How to handle links with quotes? For example, http://samplesite.com/Users/"
I want to redirect user to error page, but I see the page with exception.
In every link of the form "http://somesite.com/SomeController/SomeAction/" "
(double quotes at the beginning of path)
Text of exception:
Server Error in '/' Application.
Illegal characters in path.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.ArgumentException: Illegal characters in path.
I want to redirect user to nice error page.
<customErrors /> - good, but it is not http error.
Did you enable the <customErrrors /> section, and on 404, redirect to the URL you want to display? I believe the same mechanism for web forms will work here, not 100% sure though...
Related
I'm using Swashbuckle for a web api app in .Net Core 3.1. I want response examples for various response codes. I can get all of them working except HTTP 500. These are the attributes on the a particular method:
[SwaggerRequestExample(typeof(GroupInfoRequest), typeof(GroupInfoRequestExample))]
[SwaggerResponseExample(Status200OK, typeof(GroupInfo200Example))]
[SwaggerResponseExample(Status400BadRequest, typeof(GroupInfo400Example))]
[SwaggerResponseExample(Status403Forbidden, typeof(GroupInfo403Example))]
[SwaggerResponseExample(Status404NotFound, typeof(GroupInfo404Example))]
[SwaggerResponseExample(Status500InternalServerError, typeof(GroupInfo500Example))]
[ProducesResponseType(Status200OK)]
[ProducesResponseType(Status400BadRequest)]
[ProducesResponseType(Status403Forbidden)]
[ProducesResponseType(Status404NotFound)]
[ProducesResponseType(Status500InternalServerError)]
I can get all of them to render except the GroupInfo500Example. The application only returns an HTTP 500 to indicate an internal exception that isn't caught by other exception handlers. It is intended to return a body that contains, among other things, a GUID that can be passed in to our support organization to help them look up the exception in the application logs. I can not get the example to render for any 5xx error. If I change it to another status code, it renders, so it's specifically the 5xx result that doesn't render. I've checked the openapi json produced and it's not produced as part of the generated JSON. Is there a filter in place that keeps 5xx response docs from showing response examples?
Finally figured it out. I was missing part of the 'ProducesResponseType' attribute. It needs to have the return type as well as the HTTP status code. This works:
[ProducesResponseType(typeof(ADServiceOperationMultipleResult<GroupActionRequestForUsers, UserQuery>), Status200OK)]
[ProducesResponseType(typeof(ADServiceOperationMultipleResult<GroupActionRequestForUsers, UserQuery>), Status400BadRequest)]
[ProducesResponseType(typeof(ADServiceOperationMultipleResult<GroupActionRequestForUsers, UserQuery>), Status403Forbidden)]
[ProducesResponseType(typeof(ADServiceOperationMultipleResult<GroupActionRequestForUsers, UserQuery>), Status404NotFound)]
[ProducesResponseType(typeof(ADServiceOperationMultipleResult<GroupActionRequestForUsers, UserQuery>), Status422UnprocessableEntity)]
[ProducesResponseType(typeof(ADServiceOperationMultipleResult<GroupActionRequestForUsers, UserQuery>), Status500InternalServerError)]
Oddly enough, some status codes were including the example without it, but now the examples appear consistently as long as I include the method return type in the attribute.
