~gtg880f and I did not make it. I am borrowing it just to try it out.
There are only 3 files:
index.html
index.js
style.css
I modified the index.html to include <html manifest="offline2.manifest">
and <meta content="yes" name="apple-mobile-web-app-capable" /> so that it will look full screen as an offline web app.
My offline2.manifest file are as follow:
CACHE MANIFEST
index.html
index.js
style.css
debug.js
NETWORK:
CACHE:
PS: debug.js is from Jonathan Stark.
When I use firefox, it caches it properly and I was able to use the web app offline. However, it fails in both chrome and safari.
In Chrome, I get the following debug message:
Application Cache Checking event
Application Cache Error event: Invalid manifest mime type (text/plain) http://www.prism.gatech.edu/~gtg880f/offline2.manifest
I googled manifest mime type and it mentions something about .htaccess and what not and I am actually not too sure what that means. Following instructions, I went to etc/apache2/httpd.conf and change the ALLOWOVERIDE ALL from none.
That does not seem to fix anything though and I still get the same error message.
In a nutshell, what I want to be able to do is use my safari browser on iPhone to www.prism.gatech.edu/~gtg880f and save it to my home screen. Then, turn off 3G and wifi and still use the web app.
EDIT: Tried the 1st answer from roryf:
Still does not work. Am I suppose to edit the httpd.conf file in /etc/apache2/httpd.conf? I am using Mac OSX. I added it under this section
<IfModule mime_module>
#
# TypesConfig points to the file containing the list of mappings from
# filename extension to MIME-type.
#
TypesConfig /private/etc/apache2/mime.types
#
# AddType allows you to add to or override the MIME configuration
# file specified in TypesConfig for specific file types.
#
#AddType application/x-gzip .tgz
#
# AddEncoding allows you to have certain browsers uncompress
# information on the fly. Note: Not all browsers support this.
#
#AddEncoding x-compress .Z
#AddEncoding x-gzip .gz .tgz
#
# If the AddEncoding directives above are commented-out, then you
# probably should define those extensions to indicate media types:
#
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
AddType text/cache-manifest manifest # added to allow HTML5 offline caching
Try changing the file extention to something different.
I had the same problem and when I saved it as cache.manifesto - changed the .htaccess to
AddType text/cache-manifest .manifesto
and pointed it in the html files as
<html manifest="cache.manifesto" >
it wоrked just fine.
I just checked and it looks like your manifest file is still getting served as text/plain. Here are the steps you can take to fix it.
Create a new file called .htaccess in the same directory as the manifest file (sometimes the only way to create a file with a name that starts with a dot is to do so on the command line)
Edit the file and insert the following line to it:
AddType text/cache-manifest manifest
Go to http://web-sniffer.net/ and insert the path to your manifest file to confirm it's being served with the right mime type. It appears the path you need to use here is http://www.prism.gatech.edu/~gtg880f/offline2.manifest
This is what I did to achieve to work with my offline storage in mac
Open httpd.conf
Take a backup.
Find "AllowOverride" and change the Value from "None" to "All"
Somewhere close to line # 198
Options Indexes FollowSymLinks
AllowOverride None
Looks like you need to set the MIME type for .manifest files to text/cache-manifest in your Apache config, which is probably what you read about .htaccess (one way to do this).
Adding this to your .htaccess file should work:
AddType text/cache-manifest manifest
My working web app clipping duplicates the filenames in the CACHE: portion of the .manifest file. Like this:
CACHE MANIFEST
index.html
index.js
style.css
debug.js
CACHE:
index.html
index.js
style.css
debug.js
NETWORK:
I also included this in a .htaccess file in the same web server directory as the manifest:
AddType text/cache-manifest .manifest manifest
I had same troubles debugging an offline web app on an iPhone as well. The app behaved correctly in Chrome and Safari (both for Windows). A reboot on the iPhone finally did the trick. Hope this helps.
Or, you could simply make a file called: manifest.php and put this content in it;
<?php
header('Content-Type: text/cache-manifest');
echo "CACHE MANIFEST\n\n";
echo "CACHE:\n";
$hashes = "";
$dir = new RecursiveDirectoryIterator(".");
foreach(new RecursiveIteratorIterator($dir) as $file) {
if ($file->IsFile() &&
$file != "./manifest.php" &&
substr($file->getFilename(), 0, 1) != ".") {
echo $file . "\n";
$hashes .= md5_file($file);
}
}
echo "\n# Hash: " . md5($hashes) . "\n";
?>