Does anyone know if it is possible to view web requests served from a Service Worker's cache with Chrome Extension APIs?
At the moment, it looks like web requests served from a Service Worker are much like requests served from the browser's cache - they are effectively invisible to the Chrome web request API.
I can use a content script in the page to read the navigator.serviceWorker. Maybe I could then clear the Service Worker's cache to ensure that the web requests were then fetched externally...
Related
We have a set of microservices deployed on a Kubernetes cluster which serves API. Also we have a Single Page web app - which is accessed for both pre-logic and post-login scenarios. i.e. some of the requests coming to web app are anauthorized.
App the APIs go through Apigee which is deployed on a separate zone.
What are the security risks in exposing webapp (on Kubernetes cluster) to internet via WAF (please note that webapp servers unauthorised public pages as well)
Given #1 is a security risk, what if exposing a react-js SPA (html, css and js) via Apigee?
2A. Will that reduce/ eliminate the security risk in #1?
2B. Is it a valid architectural pattern to expose html, css and js via an API Gateway
like Apigee?
I have a web application which uses ASP.NET Core 3.1 on an Azure AppService, combined with Azure AD B2C authentication.
In my Startup.cs code, I call UseHttpsRedirection, but when I visit the site with an empty browser cache / or a new incognito session, using the HTTP protocol, I don't get redirected to HTTPS. Because of this, the B2C authentication doesn't work, so my app is not working.
This (HTTP) link is not working.
This link (HTTPS) does work.
What is strange though, once you visited the HTTPS site, and then the HTTP one, you will see the redirection is working.
What are getting served here are static HTML and JS files, served by the ASP.NET Core self-hosted server (running on a Linux AppService).
What do I miss here? Do I need to make an additional setting in Azure or in my code? Or do I need another record in the DNS?
It turned out that you have to go to the Protocol settings of the App Service and set "HTTPS only" to "on".
I am hosting an angular application in azure web app. I want my application should be only accessible on chrome browser. If someone access the site from other browser then user should redirect to browser restriction page. So to achieve this is there any policy available that can be added to web app, instead of writting the code to detect the browser and then redirect?
Rajesh
Azure web app does not have the functionality to restrict access to the browser as you described.
Reason
Azure app service (Windows & Linux) is essentially a webserver running in a sandbox, which is no different from real IIS or Nginx and Apache.
WebServer provides program deployment and access functions, and only receives HttpRequest. As for the information contained in HttpRequest, azure app service does not provide analysis.
For example, adding User-Agent: Chrome is the specific information contained in HttpRequest. This means that we can only determine the source by parsing the HttpRequest through the code.
I have a Web site deployed on Azure Web App. My web site gets very slow at times. This behavior is random.
On checking IIS Logs during the period of slowness, I found few requests coming in where the Client IP Address is blank (It shows "-").
The response time of these requests runs into minutes and finally they result into HTTP 500 error. This happens only for the requests where c-ip is blank.
All other requests that have a Client-IP address are processed successfully. But because of the bad requests my application becomes very slow. I have to restart my Web App to resolve this issue.
What could be the possible reason behind these requests having a blank Client IP Address ? Could this be a malicious attack on the web site ?
Difficult to say. Could you add Application Insights service to your project? It allows you to see what is going on before and after 5 minutes of "this" request. The second reason can be the mode of your Azure Web App - is it free or shared or standard?
After AI added, you could share some more insights, because it is important to know what is that request about, not just the fact that it was processed.
https://azure.microsoft.com/en-us/documentation/articles/app-insights-start-monitoring-app-health-usage/
I am using azure traffic manager for load balancing of my virtual machines. But it is giving CORS blocked error when calling from ajax.
I have CORS enabled for my machines url.
can any one provide me some solutions.
Sounds like you are calling the traffic manager load balanced endpoint from a page that is on a different domain, is that right? Like your HTML page is on domain.com, and ajax in your page is calling domain.trafficmanager.com - is that why your getting CORS exceptions? If so can you just change the CNAME for your domain.com to point to domain.trafficmanager.com so your whole website is served from the same domain? Of course this implies your application server for both HTML / Javascript, etc. are all being served by the same process (not sure if that's the case here).