Sometimes when I have wrong configuration etc connect/authorize redirects to my error page (which is empty for now) with an errorId. The question is how to read this errorId using oidc-js?
ErrorId looks like CfDJ8ObXvIAxPKdJmO-cyJSfxpRIoVoFa0SgJlnMuaCjX8vgxZ44J4sFm2S4GG6AScjL4XKZGVLv7kEiVXsQIdC7Z4S5Hz1Eyo-5Fp8DDVcU7yecNaJPl4nG8BbY3FpjSxVcLUzP2Ef4FWVCtTDD7M9p97x0W7Ll7Q-_MYdVJ6i1fzQC2Rk_j0hkkbTb-HNIYY9mE8x9jcw0PF0TPSEStlL143HaEocsp5rNsKfaW4lEbamg-lFW0qHfCplC_LvIe2r2XZX1qeRuS6BobcL5e_Avk0R7wNuWViwN2rgzaahyvEJOcEY2fMaLBGjftDCm1uQhST1FIJ60kTX5sFF6NR5CNvp-Y6X8_aEEZ9IEj1ahaVSS
'errorId' in this context is protected using serverside data protection keys so you can't do anything with it client side. However identityserver4 does provide a service for handling these errors in the form of IIdentityServerInteractionService.GetErrorContextAsync(errorId) so you can implement that in your error controller and return any information you like in the resulting view/output.
Related
I'm building a Jira App with Forge where I retrieve board data from the Jira Cloud Rest API. Data retrieval is done in a client-side script using requestJira from #forge/bridge. I'm able to successfully retrieve a list of all boards using the route /rest/agile/1.0/board but when I try to retrieve the configuration of a selected board using the route '/rest/agile/1.0/board/' + boardId + '/configuration' e.g. /rest/agile/1.0/board/4/configuration, this leads to the error response 403 "Forbidden".
In manifest.yml I have defined permissions as follows:
permissions:
scopes:
- read:jira-work
One should think that this should be enough for retrieving board configurations, particularly since the retrieval of the board list was successful. If not, then what is the required permission in this case? Or what else might be going wrong here?
I also tried executing api.asApp().requestJira('/rest/agile/1.0/board/4/configuration',{}) from #forge/api on the server side. Result was the same, i.e. also a 403 response.
The route /rest/agile/1.0/board/4/configuration works fine when pasted into a browser's address field after the URL of my dev instance.
Background:
I'm setting up error handling in an ASP.NET Core 2.2 MVC app. When in development environment, I use the app.UseDeveloperExceptionPage();, and in production - app.UseExceptionHandler("/Error/Index");. I am navigated to the correct error page during non-AJAX (regular form submission) requests based on the environment.
If an exception occurs in the server during an AJAX request, I want the app to display the correct error page depending on the environment.
I have already set up all of what I described above, as you can see in my code examples below.
Problem/Concern:
While this works (though still have to complete the TODO in InitializeGlobalAjaxEventHandlers function), I have some concerns.
With non-AJAX calls in MVC, it feels like there is a "official/correct" way to do it with app.UseDeveloperExceptionPage(); and app.UseExceptionHandler("/Error/Index");, which automatically redirects the program to the error page. With the AJAX end of error handling, however, I don't feel as confident because I pieced it together with parts from different solutions I've researched. I'm worried I'm not aware of what could go wrong.
Question:
Is this the proper way to handle errors during AJAX requests in MVC? Could something possibly go wrong with this set up? Is this in any way improper or too far from common standards?
Code:
Startup.cs > Configure method:
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
//using build config to use the correct error page: https://stackoverflow.com/a/62177235/12300287
//Reason why we don't use environmental variables is because we can't guarantee access to clients'
//machines to create them.
#if (DEVELOPMENT || STAGING)
app.UseDeveloperExceptionPage();
#else
app.UseExceptionHandler("/Error/Index");
// The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
app.UseHsts();
#endif
app.UseHttpsRedirection();
app.UseStaticFiles();
//app.UseCookiePolicy();
app.UseAuthentication();
app.UseMvc(routes =>
{
routes.MapRoute(
name: "default",
template: "{controller=UserAccess}/{action=Index}/{id?}");
});
}
ErrorController.cs:
public class ErrorController : Controller
{
[AllowAnonymous]
public IActionResult Index()
{
IExceptionHandlerPathFeature exceptionDetails = HttpContext.Features.Get<IExceptionHandlerPathFeature>();
Exception exception = exceptionDetails?.Error; // Here will be the exception details.
Error model = new Error();
model.ID = exception.HResult;
model.Message = exception.Message;
model.Path = exceptionDetails.Path;
return View(model);
}
}
Global AJAX error event handler (the if statement is to handle authentication):
function InitializeGlobalAjaxEventHandlers() {
$(document).ajaxError(function (event, xhr, ajaxSettings, thrownError) {
//status is set in the [AuthorizeAjax] action filter if user isn't authenticated
if (xhr.status == 403) {
var response = $.parseJSON(xhr.responseText);
window.location = response.redirectUrl;
}
//the document HTML is replaces by responseText value, which contains the HTML of error page
document.write(xhr.responseText);
//TODO: will need to display an error page if responseText is empty, which
//can happen if an AJAX request doesn't reach the server (for example: if URL is incorrect).
});
}
As you explain, there are two threads of code to consider. One is at the client and the other at the server.
Whilst the server can return codes and messages for non-expected results, the client must still be robust and stand-alone. For example, if the server cannot be reached, a time-out error can occur at the client which it must handle. As mentioned above, you can catch errors at the local and global Ajax level.
