QuickTime Plugin not sending cookies - plugins

The application has a page with thumbnails. Clicking on a thumbnail calls the SetURL() javascript function on the player object.
In Safari on Windows, about 75% of the time, the plugin makes the request, sends the cookie, and life is good. The other 25% of the time, it fails to load at all half the time and when it does load, it won't loop. When it fails, we see the following requests:
127.0.0.1 - [20/May/2009:11:15:19 -0400] "GET /full/?id=1 HTTP/1.1" 302 - "-" 80 7542 0 QuickTime/7.6 (qtver=7.6;os=Windows NT 5.1Service Pack 3)
127.0.0.1 - [20/May/2009:11:15:19 -0400] "GET /denied/ HTTP/1.1" 200 3385 "-" 80 9050 0 QuickTime/7.6 (qtver=7.6;os=Windows NT 5.1Service Pack 3)
127.0.0.1 - [20/May/2009:11:15:20 -0400] "GET /full/?id=1 HTTP/1.1" 200 2639638 "-" 80 2005787 2 Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/525.27.1 (KHTML, like Gecko) Version/3.2.1 Safari/525.27.1
The first request comes directly from the plugin and the request does not contain the session cookie, so the app redirects it to the "unauthorized access" page. We then see the plugin make the request to the redirected page. Then we see the same initial request from the browser itself. That request contains the cookie so it succeeds. About half the time, the movie plays, the other half it doesn't.
As I said, if we have 10 thumbnails on a page, everything works fine for at least 7 of them so we know the plugin is actually loaded. There are no javascript errors.
I have seen similar behavior in IE, but have not been able to reproduce it consistantly.
Thoughts?

On our development servers we password protect the sites at the server level (via htpasswd).
In Firefox, the first time the SetURL() was called for a new movie, the browser would wait and pop the password alert, regardless of whether or not it was "remembered" in the keychain. Once the credentials were sent, then QuickTime would load the movie.
In Chrome, it was remembered.
IE still won't swap the file. Downloading Charles Proxy now...

Related

Running sonarqube in Docker keeps redirecting me back to login page

I've had SonarQube running for a good while but haven't used it very much but in general stuff seems to have been working. I'm running it inside Docker.
I just updated it to LTS (6.7) and after that it seems to have gone into some limbo state. I'm able to log in and browse the website but as soon as I try to perform some operation (seems to not matter what that operation is), I get redirected to the login page. If I log in again, everything repeats. So I'm unable to actually perform any action it seems.
At first I thought this had to have something to do with old data conflicting with the new setup. So I cleaned everything out and set it up from scratch. The problem remains, I'm unable to do anything and get redirected to the login page every time.
For example, after the clean setup, I log in with admin/admin and I get the "first time tutorial" where I'm offered to create a token. I tried to do that but get directed to the login page. I log in again and this time I try to skip the tutorial but then I get redirected to the login page. Below is a part of the access.log for when I try to skip the tutorial:
10.3.1.119 - - [16/Nov/2017:00:12:48 +0000] "POST /gor-sq/api/users/skip_onboarding_tutorial HTTP/1.0" 401 - "https://build.acme.com/gor-sq/projects" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36" "AV/CJhNZndR3RsZuAAA4"
10.3.1.119 - - [16/Nov/2017:00:12:48 +0000] "GET /gor-sq/api/users/identity_providers HTTP/1.0" 200 24 "https://build.acme.com/gor-sq/sessions/new?return_to=%2Fgor-sq%2Fprojects" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36" "AV/CJhNZndR3RsZuAAA5"
10.3.1.119 - - [16/Nov/2017:00:12:48 +0000] "GET /gor-sq/api/navigation/global HTTP/1.0" 200 573 "https://build.acme.com/gor-sq/sessions/new?return_to=%2Fgor-sq%2Fprojects" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36" "AV/CJhNZndR3RsZuAAA6"
The first line indicates that the POST is getting a 401 response. Without being absolutely certain, it does look like it's the POST operations that are getting 401 responses while GET works.
This setup does sit behind a reverse proxy but as I said before, the setup has been working fine before and no changes have been made to the reverse proxy setup.
Hope I am not so late. I had the same issue. What worked for me is the deleting cookies from the browser and everything else works like a charm.
I had the same issue.
https://myserver.com/sonar/api/users/skip_onboarding_tutorial
I got 401 and I was redirected to the Login page. I looked at the source code and request.ts was erroring out at line 108.
submit(): Promise<Response> {
const { url, options } = this.getSubmitData({ ...getCSRFToken() });
return window.fetch((window as any).baseUrl + url, options);}
Looked like an issue with the CSRFToken. Since I have Sonarqube running behind a Nginx Reverse Proxy, there might have been something to do with the way I was handling the cookies.
So when I looked a little bit, I found the solution here:
https://stackoverflow.com/a/47909810/3221249
Basically, they changed the way you handle secure cookies after v6.0. Since I was making the cookie secure and httponly to true(not letting the client browser interact with the js code) I was having the above issue. I was doing this even before my non-ssl traffic hits Nginx. I have another proxy server running HAProxy which was handling this so I commented that part of the definitions.
#rspirep ^(Set-cookie:.*) \1;\ Secure if ! secure
#rspirep ^(Set-cookie:.*) \1;\ httponly
I hope this helps you.