After implementing Google One Tap I noticed some JS errors on the client side (these client-side errors are caught in the browser and sent to the backend; I can see them in the backend logs but cannot reproduce the issue in the client side) for which the stack trace looks like this:
Error: A
at Object._.ad (/_/gsi/_/js/k=gsi.gsi.en_US.PmiGgqd91Pc.O/am=CQ/d=1/ct=zgms/rs=AF0KOtWwHiXCDsPbTZybnAb2zlX1YPJDGg/m=gis_client_library:109:138)
at /_/gsi/_/js/k=gsi.gsi.en_US.PmiGgqd91Pc.O/am=CQ/d=1/ct=zgms/rs=AF0KOtWwHiXCDsPbTZybnAb2zlX1YPJDGg/m=gis_client_library:299:24
at He.<anonymous> (/_/gsi/_/js/k=gsi.gsi.en_US.PmiGgqd91Pc.O/am=CQ/d=1/ct=zgms/rs=AF0KOtWwHiXCDsPbTZybnAb2zlX1YPJDGg/m=gis_client_library:241:164)
at uc (/_/gsi/_/js/k=gsi.gsi.en_US.PmiGgqd91Pc.O/am=CQ/d=1/ct=zgms/rs=AF0KOtWwHiXCDsPbTZybnAb2zlX1YPJDGg/m=gis_client_library:87:200)
at He._.l.dispatchEvent (/_/gsi/_/js/k=gsi.gsi.en_US.PmiGgqd91Pc.O/am=CQ/d=1/ct=zgms/rs=AF0KOtWwHiXCDsPbTZybnAb2zlX1YPJDGg/m=gis_client_library:85:347)
at Be (/_/gsi/_/js/k=gsi.gsi.en_US.PmiGgqd91Pc.O/am=CQ/d=1/ct=zgms/rs=AF0KOtWwHiXCDsPbTZybnAb2zlX1YPJDGg/m=gis_client_library:179:210)
at Fe (/_/gsi/_/js/k=gsi.gsi.en_US.PmiGgqd91Pc.O/am=CQ/d=1/ct=zgms/rs=AF0KOtWwHiXCDsPbTZybnAb2zlX1YPJDGg/m=gis_client_library:181:245)
at He._.l.zc (/_/gsi/_/js/k=gsi.gsi.en_US.PmiGgqd91Pc.O/am=CQ/d=1/ct=zgms/rs=AF0KOtWwHiXCDsPbTZybnAb2zlX1YPJDGg/m=gis_client_library:186:212)
at He._.l.Nb (/_/gsi/_/js/k=gsi.gsi.en_US.PmiGgqd91Pc.O/am=CQ/d=1/ct=zgms/rs=AF0KOtWwHiXCDsPbTZybnAb2zlX1YPJDGg/m=gis_client_library:186:187)
The JS code that throws this error is embedded in a <script> tag inside an <iframe> that displays the One Tap login popup and it seems to expect an AJAX response with a specific prefix; the statement that throws the error basically looks like this (minified JS):
if (!a.startsWith(")]}'\n")) throw console.error("malformed JSON response:", a), Error("A");
I checked the network requests and noticed that there is an XHR request that returns the response in this format; the endpoint is https://accounts.google.com/gsi/status (with some extra request parameters) but I cannot find any documentation from google for this endpoint.
Does anyone know would could be the cause of this error?
Thank you
On my IIS server, I'm getting a warning message logged in the server's Application Event Log on a particular variety of incoming HTTP request with a long URL. Despite the warning message, ASP.NET MVC does correctly handle the request and return the expected response back to the client.
The event log message warning message includes the following text:
Event code: 3005
Event message: An unhandled exception has occurred.
...
Process information:
Process name: w3wp.exe
....
Exception information:
Exception type: HttpException
Exception message: The length of the URL for this request exceeds the configured maxUrlLength value.
at System.Web.HttpRequest.ValidateInputIfRequiredByConfig()
at System.Web.HttpApplication.PipelineStepManager.ValidateHelper(HttpContext context)
Additional property/value information for the event log warning message:
Source: ASP.NET 4.0.30319.0
Event ID: 1309
Again, in this case the incoming HTTP request is ultimately succeeding, so unlike similar questions my question here is not how to successfully increase the max URL length for incoming requests on my server.
Rather, my question is: Given that my request is succeeding, can I prevent this (apparently spurious) warning message from being logged to my Application event log (adding noise to the log that may obscure other, "real" warnings)?
More details
This behavior (long HTTP request succeeds; warning message written to application event log) is reproducible both on my local workstation PC running Windows 10 and IIS 10, and on my production server running Windows Server 2008 R2 and IIS 7.5.
The project is being built with target framework: .NET Framework 4.5.1. (Update: The error still reproduces after rebuilding my project to target .NET Framework 4.6.1.)
