I'm having an odd issue in node/sails and difficultly troubleshooting. I can upload small xls files via a upload form but larger ones do not process/upload, here is a simple test, when passed a small file (500-1000 rows) it processes fine and I get console logs. A large (20,000 row) file just spins on uploading.
My form looks like this:
<div class="row col-xs-12">
<form id="uploadForm"
enctype="multipart/form-data"
action="/utility/test_req"
method="post">
<label for="Parse Through Row" class="control-label">Parse</label>
<input type="text" name="num_rows" />
<input type="file" name="csv_file" />
<input type="hidden" name="_csrf" value="<%= _csrf %>" />
<input type="submit" class="btn btn-default" value="Upload CSV"/>
</form>
</div>
And my Controller looks like this:
test_req: function (req, res, next){
console.log("here");
console.log(req.params.all());
res.redirect('/utility/migration')
},
Move the _crsf token to the top of the form, i believe input fields are sent in order by the browser, and hence, parsed in the same order by sails. csrf tokens are time constrained so you get a short window of usage before they get invalidated, then if you have a big file, first your file gets processed(or files) and when sails is done with that it will parse your token, but then is too late.
<form>
<input type="hidden" name="_csrf" value="<%= _csrf %>" />
// The rest of the inputs here, including the file input.
<input type="submit" class="btn btn-default" value="Upload CSV"/>
</form>
It should work now :)
This was a csrf issue. Disabling csrf globally allows the controller action to be reached with larger files. I'm not sure if this is a configuration issue (likely) or a bug with csrf or sails (unlikely).
Related
I tried to Google search but I did not even know what to search for!
My current problem is: say I have a customer order an item, it will show in his list of orders and he can then edit the order in the future by clicking a button next to the order.
Currently the button submits a hidden form which contains all information needed to identify a particular order and this form is passed into the edit order page through a post request. Although the form is hidden, when page source is viewed the information will still be accessible by the user.
How do I avoid exposing the information to the user? I.e do everything in the backend.
<form method="POST" action="/edit_order">
<input type="hidden" name="owner_email" value=<%=all.owner_email %>>
<input type="hidden" name="owner_email" value=<%=all.transactionId %>>
<input type="hidden" name="start_date" value=<%=moment(all.start_date).format() %>>
<input type="hidden" name="end_date" value=<%=moment(all.end_date).format() %>>
<button type="submit" class="btn btn-secondary">Change this order</input>
</form>
I'm currently making automated tests for Browserstack using Selenium and Nightwatch.js. I've encountered a problem where I'm unable to submit a login form. Either nothing happens or the page just reloads. All required login data are set using browser.setValue('{selector}', '{value}'). Tried this on Chrome and Firefox, but the result is the same. I am able to submit the form using JS in browser console, though.
I've tried the following methods to no avail.
browser.submitForm('#login-form');
browser.click('#send2');
browser.execute("document.getElementById('send2').click();");
browser.execute("document.getElementById('login-form').submit();");
Is there anything that I'm missing? If that makes a difference, I'm trying to automate a login form for Magento 1 site.
Much thanks.
Edit:
Added form HTML
<form action="https://{site}/en/customer/account/loginPost/" method="post" id="login-form">
<input name="form_key" type="hidden" value="1CdZGL4mwA0njx3U">
<div class="form-group">
<input type="text" class="input-text-custom required-entry validate-email form-control" id="email" name="login[username]" value="" title="Insert Email Address" placeholder="Insert Email Address">
</div>
<div class="form-group">
<input type="password" class="input-text-custom required-entry form-control" id="pass" name="login[password]" title="Password" placeholder="Password">
</div>
<div class="form-group">
<input type="checkbox" name="nl_subscribe" id="nl_subscribe_existing" value="subscribe" class="form-control checkbox">
<label for="nl_subscribe_existing" class="text-normal-checkout"><span></span>By the way, I also want to subscribe to your newsletter*</label>
</div>
<input type="hidden" name="nl_source" value="customer_login" class="form-control checkbox">
<div class="form-group"><div class="control remember-me-box">
<div class="input-box">
<input type="checkbox" name="persistent_remember_me" class="checkbox" id="remember_meL0h6snrk30" title="Remember Me">
<label for="remember_meL0h6snrk30" class="text-normal-checkout"><span></span>Remember Me</label>
</div>
</div>
</div>
<div class="forgot-password">Forgot password?</div>
<div align="center"><button type="submit" class="button-check" name="send" id="send2" title="log in"><span><span>log in</span></span></button></div>
</form>
Edit 2:
Is it possible that this is related to configuration? I launched this test on local browser and then stopped it, so I could fill and submit the form manually, but I was not able to submit it anyway.