The server may also generate an error response that never reaches the client.
In some projects I have performed the following:-
If a non-expected result is generated on the server, it is logged in a database and returns an JSON message as an error.
If a non-expected result is generated on the client, a server service is called to log the error on the database.
In both cases, a message is displayed in the current page. A user can also navigate to an error page where recent errors (stored in the database) are displayed.
Working on many project of varying sizes, I've come to the conclusion that there isn't really a solution that fits everything
Is this the proper way to handle errors during AJAX requests in MVC? Could something possibly go wrong with this set up? Is this in any way improper or too far from common standards?
As far as I know, there are no unified/official way of handling Ajax errors in ASP.NET Core MVC project.
Normally we show specific confirm message/content through Ajax error callback function if the Ajax request fails rather than directly displaying detailed exception information to client user, which would help achieve a better customer experience.
If you have specific requirement that requires displaying the Developer Exception Page/custom error page while Ajax request fails, as you did, you can dynamically write the returned responseText to the HTML document using document.write(xhr.responseText); in global error handler.
I am totally new to braintree and was just trying out the tutorial (javascript for client and JAVA on the server side)
I created a simple HTML file basically just wrapping the "Hello Client" example. I had also tried using both the given clientToken provided in the example and one I obtained from the sandbox account.
However, after I filled out a valid credit information and tried to submit the form, I've got this error:
"There was an error processing your request. Try again"
And this error occurred BEFORE the form submission was actually sent to the server; braintree.js seems to have intercepted the submission and did some authorization with its server, and thats where the error above came from
I looked at the chrome developer console and saw the requests were like this:
Request URL:https://client-analytics.sandbox.braintreegateway.com
Params:
authorizationFingerprint: [some fp]
sharedCustomerIdentifierType:undefined
analytics[][kind]:dropin.web.inline.add-card.fail
_meta[platform]:web
_meta[platformVersion]: [some value]
_meta[integrationType]:dropin
_meta[sdkVersion]:braintree/web/2.3.3
_meta[merchantAppId]:file:///Users/jiayaohan/Desktop/card.html
braintreeLibraryVersion:braintree/web/2.3.3
_method:POST
callback:callback_json9
And the status code itself was OK (200), but in the response, the content was:
callback_json9({status:201})
Anyone knows what might go wrong with this very simple hello-world client setup? (noted that I've tried using both the given example client Token and one derived from my own sandbox account, but the same error happened)
Thanks!
I work at Braintree.
It looks like there was a failure adding a card. Are you using the available testing card credentials?
Sandbox only accepts certain test numbers, so that could be your issue. The most commonly used test number is 4111111111111111.
I can't figure out how I should use i18n-node module inside my application.
Within views, for static texts, it's easy, it works perfectly but...
Here is my problem :
Sometimes I have to set some error messages or something else, e.g :
req.flash('message', __('Unknown user %s', login));
Then I'll have to send this message to my views, e.g :
res.render('myview', {message: req.flash('message')});
But first, my message "Unknown user %s" will only be set in the default language json file, and then even if I put "Unknown user %s": "Something in the client language" in the client language json file, it will still display "Unknown user myUserLogin".
Does someone have a good working example to share ?
Edit: And because, there is a variable in the translated string, I can't just do that :
res.render('myview', {message: __(req.flash('message'))});
because it will set "Unknown user myUserLogin" in the client language json file, instead of "Unknown user %s"...
I know this question is kind of old, but I ran into the same issue and found a solution.
Since your using the flash method from the req object, you should also use the __ method available in the same object:
req.flash('message', req.__('Unknown user %s', login));
This way it's gonna be translated using the current locale of the request.
I am getting an error when I use JavaScript remoting and have my URLReWriter turned on on my Force.com SIte. The error does not occur when using JavaScript Remoting with the URL ReWriter turned off.
The error is as follows
Exception Error parsing json response: 'Unexpected token <'. Logged in?
I'm confused as to why this is occuring. If I have no checks for being logged in in my URL ReWriter (or visualforce page) why should this occur?
Has anyone ever come across something similar to this before? I noted the following https://salesforce.stackexchange.com/questions/4112/possible-oauth-remote-action-bug but in my case I am not using authentication on my site for the test page that I created & I'm wondering why it mentions "login".
Is it possible that URLRewriters and JavaScript Remoting currently do not work together in general?
Thanks in advance for any help on this.
Can you try debugging it server side? Add "your_site_name Guest User" to the debug logs and try the action. If you're lucky you'll see something going wrong (in the remote action? in rewriter?) and I suspect this uncaught problem causes a redirect to maintenance page (which will be HTML, not JSON)...
If not - use Firebug or similar tool to inspect request & response in detail? Or event.status?
Can it be something related to permissions? http://www.salesforce.com/us/developer/docs/pages/Content/pages_js_remoting.htm Or if you're returning html - I think you should have {escape:true}?
Does it happen in any browser? Maybe something doesn't like redirects caused by the URL rewriter. I've seen cases (not with Salesforce though) that antivirus software sometimes was adding some strange javascript at the end of certain websites and they had to be whitelisted...
The error may also happen due to parser error when page recieves status message from remote action function.
For example i tried Remote Action with attachment
#RemoteAction
public attachment attach(String body){
attachment a=new attachment();
a.body=body;
a.name='a.png'
insert a;
return a;
}
On the above code i receive error since SFDC does not parse the attachment object.SO if there are parser errors we get this message .
As a workaround i send as a wrapper .Hence i would suggest to investigate the return parameter of remote action and also wrapping it as workaround .
Hope this helps