The URLs that trigger the warning message to be written are long URLs (approximately 500 characters in length) of the form (for example):
https://myserver.example.com:443/api/MyDataRequestRoute/1862241,2146171,1998613,1916341,2150391,2067889,749865,2167130,1861707,1914448,668472,2170269,2162087,2024193,1857969,1869304,2162128,1980539,992479,1347745,1958431,282062,1925128,2147391,2153550,1187318,2039442,441327,1298384,2153556,1526985,1893085,2144727,2144288,1582412,2142540,2170281,1183488,1865249,1348332,1322007,2170282,2170283,1750061,2098502,1915955,905164,1353083,2099151,1347806,2160403,2147200,1191371,1347921,1909967,2017687,2012831
The URL is mapped to an ASP.NET MVC Controller method of the form:
[HttpGet]
[Route("MyDataRequestRoute/{commaSeparatedPropertyIDs}", Name = "MyDataRequestRoute")]
public HttpResponseMessage MyDataRequestRoute(string csv)
{
string xmlResult = // Code to build result based on the specified csv...
return new HttpResponseMessage()
{
Content = new StringContent(xmlResult, Encoding.UTF8, "text/xml")
};
}
In order to get these long URLs working, I previously made a few configuration changes to my application and server, specifically:
Set an UrlSegmentMaxLength value of 32766 in the server's Windows registry, per this answer.
Set attributes of the httpRuntime element in my "Api" project's web.config file:
<httpRuntime targetFramework="4.5" maxRequestLength="131072" maxUrlLength="32766" maxQueryStringLength="32766" />
Set the maxAllowedContentLength attribute of the requestLimits element in the same web.config file:
<requestLimits maxAllowedContentLength="134217728" />
I am facing an error when a user enters search string as '%' in url itself. After entering my url looks as
http://localhost:3000/search/%
Now its showing "NetworkError: 400 Bad Request - http://localhost:3000/search/%". I want to redirect to some other page and show, a bad request image when the error occurs. Please suggest me some ideas to do this.
I have attached the error image.
UPDATE
I have tried the below.
config/application.rb:
config.exceptions_app = self.routes
config/routes.rb:
match "/400", :to => "errors#bad_request"
It's not coming inside the bad_request method.
In Log i am getting error as
Invalid request: Invalid HTTP format, parsing fails.
Have you checkout this gem 'utf8-cleaner' which removes invalid UTF-8 characters from the environment so that your app doesn't choke on them.
If you want custom error pages: then look at this answer
At the second call to Client.ProcessUserAuthorization(); after I get the code from the oauth server, I get an exception: Error occurred while sending a direct message or getting the response.
Here is the last part from the log file taken with log4net, the full log is recorded in this gist: https://gist.github.com/tonyeung/5513769
2013-05-03 15:14:41,292 (GMT-5) [10] DEBUG DotNetOpenAuth.Messaging.Channel - Sending AccessTokenAuthorizationCodeRequestC request.
2013-05-03 15:14:41,393 (GMT-5) [10] DEBUG DotNetOpenAuth.Http - HTTP POST http://localhost:38828/OAuth/Token
2013-05-03 15:14:41,450 (GMT-5) [10] ERROR DotNetOpenAuth.Http - http://localhost:38828/OAuth/Token returned 400 BadRequest: Bad Request
2013-05-03 15:14:41,450 (GMT-5) [10] DEBUG DotNetOpenAuth.Http - WebException from http://localhost:38828/OAuth/Token:
{"error":"invalid_request"}
I've uploaded the solution to https://github.com/tonyeung/dotnetopenauth
The entry point is in the about action on the home controller of the Client project.
The solution is in VS2012, the latest nuget dnoa package. Nuget restore is on.
Please note that I'm implementing pieces as I need them in order to understand how the library works. I'm sure that this error is due to a missing implementation somewhere, but I'm not sure what it is?
So it looks like I was missing implementations for IsAuthorizationValid and CreateAccessToken in the Authorization Server. Please check the github repository for the stubs i put in that makes the error go away.
EDIT:
There was also a database validation error that I didn't trap. So basically any error on the server side will cause this message it looks like.
EDIT2:
There was also an issue where if the url of the page contains any non url encoded values it will throw an invalid request. In my case, my login page had a querystring parameter of returnUrl, and I had set it to /Home, which it DID NOT like, had to be: %2FHome