Dispatcher not showing results from an AJAX call to an OSGi bundle

In my project, we have a component that includes a JavaScript file & in that file, we are making an AJAX call to a Servlet (defined in an OSGi bundle).
When the package is installed in the Publish instance (along with the OSGi bundle), I'm able to see results after I click on a link which is bound to the AJAX call.
When accessing the same page through the Dispatcher however, the page is getting displayed but the link which should show content from the OSGi bundle is not working. The same link is working fine when accessed directly via the Publish instance
Updated:
The access.log in Dispatcher (Apache Web Server)
Success log of dispatcher
domain - - [11/Jul/2014:15:25:11 +0530] "GET /content/sample.html HTTP/1.1" 200 25805
Failure log on one of the links on the above page
domain - - [11/Jul/2014:15:25:12 +0530] "GET /bin/servlet/SampleServlet?action=GET_SAMPLE_USAGE HTTP/1.1" 404 230
It is not finding GET_SAMPLE_USAGE servlet, but the same is already available in the OSGi bundle and is working perfectly fine via the Publish instance (logs below).
Publisher access.log
domain - admin 11/Jul/2014:15:24:31 +0530 "GET /content/sample.html HTTP/1.1" 200 25805 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:21.0) Gecko/20100101 Firefox/21.0"
domain - admin 11/Jul/2014:15:24:31 +0530 "GET /bin/servlet/SampleServlet?action=GET_SAMPLE_USAGE HTTP/1.1" 200 - [this is not a link] ( "domain:4503/content/sample.html" ) "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:21.0) Gecko/20100101 Firefox/21.0"

Why cannot my app create fitness.runs for test users?

My web app can successfully create fitness.runs for myself and friends, but not for test users (created in the Test Users view of the Roles tab of the App's Dashboard). So I have a problem getting the app approved in the review, required for explicit sharing.
The app makes the following HTTP request to create (line breaks in content for readability):
POST /me/fitness.runs HTTP/1.1
Content-Type: application/x-www-form-urlencoded
course=https%3A%2F%2Fbroker-web.appspot.com%2Fpub%2Fcourse%2FagxzfmJyb2tlci13ZWJyLAsSDERQYXJ0aWNpcGFudBiAgICA_fCfCgwLEgZEU3BsaXQYgICAgICAgAoM
&start_time=2014-04-30T13%3A43%3A46
&expires_in=86400
&object=%7B%22app_id%22%3A%22255653361131262%22%2C%22title%22%3A%22Demo+410m%22%7D
&access_token=ACCESS_TOKEN
The successful response contains the action id (for myself and friends), and for test users the following error message is returned:
HTTP 500 OK
{error={message=An unexpected error has occurred. Please retry your request later., type=OAuthException, code=2}}
The crawler was successful visiting the object:
89.236.16.14 - - [30/Apr/2014:06:45:13 -0700] "GET /pub/course/agxzfmJyb2tlci13ZWJyLAsSDERQYXJ0aWNpcGFudBiAgICA_fCfCgwLEgZEU3BsaXQYgICAgICAgAoM HTTP/1.1" 200 6211 -
"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.116 Safari/537.36"
"broker-web.appspot.com" ms=135 cpu_ms=41 cpm_usd=0.000694 app_engine_release=1.9.4 instance=00c61b117ce48a0349d573d3cd16b02587ffe00b
My app was using the wrong FB app ID when creating the action. That is an issue only for Test Users, as they exist for the correct FB App only.

