since iOS 9 my app can't open a web page containing both javascript and xml anymore. I think I read everything is around on the internet but it seems I can't figure out what's happening.
The server running the php is:
- tls 1.2 compliant;
- forward secrecy compliant;
- certificated as Apple describes.
The app is using AFNetworking 2.6 (version 3.0 should be available at the end of October) and the error that I got is:
NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9813)
when I call:
[self.mainWebView loadHTMLString:string2 baseURL:baseURL];
I also tried to manage exceptions in the plist as Apple describes (NSAllowsArbitraryLoads) or writing my domain name (NSExceptionDomains) but nothing changes.
Any ideas where should I investigate more?
Thanx so much for your help.
Fab
Add this code in your .plist file.
<key>NSAppTransportSecurity</key>
<dict>
<!--Include to allow all connections (DANGER)-->
<key>NSAllowsArbitraryLoads</key>
<true/>
</dict>
Thanx to Apple Technical Support I fixed the problem. Once I verified with TLSTools that the server was correctly configured solution was to send our self signed certified via e-mail, then tapping on it in Mail, the app started to work fine.
Related
Problem statement:
Application built using Vaadin 8 deployed on Jboss EAP 7.0 has directory listing issue of all resources within /VAADIN/* e.g /VAADIN/themes/mytheme/images
Validation:
Upon validating other directories, say myapp/images or my/js this issue is not occurring which means default directory listing is off with Jboss configuration and is working perfectly. Issue only with Firefox
Approach:
I could partially fix by having the authentication filter configured for /VAADIN/* URL, but anyways post authentication the directory listing is still happening. Until that fix the listing was happening without authentication
Please suggest a fix the vulnerability
Thank you for the report, we had already noticed some related issues for Vaadin Flow but the tickets or related changes haven't got backported to Vaadin 8 yet. I'll look into it.
The directory listing shouldn't be shown, although the lack of it mainly provides security by obscurity. The files that are served to the client will be accessible through the client regardless. It's best not to include any sensitive data among them.
Edit: Backported fixes should now be available in 8.14-SNAPSHOT and 8.13.2.
Error: java.io.IOException: Could not transmit message
Issue details: We are running our application with Jboss AS 5.1 and OpenJDK 7 (version 1.7.0_261), servers are Red Hat Linux CentOS 5.
We have a legacy application that makes several web service calls to NetSuite, after the recent NetSuite update of obsoleting the old cipher suites all our calls started failing. TLSv1.2 protocol is enabled (with -Dhttps.protocols=TLSv1.2 in run.conf), since it is Java 7 we added bouncy castle security jars to increase the supported cipher suites (as recommended in this comment by Igor: https://stackoverflow.com/a/49154932/2308058), with this, we were able to get the REST Web Service calls working but we are getting the error - org.bouncycastle.tls.TlsFatalAlertReceived: internal_error(80) for SOAP WS calls.
Other things we tried but nothing seem to bring us luck yet:
Explicitly adding cipher suites that are supported by NetSuite in run.conf with -Dhttps.cipherSuites=TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
Adding TLS protocol with tls.client.protocol in run.conf - -Djdk.tls.client.protocols=TLSv1.2
Added self-signed cert to keystore
Added NetSuite's cert to Java cacerts
SOAP calls are working fine with Java 8 but moving this legacy application to Java 8 and Wild Fly is a very heavy lift so we are looking for alternative options.
Any suggestions on getting this resolved would be very helpful, please! TIA!
TlsFatalAlertReceived means a fatal alert was received from the peer (i.e. NetSuite failed). internal_error would usually mean that something went wrong in the implementation itself, rather than any configuration match like cipher suites, however I don't know how careful NetSuite is about its choice of alerts. In any case, apart from guessing what the issue is, the real next step is to look at the NetSuite server logs to find what's failing.
I am running Xpage Application on Domino Server 8.5.3 FP1 Windows 64bit.
We are sending the bills(documents) around 2500 users. during testing ,this application works fine without any error. When we rollout the bills to user. All users are trying to open the application.
It is throwing the following error. But Application still works. At some point of time, Application gets slow and http hang. I have do restart of HTTP. Then it works fine.
I am not able to find the cause whether any error in the code or because number of users are accessing the application increases.
06/04/2014 10:58:53 AM HTTP JVM: CLFAD0211E: Exception thrown.
