I have enabled CSP in my "#angular/core": "^15.1.0" project and using Ng-Zorro "ng-zorro-antd": "^15.0.2" and have enabled Dynamic loading of the icons.
"options": {
"headers": {
"Content-Security-Policy": "trusted-types angular angular#bundler; require-trusted-types-for 'script'"
}
},
Here is the code for the form icon
<li nz-submenu nzOpen nzTitle="Form" nzIcon="form">
<ul>
<li nz-menu-item nzMatchRouter>
<a>Basic Form</a>
</li>
</ul>
</li>
It shows the following errors on the console and doesn't renders them.
Error on Console
I tried Angular DomSanitizer but the issue still persists maybe I'm using sanitizer wrong.
Related
I have several links in this base razor project. For some reason my links stopped working. Here is an example:
<a class="nav-link text-dark" asp-controller="Contato" asp-action="Contato">Contato</a>
My project layout is pretty simple:
When I run the project and click on the non working link it goes to this url:
https://localhost:44372/?action=Contato&controller=Contato
However, when I navigate to the correct URL it works fine:
https://localhost:44372/Contato
I did not change any routing in the program.cs and use the default pipeline stuff:
builder.Services.AddRazorPages();
app.UseRouting();
app.MapRazorPages();
Any help in this routing issue?
There are no controllers or actions in a Razor Pages app - only pages. Therefore your anchor tag helpers should use the asp-page attribute:
<a class="nav-link text-dark" asp-page="/Contato">Contato</a>
https://www.learnrazorpages.com/razor-pages/tag-helpers/anchor-tag-helper
For me very basic navigation is not working with newly generated jHipster app.
I have 2 html pages in the root: index.html and network.html
Here is how I would like to redirect to network.html:
<a href="/network.html">
<button type="submit"
class="btn btn-info btn-sm">
<fa-icon icon="project-diagram"></fa-icon>
<span class="d-none d-md-inline">Network</span>
</button>
</a>
Unfortunately this doesn't work and I get 404 Not Found.
Can you please advise how to make external navigation working with JHipster? I have tried all examples from How to redirect to an external URL from angular2 route without using component? and nothing works
You have to modify src/main/java/{your-package}/config/WebConfigurer.java and add a resource handler for your static file. By default, all routes are redirected to index.html, which is how most SPA applications work.
I have a project that is written in JHipster v4.9.0 and I am working on a upgrade to v 5.3.0.
I really miss the social login feature from earlier versions of JHipster and I need the social login buttons and service back in my project.
I have installed bootstrap social from
https://libraries.io/npm/bootstrap-social
with the command:
npm install bootstrap-social#5.1.1
Now I have in my package.json file the line
"bootstrap-social": "5.1.1",
Then I have in my login page
<a class="btn btn-block btn-social btn-facebook">
<span class="fa fa-facebook"></span>
Sign in with Facebook
</a>
But my problem is that I can not see the facebook logo on my button. Is there anything more I have to do to get the logo to show up?
The Facebook logo is using Font Awesome, which changed the imports in v5. First, add the following package in your package.json to the specified version (this includes brand icons such as social networks):
npm install --save #fortawesome/free-brands-svg-icons
You also need to import the icon in vendor.ts:
import {
faFacebook
} from '#fortawesome/free-brands-svg-icons';
....
library.add(faFacebook);
Finally, you need to add the icon in the HTML, similar to how others are used (but specify the fab for a Brand Icon). There are several examples in the navbar for icons, a Facebook icon will look like below:
<fa-icon [icon]="['fab', 'facebook']"></fa-icon>
I have two applications:
X.Web - Asp.net core 1.1 web application
X.Api - ASP.NET WebApi2 application in .NET 4.6.1
Now they are both available as www.example.com/X.Web and www.example.com/X.Api respectively. My customer wants the web application to be available simply as www.example.com.
I tried a quick solution in my test environment - I just moved the content of X.Web folder to wwwroot and without any problems everything worked fine.
