What is CSP blocked URI "c" and "file" - content-security-policy

I am getting the following two kinds of violation in my CSP report
Blocked URI "file"
"violated-directive":"img-src",
"disposition":"report",
"blocked-uri":"file",
"status-code":0,
"script-sample":""
Blocked URI "c"
"violated-directive":"img-src",
"disposition":"report",
"blocked-uri":"c",
"status-code":0,
"script-sample":""
I am not able to understand what these two uri are blocked and what is the reason for blocking.
If anyone has idea about this it would be very helpful

Related

Azure app service some requests returns 400 Bad Request. The request could not be understood by the server due to malformed syntax

So we have a simple .net core 5.0 service that only serves some simple pages with mvc. We are starting to get 400 Errors (details below) on some of the requests. Our frontend is embedded in an iframe which forces us to use our own domain for our api-calls. The 400 errors disappears when we use the azure internal-urls. (*.azurewebsites.net instead of *.ourdomain.net). When I get to the "diagnose and solve problems" -> "availability and performance" -> HTTP 4XX ERRORS i can se below errors. Any ideas on what can cause this error?
Bad Request. The request could not be understood by the server due to malformed syntax. The client should not repeat the request without modifications.
So, the biggest problem above is that we do not get the correct errormessage. After a lot of experimentation we activated the ConnectionLogging for Kestrel.
WebHost.CreateDefaultBuilder(args)
.UseKestrel(options =>
{
options.ConfigureEndpointDefaults(listenOptions =>
{
listenOptions.UseConnectionLogging();
});
})
And after that we found some more intressting logs. One that said:
Connection id "0HMFSA73IA4LS" bad request data: "Malformed request: invalid headers."
Microsoft.AspNetCore.Server.Kestrel.Core.BadHttpRequestException: Malformed request: invalid headers.
After some more investigation we could diff a succesful request from a failing request. And the problem was related to the certificate of *.ourdomain.se. In a part of the certificate we hade a string thats named "Stockholms län" in the cases where it failed the string decoded to l�n and when it succeeded the string decoded to l%C3%A4n. We are now investigating if this is a load balancer problem. But this app is running hostingmodel outofprocess. By changing this to inprocess and wrap our Kestrel in IIS the errors disapears.

Getting HTTP error 400- Header too long error

I am getting HTTP 400- Header too long error, I have tried most of solution over internet, but none of them seemed to be working (solutions are like adding reg entries, etc).
I have a sample web application which is calling a web api on my system, but I am getting below error in HTTPERR log file:
2019-11-16 16:58:59 ::1%0 1213 ::1%0 80 HTTP/1.1 GET
/WebApplication2/api/values - 400 - RequestLength -
Here is my code which is calling the web API:
HttpWebRequest GETRequest = (HttpWebRequest)WebRequest.Create(URL);
GETRequest.Method = "GET";
GETRequest.ContentType = "application/json";
GETRequest.Headers.Add("Authorization", "<Something Big value>");
WebResponse GETResponse = await GETRequest.GetResponseAsync();
It is recommended to capture ETL log via
https://blogs.msdn.microsoft.com/wndp/2007/01/18/event-tracing-in-http-sys-part-1-capturing-a-trace/
Then you could use network monitor to analyze both request payload and etl log.
It will help you find the root cause.
Besides, can you find the 400 error in IIS log? Now that the 400 error appear in httperr log. It looks like http.sys blocked the request before it reach IIS server.
If you can find the 400 error in IIS , then you could try to modify the limitation in system.web/httpRuntime and request filter.
If the 400 error only can be found in httperr log. Then you may have to try to make some change in http.sys registry.
https://support.microsoft.com/en-us/help/820129/http-sys-registry-settings-for-windows
Please remember to reboot server to activate these registry!

ServiceStack: AppHost.OnRequestEndCallbacks handler gets called twice when an exception is thrown outside of a service

I have a snippet in the OnEndRequestCallbacks block of the app host that records a row in an audit table for business purposes. The unexpected behavior is that when a request fails for some reason outside of a service (exception thrown), the endrequest event gets hit twice, and so 2 requests are audited instead of 1. This specific error is happening in the JwtAuthProvider when the token is expired. The exception funnels through as you would expect, but hits the end request callbacks handler twice. I added a snippet in the UncaughtExceptionHandlers block to write the error and end the request, but that doesn't seem to work, and 'two' requests are logged anyway. This was happening when I was getting exceptions in a Request Filter, but adding the snippet to write an error to the response and end the request worked in fixing the duplicates there. The same approach does not seem to work in the global handler in the same way.
This should now be resolved from this commit.
This change is available from v5.6.1+ that's now available on MyGet.

Restsharp - Cannot get error response body

I am using current (106.5.4) version of RestSharp with Xamarin.iOS and MvvmCross. I works very well (automatic body serialization, deserialization etc.), however I am having hard time getting error response body.
If there is a response from server with error code 4xx or 5xx I get just strange exception in top level of my code that says
"Error getting response stream (ReadAsync): ReceiveFailure Value
cannot be null. Parameter name: src"
Only when I use "Catch All Exceptions" in visual studio I can see the real exception down in call stack. Even though there is no way how to access the body. Accessing the body would be extremely helpful because the server can say there what is wrong with the request.
Am I missing anything, or there is no way in RestSharp?
Thank you for any response

Application Insights Availability tests fails on 200 OK with "System.UriFormatException: Invalid URI: The format of the URI could not be determined."

I am just trying out Application Insights availability tests.
I let them run over night to our public website and got only "fails"
When I drill in to the separate test runs, I see that the server responded with "200 OK", sending the expected html markup.
But in "Exceptins" it says
System.UriFormatException: Invalid URI: The format of the URI could not be determined.System.UriFormatException: Invalid URI: The format of the URI could not be determined.
at System.Uri.CreateThis(String uri, Boolean dontEscape, UriKind uriKind)
at Microsoft.VisualStudio.TestTools.WebTesting.HtmlDocument.ParseForDependentRequests(Boolean urlsOnly)
at Microsoft.VisualStudio.TestTools.WebStress.WebTestCaseVariation.BuildDependentRequestsList(WebTestInstrumentedTransaction instrumentedTransaction)
at Microsoft.VisualStudio.TestTools.WebStress.WebTestCaseVariation.AddParsedDependentRequests(ExecutionState executionState)
Does anyone have an idea what's going on there? What am I missing?
Most likely this exception occurs when webtest engine tries to parse dependent requests information to validate resources. Either webtest incorrectly parses dependency resource or web page contains an invalid reference.
WebTest should give a better error explaining to which resource it is complaining.
To workaround this problem (if it is acceptable) - you can disable "Parse dependent requests" option (see below). Note - webtest will not be testing dependent resources.

Resources