Sometimes "The specified feature has been temporarily disabled for this application"

it sometimes returned :
{"error_code"=>"2000", "error_message"=>"The specified feature has been temporarily disabled for this application", "state"=>"d022a262e11b1a8bebe4bccb86319514e870fb6657b6aee8"}
from facebook when using facebook login
apache_log:
85.135.128.63 - - [08/May/2013:19:07:40 +0200] "GET /users/auth/facebook HTTP/1.1" 302 250 "http://www.itolar.com/" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.64 Safari/537.31"
85.135.128.63 - - [08/May/2013:19:07:41 +0200] "GET /users/auth/facebook/callback?error_code=2000&error_message=The+specified+feature+has+been+temporarily+disabled+for+this+application&state=d022a262e11b1a8bebe4bccb86319514e870fb6657b6aee8 HTTP/1.1" 500 728 "http://www.itolar.com/" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.64 Safari/537.31"
But when i tried two different accounts to do same thing, everything works fine
I am using omniauth-facebook on Ruby on Rails
Do anybody know whats wrong?
It sounds like you might be hitting a rate limit. Try making less frequent calls and/or optimizing them (ie via batch calls). Also check App Insights -> Activity & Errors.

Google Chrome doesn't perform POST in a Facebook Canvas Tab application

I believe this is a difficult question to answer.
I've configured my facebook application with the following options:
Page Tab URL: https://www.myapp.com.br/
Secure Page Tab URL: https://www.myapp.com.br/
(both are secure urls and use HTTPS protocol)
Browsers like Firefox and Safari are working fine, sending a POST request to the server when I open the Page Tab with http or https protocol.
However, Google Chrome performs a GET request when using facebook with http. This request doesn't contain the signed_request.
I've spent a lot of time trying to fix this and I still don't understand why this is happening. Can anyone explain and provide a solution?
Update (more info)
The application was written with Ruby on Rails. It was deployed with Nginx + Passenger. The following is the configuration of the application with nginx:
server {
listen 80;
listen 443 default ssl;
server_name www.myapp.com.br;
passenger_enabled on;
root /my/app/rails/folder/public;
# workaround to get rid of infinite loops while using ssl
passenger_set_cgi_param HTTP_X_FORWARDED_PROTO https;
}
Rails configuration is to force ssl.
Nginx access log with a Firefox request to the facebook page tab:
201.87.25.128 - - [25/Nov/2011:19:16:47 -0200] "POST / HTTP/1.1" 200 9693 "http://static.ak.facebook.com/platform/page_proxy.php?v=4"
"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:6.0.2) Gecko/20100101
Firefox/6.0.2"
Nginx access log with a Google Chrome request to the facebook page tab:
201.87.25.128 - - [25/Nov/2011:19:19:07 -0200] "GET / HTTP/1.1" 200 9678 "http://static.ak.facebook.com/platform/page_proxy.php?v=4"
"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_2) AppleWebKit/535.2
(KHTML, like Gecko) Chrome/15.0.874.121 Safari/535.2"
Nginx access log with a Google Chrome request to the facebook SECURE page tab:
201.87.25.128 - - [25/Nov/2011:19:18:43 -0200] "POST / HTTP/1.1" 200 9678 "https://s-static.ak.facebook.com/platform/page_proxy.php?v=4"
"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_2) AppleWebKit/535.2
(KHTML, like Gecko) Chrome/15.0.874.121 Safari/535.2"