It appears that the script was fine but there was a bug in the site. For some reason, script needs to refresh the browser to be able to submit the form successfully. So, until this is fixed, I've implemented browser.execute('location.reload();'); as a workaround.
we are using paypal adaptive payments embedded solution so our buyers can stay on the site during checkout. we want to change the lightbox CSS. how can we do it? after looking at the PP adaptive payments API documentation all we could find was headerImageUrl. how do we changed the header logo? can the background be changed?
<form action="https://www.sandbox.paypal.com/webapps/adaptivepayment/flow/pay" target="PPDGFrame">
<input id="type" type="hidden" name="expType" value="light">
<input type="hidden" name="business" value="seller_1328179547_biz#complexintegrations.com">
<input type="hidden" name="shipping" value="5.00">
<input type="hidden" name="amount" value="6">
<input type="hidden" name="headerImageUrl" value="https://domainname.com/images/LOGO%20%281%29.png">
<input id="paykey" type="hidden" name="paykey" value="AP-4N0030004W852052F">
<input id="GetShippingAddresses" type="hidden" name="GetShippingAddresses" value="1">
<input type="image" src="https://www.paypal.com/en_US/i/bnr/bnr_MSPFbanner_ec2_143x32.gif" id="submitBtn" value="Pay with PayPal" style="height:22px;position:relative;top:5px;">
</form>
<script type="text/javascript" language="javascript">
var dgFlow = new PAYPAL.apps.DGFlow({ trigger: "submitBtn" });
</script>
You can't do this on the Lightbox.
There's unfortunately no way to customize it, beyond changing the width of it (And you have to manually hack the JS for that.)
This related to How does browser know when to prompt user to save password? except mine is specific to Safari.
I have a website in which there are two different ways you can log in. The first is the main site in which you have to enter your email, password, and your account's domain. The second way is to actually go to your domain (which is pointing at my server) at which point you're only asked to enter in your email and password.
Logging in the second way (two inputs), Safari, Chrome and Firefox will all ask if I'd like to save my username and password (as expected).
But logging in the first way (three inputs), only Chrome and Firefox ask. Safari does not.
My form is not AJAX/Javascript. It has a form tag, a submit button, and three inputs with the ids/names - email, password (of type=password), and account_domain. I do not have autocomplete=off.
Does anyone know what Safari is looking for to ask to save username/passwords? Is it b/c I have three inputs instead of two?
As a note, I ran the same test on my wife's Mac using Safari only and she wasn't prompted to save in either case. So I don't know.
I verified that neither of us had clicked "never remember passwords" for either of these sites.
I was having this same issue, and your post answered my problem.
I just had a simple form that only requested a password, which would not prompt Safari on a mobile to save the password:
<fieldset>
<legend>Please login below:</legend>
<form role="form" id="access" name="access" method="post">
<div class="form-group form-group-sm">
<label for="password">Password</label>
<input class="form-control" required type="password" placeholder="Enter Password" name="password" id="password" />
</div>
<div class="form-group form-group-sm">
<input class="btn-lg btn-primary center-block" type="submit" value="Login" />
</div>
</form>
After reading your post, I added a "username" input field as follows:
<fieldset>
<legend>Please login below:</legend>
<form role="form" id="access" name="access" method="post">
<div class="form-group form-group-sm">
<label for="username">Username</label>
<input class="form-control" required type="text" placeholder="Enter Username" name="username" id="username" />
</div>
<div class="form-group form-group-sm">
<label for="password">Password</label>
<input class="form-control" required type="password" placeholder="Enter Password" name="password" id="password" />
</div>
<div class="form-group form-group-sm">
<input class="btn-lg btn-primary center-block" type="submit" value="Login" />
</div>
</form>
After adding that, I now got a prompt to save the password.
So I think Safari is looking for a username, name, email, etc. to tie along with a password field. I didn't test this too much, but I'm sure someone with more experience can verify that.
Thanks for your post.
I have index.php and I have a login form:
<form method=post action="login.php" id="login">
<input type="text" size="16" maxlength="30" name="login" id="login_user" />
<input type="password" name="pass" id="login_pass"/>
<input name="msubmit" type="submit" value="Login" />
</form>
How can I make sure that the form gets processed through a secure line?
Do I have to add https://?
<form method=post action="https://test.com/login.php" id="login"
Any ideas?
Thanks.
Yes, the best way is to specify https:
<form method="post" action="https://domain.com/login.php" id="login">
<input type="text" size="16" maxlength="30" name="login" id="login_user" />
<input type="password" name="pass" id="login_pass" />
<input name="msubmit" type="submit" value="Login" />
</form>
Even if index.php was served through a secure channel, it is good practice to explicitly specify https on the post action because this is the request which sends sensitive data over the wire. But it is also recommended to have index.php served through https only.
Use https protocol. Also treat all the parameters as tainted - and get the PHP script to process them in a responsible fashion.
*I.e. parse (regular expressions) them and escape them if necessary when using a database/command line *