However, on my production server the web app works - htmls, scripts and styles are loaded correctly, but X.Api stops working - i get response
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title> IIS 502.5 Error </title>
<style type="text/css"></style>
</head>
<body>
<div id = "content">
<div class = "content-container">
<h3> HTTP Error 502.5 - Process Failure </h3>
</div>
<div class = "content-container">
<fieldset>
<h4> Common causes of this issue: </h4>
<ul>
<li> The application process failed to start </li>
<li> The application process started but then stopped </li>
<li> The application process started but failed to listen on the configured port </li>
</ul>
</fieldset>
</div>
<div class = "content-container">
<fieldset>
<h4> Troubleshooting steps: </h4>
<ul>
<li> Check the system event log for error messages </li>
<li> Enable logging the application process’ stdout messages </li>
<li> Attach a debugger to the application process and inspect </li>
</ul>
</fieldset>
<fieldset>
<h4> For more information visit:
<a href="https://go.microsoft.com/fwlink/?linkid=808681">
<cite> https://go.microsoft.com/fwlink/?LinkID=808681 </cite>
</a>
</h4>
</fieldset>
</div>
</div>
</body>
</html>
for each and every request. In my Event log I can see:
Application 'MACHINE/WEBROOT/APPHOST/DEFAULT WEB SITE/X.API' with
physical root 'C:\inetpub\wwwroot\X.Api\' failed to start process
with commandline '"dotnet" .\X.Web.dll', ErrorCode =
'0x80004005 : 80008081.
The questions are:
1) what can be a problem
2) Why in the event log I can see ...failed to start process
with commandline '"dotnet" .**X.Web.dll**...
3) Is there any other way to achieve this simple requirement of my client
So, just to make sure I understand you properly, initially, you had: www.example.com/X.Web and www.example.com/X.Api, and X.Web was calling X.Api, right? Then you moved X.Web files from wwwroot/X.Web to wwwroot directly, and it worked on your env but not on the production env? Which version of IIS are you using?
1/ Maybe an idea: by moving X.Web maybe you have changed the user under which your X.Web application was running, making it unable to launch your ASP.NET Core application.
2/ My suggestion to 1 could explain, credentials issues.
3/ I would definitively avoid putting the file of X.Web directly under wwwroot and instead I would configure IIS to get a redirection from www.example.com to www.example.com/X.Wep. You could use URL Rewrite module (maybe an overkill in that case but it's a module that is very good to know in my opinion because it can help in various scenario) or simply configure IIS to redirect, this SO thread could be helping How to redirect a URL path in IIS?
This is my application code:
The manifest.json file:
{
"name": "YouTradeFx Debugger",
"version": "1.0",
"manifest_version": 2,
"description": "This appliction allow YoutradeFX R&D team to debugging thier applications, by using few tools",
"browser_action": {
"default_popup": "app.html"
}
}
The app.html file:
<html>
<head>
<title>Source of the application</title>
<script src="jquery.js"></script>
<script src="app.js"></script>
</head>
<body style="width: 350px;">
<span style="display: none;">
<button id="Http">Send Requests</button>
<button id="Cookie">Add Lead Params</button>
<button id="Crm">CRM Faliure</button>
</span>
<div id="Content">
<table id="cons">
<tr>
<td>Please your username:</td>
<td><input type="text" id="names" name="user"></td>
</tr>
<tr>
<td><input type="submit" name="send" value="SEND"></td>
</tr>
</table>
</div>
</body>
</html>
The app.js file is:
$(document).ready(function(){
var HoldUser = $("input#names").val();
$.get("https://www.mywebsite.com/ChromeExt/crm_buffer.php?uid="+HoldUser,function(data){
$("div#cons").html(data);
});
});
But I got the error message "Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' chrome-extension-resource:"." all the time..!
Why is not working? I did something wrong?
You are loading HTML (I assume) from https://www.mywebsite.com/ChromeExt/crm_buffer.php?uid="+HoldUser and then inject it in your app.html page. When HTML is injected it is parsed and all mentioned resources (<script>, <link>, <object>, <img> etc.) start to load. Since you probably have some JavaScript files there and since default Chrome Extension policy does not allow extensions to run scripts from remote locations you get an security violation error.
You can fix this by making response from your website more like API call, return JSON or text instead of HTML. If mywebsite.com isn't yours or you don't want to change anything there, you can whitelist scripts that it loads in CSP or parse data variable returned in $.get and remove all <script> etc. before injecting it.
You're getting the page https://www.mywebsite.com/ChromeExt/crm_buffer.php?uid="+HoldUser so you may have click, mouse down, etc events on that page. Also I don't see any permissions on manifest.json. That too may be blocking the request. You could easily test this by adding the lines below to manifest.json. If that doesn't work, check mywebsite.com to see if that's broken.
"permissions": [
"http://*/*",
"https://*/*",
],