For more detailed information, please consult error-log-0.xml located in D:/Lotus/Domino/data/domino/workspace/logs
And sometimes this is also throwing ,
HTTP JVM: CLFAD0141E: Error processing XPage request. For more detailed information,
please consult error-log-0.xml located in D:/IBM/Lotus/Domino/data/domino/workspace/logs
Please help on this query.
You should start with what Paul suggests. If you haven't already downloaded and installed LogReader (by Jakob Majkilde), then you should. It is a database on your server that will read the various error file types and show them for you in an easy way. You can find it here: http://www.openntf.org/internal/home.nsf/project.xsp?action=openDocument&name=XPages%20Log%20File%20Reader
From these log files you will then have to look at where the system complains about problems. Did you write the code in Java or Serverside Javascript (SSJS)? You have options to debug both of these (although I cannot remember if you can debug SSJS in version 8.5.3 - it may not be available until version 9.0). But you could always add a println in the code near where you think it breaks ;-)
/John
At some point of time, Application gets slow and http hang. I have do restart of HTTP. Then it works fine.
As mentioned by Paul + John, no one is going to be able to give you an exact answer from the posted message.
As you mention the application gets slows and hangs, I would also recommend watching the XPages Masterclass.
It is approx 4 hours of videos, and goes into detail on how to debug your application for performance issues using the XPages Toolbox.
Again this isn't an exact solution. You will need to use the XPages toolbox to drill down on your code/JVM to see where it is slowing down/hanging.
Posting the stacks from the error-log-0.xml log file might give some hints, but with performance/hangs it's rarely that simple to find.
Now Application is working without issue. I have just included exception handling in all ssjs.
Now it is not throwing error.
Thanks for all your help and time.
I'd like to incorporate security features in my standalone XULRunner app. Specifically, I'd like to use security certificates to validate the app executable as downloaded by a user. From what I've seen, its called code signing. But I'm very green in this area. Any pointers on how to proceed? Thanks in advance.
The certificate functionality built into XULRunner isn't meant to validate signatures of Windows executables - you would need to use Windows functions for that (e.g. via js-ctypes). Not going to be simple however, here you can see how that check works in C++ code.
However, if you are merely downloading an update to your application then maybe using an HTTPS connection would be sufficient - the origin of the executable is verified then (won't help you if that server is hacked however).
I just created my first Xpage application, and I now wanted to port it to a simple mobile application, using the mobile controls in the Xpages Extension Library. Notes/Domino 8.5.3 Upgrade Pack 1 are installed on both client/Designer and server.
The Xpage application works fine in both client and browser.
I created a new Xpage, called "mobileMainPage", and simply add a Single Page Application control to it, save the file and attempt to open it through a browser (Safari first, then IE 9 just to test). In both cases I get the following error message:
Unexpected runtime error
The runtime has encountered an unexpected error.
Exception
Cannot find the library com.ibm.xsp.extlib.library, required by the application /Contacts.nsf.
I am opening the database on the server (entering the URL of the .xsp file in the browser). I am not using the preview browser feature of Domino Designer, but is calling the page like a user would.
How do I fix this? I even tried to install Upgrade Pack 1 once more. Still getting the same error message.
It really sounds like the library is not installed on the server.
type tell http osgi ss com.ibm.xsp.extlib on the server console and verify that the plugin is installed, that command should return a list of the extlib plugins and fragments and if they have been correctly resolved or not.
in your Domino console type:
tell http xsp diag com.ibm.xsp.extlib
also try:
tell http xsp diag com.ibm.xsp.extlib.mobile
This will tell you whether or not the plugin is resolved. If the plugin is not found it means the plugin is not installed the to correct location (domino/data/domino/workspace/applications/eclipse/plugins).. If a plugin that extlib depends on is not resolved it will show in the console.
Chapter 3 of the XPages Portable Command Guide goes into this in great detail :-)
Let me know the results of the above command
Make sure to tell your app that it should use the extension library. Open the Application Properties and go to the Advanced tab. Here, verify that the 'com.ibm.xsp.extlib.library' is checked.
I just encountered a similar issue when firing up a new server in a virtual machine (was testing out an issue with different server version). I included notes.ini setting OSGI_HTTP_DYNAMIC_BUNDLES and pointed it to a updatesite database I hastily replicated over from another server.
I am not certain for sure, but once I added my new server to the updatesite and restarted http, it took.