We are trying to CDN enable our WebSite using Azure CDN endpoints.
For CSS and JavaScript resources and images, it works just fine. But for some reason we get CORS errors for our fonts.
The error is:
Access to Font at
'http://[name].azureedge.net/-/design/[long-path]/icons.woff' from
origin 'http://[URL-to-testsite]' has been blocked by CORS policy: No
'Access-Control-Allow-Origin' header is present on the requested
resource. Origin 'http://[URL-to-testsite]' is therefore not allowed
access.
We have tried to insert the following URL-rewrite rules in our web.config:
<rewrite>
<outboundRules>
<rule name="Set Access-Control-Allow-Origin header">
<match serverVariable="RESPONSE_Access-Control-Allow-Origin" pattern="(.*)" />
<action type="Rewrite" value="*" />
</rule>
</outboundRules>
</rewrite>
…but unfortunately it did not change anything at all.
Any suggestions?
It worked to add the following HttpHeader in the Handler that returns fonts:
Response.AppendHeader("Access-Control-Allow-Origin", siteName);
If anyone has a better/prettier solution I am all ears.
Related
How could I check if a request header exist on IIS 8 and the value of this header is for example "1234"?
I am trying to response with a 500 error for example if the header is not present or the value is not "1234" so you can´t access if you haven´t the secret value.
it is possible on IIS? I check the all availables server variables but I don´t find any reference to Request headers. https://learn.microsoft.com/en-us/iis/web-dev-reference/server-variables
A request header is an HTTP header that can be used in an HTTP request to provide information about the request context, so I suggest you can try to use custom HTTP headers in a urlrewrite condition:
custom headers need to be preceded by "HTTP_".
substitute dashes with underscores
Eg: in order to retrieve the custom header "x-app-version", you can use "HTTP_x_app_version". So thr urlrewrite config should look like this:
<rule name="test" enabled="false">
<match url="(.*)" />
<conditions>
<add input="{HTTP_x_app_version}" pattern="^1234$" />
</conditions>
<action type="Redirect" url="your url" />
</rule>
I want to accept/deny requests depending on Http request custom headers. Is there any option available in both IIS and NGINX?
I think IIS has but NGINX??????
URL rewrite inbound rule can deny request based on request header. For example, if your custom request header is AuthHeader. Then you only need to add a condition pattern for{HTTP_AuthHeader}.
The sample deny rule would looks like this.
<rule name="deny rule" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTP_AuthHeader}" pattern="jokies" />
</conditions>
<action type="AbortRequest" />
</rule>
As you can see, IIS return 504 when the request header AuthHeader=jokies.
IIS return 200 if the AuthHeader doesn't match jokies
Of course, you can develop and inject your custom httpmodule to customize the request header filter.
We have a Asp.NET web api that handles requests from Android and iOS apps. We started to experience issues with GET requests that contained query strings. A URL like this: http://localhost:10723/api/Locations?userId=32432-a4r2-f32r3 gave this response:
A potentially dangerous Request.Path value was detected from the client (?)
After some debugging I saw that the querystring had been encoded, so the actual request was http://localhost:10723/api/Locations%3FuserId=32432-a4r2-f32r3, and that caused the issue. I can make changes to the apps that will fix this, but since this a app that is in production right now, I am desperately looking for a quick fix in the API that will allow the apps to work now.
What I have tried so far:
<httpRuntime targetFramework="4.5.1" requestValidationMode="2.0" />
<pages validateRequest="false" />
And related httpRuntime web.config tricks.
I have also written a custom request validator.
But everything is telling me that this is something that happens before the pagevalidation and my request validator is hit.
I was able to solve this by adding a rewrite rule for url on the server:
<system.webServer>
<rewrite>
<rules>
<rule name="Allowing querystrings.">
<match url="^(.*)\?(.*)$" />
<conditions logicalGrouping="MatchAny" />
<action type="Rewrite" url="{R:1}?{R:2}" />
</rule>
</rules>
</rewrite>
</system.webServer>
I've got a .NET Web API 2 application, I've hooked up the api to send me a file id and from there I get the unique file from the server.
Example:
Download
I need it to be a unique id since there could be multiples of the file in the repo. However, when I try to click the download button I get a :
HTTP Error 404.0 - Not Found
The resource you are looking for has been removed, had its name changed, or is temporarily unavailable.
I was thinking a re-write rule might be a good action, but I dont really want to rewrite it, i just want to allow anything /api/attachment no matter what the rest.
I've already got one rewrite rule since my page is a single-page-application to direct responses to the Default.cshtml like:
<rewrite>
<rules>
<rule name="Default" stopProcessing="true">
<match url="^(?!Lib|api|Assets|Views|Directives|Services|Controllers|signalr).*" />
<action type="Rewrite" url="Default.cshtml" />
</rule>
</rules>
</rewrite>
any thoughts on best way to achieve this?
I was able to resolve by creating an iframe and setting the src to the download like:
$("body").append('<iframe name="downloadFrame" id="download_iFrame" style="display:none;" src="" />');
and then in the C# I set the header like:
result.Content.Headers.ContentType = new MediaTypeHeaderValue("application/octet-stream");
result.Content.Headers.ContentDisposition = new ContentDispositionHeaderValue("attachment");
I didn't think my implementation through and now I am stuck. I am using IIS 7.5, URL Rewrite 2.0 and Jplayer.
My current implementation is that I have users upload audio files to my server. To listen to these audio files, users are given a direct link to either play in the browser or through Android/iOS in app media players.
Now I have created a landing page that I want to redirect those users direct linking to the audio file to. The landing page is using Jplayer.
The problem is that I have to use the direct link to the audio file to get jplayer to play it. Since I am redirecting the direct link, it is failing to load the media url.
This also becomes a problem since my Android and iOS apps direct link to the .mp3 in order to play the file in their AV players. Is there anyway around this? Is there a better implementation? Not sure what to do at this point.
Jplayer:
$("#jquery_jplayer_1").jPlayer({
ready: function (event) {
$(this).jPlayer("setMedia", {
mp3: "http://192.168.0.28/flows/t/test/test1334187052069.mp3"
}).jPlayer("play"); // auto play;
},
swfPath: "js",
supplied: "mp3",
errorAlerts: true,
warningAlerts: true,
wmode: "window"
});
IIS 7.5 Redirect Rule:
<rewrite>
<rules>
<rule name="FlowURLs">
<match url="^flows/[_0-9a-zA-Z-]+/[_0-9a-zA-Z-]+/([._0-9a-zA-Z-]+)" />
<action type="Redirect" redirectType="Found" url="music.html?flow={R:1}" />
</rule>
</rules>
</rewrite>
A possible solution might be to check the HTTP accept header and see if it's a browser expecting to load a page. If so then you redirect to your player landing page. Otherwise you leave the request as is and let it load the audio file directly.
You can check the accept header with a conditional:
<rewrite>
<rules>
<rule name="FlowURLs">
<match url="^flows/[_0-9a-zA-Z-]+/[_0-9a-zA-Z-]+/([._0-9a-zA-Z-]+)" />
<conditions>
<add input="{HTTP_ACCEPT}" pattern="text/html" />
</conditions>
<action type="Redirect" redirectType="Found" url="music.html?flow={R:1}" />
</rule>
</rules>
</rewrite>