tracking – HTTP email links

Some emails that I receive have links that “route” through HTTP. I think that usually these links resolve with HTTPS “final” destinations.

The emails that I speak of are from companies that I need to interact with (or at least unsubscribe from).

I know nothing about web development and popular web development programming languages.

Should I just click on them and not be concerned or is there a way to enhance security (with my novice level knowledge)?

webserver – How strict should I be in rejecting unexpected HTTP request parameters redux?

I read this: How strict should I be in rejecting unexpected query parameters?

Answer: No, do not error out on unexpected query string parameters.

But I just got a requirement from our security guy that I must do so. Not only for unexpected query string, but also unexpected cookies, headers, and unexpected everything. Reasoning:

It is possible that some component in the tech stack has a vulnerability like buffer overflow, sql injection, or other vulnerabilities of this sort. Unexpected data in requests may be a malicious attempt to find and exploit such a vulnerability. Therefore it is needed to return a 4xx response in such a situation. The blackbox should be configured to detect a spike of 4xx responses and react appropriately: ban the ip that produces such responses, notify the admin that the server is under attack, and the likes. The 4xx response is not meant for the attacker but for our security systems.

I don’t know… it seems to make sense, but it contradicts advice found in stack exchange sites.

Where is the error of such reasoning?

How to create OAuth client ID for new ASW ec2 instance under http?

Hallo,
I installed ASW ec2 instance
with Selected Ubuntu 20, Free tier eligible
and I got instance with root like
SEMrush

http://ec2-NN-NN-NN-NN.eu-central-1.compute.amazonaws.com/

Code (markup):

I have installed laravel 8/vuejs app and my app using OAuth client ID
For my local server (Ubuntu 18 on my laptop) I created client key with url

http://127.0.0.1:8000

Code (markup):

But I failed to make the similar for my ASW ec2 instance : https://imgur.com/a/tIQiPAe
1) If there is a way to create OAuth client ID for AWS http url,like I have by default?
2) If no, please point how can I move my app under https ?
Is this function accessible for Free tier eligible instance ?

3) Actually I created this Free tier eligible instance for practice and later I will get from client
other ASW ec2 instance, but I would like how can I do it. Please link to related services in AWS console, docs…

Thanks!

 

Making an HTTP subrequest causes CurrentRouteMatch to have the wrong route

For complicated and unpleasant reasons(*), I want to embed entity data from the JSONAPI module inside JSON returned from a REST module resource.

I am trying to do this by making an HTTP subrequest to tge JSONAPI module route within the REST module resource class.

Like this:

    $kernel = Drupal::service('http_kernel');

    $current_request = Drupal::request();

    $request = Request::create('/jsonapi/paragraph/' . $paragraph->bundle() . "https://drupal.stackexchange.com/" . $paragraph->uuid->value);
    $request->setSession($current_request->getSession());

    $response = $kernel->handle($request, HttpKernelInterface::SUB_REQUEST);
    $json = $response->getContent();
    $data = json_decode($json, TRUE);

I get the data I want and it’s great!

However, the request to the REST resource endpoint crashes with this:

SymfonyComponentSerializerExceptionNotEncodableValueException: Serialization for the format “api_json” is not supported. in SymfonyComponentSerializerSerializer->serialize() (line 112 of /var/www/vendor/symfony/serializer/Serializer.php).

This is because in DrupalrestEventSubscriberResourceResponseSubscriber->getResponseFormat(), $route = $route_match->getRouteObject(); is the JSONAPI module route from the subrequest, and not the route from the main request.

What am I doing wrong with my subrequest?

(*) Enormous amount of custom code powering a REST resource for a decoupled front end. I want to change it to using JSONAPI but it’s a massive change with huge repercussions on the frontend. Changing over gradually to JSONAPI by switching some paragraph types to the JSONAPI format. Could call the JSONAPI module’s PHP code directly, but that’s not a public API and so future versions of Drupal could break it. Making a subrequest is using the API and so more maintainable.

sharepoint online – Flow To POST Direct Link of Image to HTTP Endpoint

I am having some issues with image sharing in SharePoint when using flows.

My end goal is to have the flow:

  1. Trigger when a file is uploaded
  2. Make a HTTP POST request to an endpoint with a direct link to the image.

I have it all working but my issue is getting the direct link to the image. Using the following action creates a shareable link, but it is not a direct link to the image itself:

Sharepoint sharing link

Error Access to XMLHttpRequest at “http” from origin has been blocked by CORS policy – Graph API –

I would like to retrieve list of recent files from a particular document library or site for the logged on user

This is using a content editor on a sharepoint classic site

When i run the code below i get error below

Access to XMLHttpRequest at ‘https://login.microsoftonline.com//oauth2/v2.0/token/’ from origin ‘https://tenant.sharepoint.com’ has been blocked by CORS policy: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.

Using the code below to get an access token and i get the error above

 var token;  
 $(document).ready(function () {  
     requestToken();  
 });  
    
 function requestToken() {  
     var clientId = ""
     var clientSecret = ""
     var tenantID = ""
     var uri = "https://login.microsoftonline.com/"+ tenantID + "/oauth2/v2.0/token"
    
     $.ajax({  
         "async": true,  
         "crossDomain": true,  
         "url": "https://login.microsoftonline.com/tenantName/oauth2/v2.0/token", // Pass your tenant 
            
            
         "method": "POST",  
         "headers": {  
             "content-type": "application/x-www-form-urlencoded"  
         },  
         "data": {  
             "grant_type": "client_credentials",  
             "client_id ": clientId, //Provide your app id      
             "client_secret": clientSecret, //Provide your secret      
             "scope ": "https://graph.microsoft.com/.default",
             "redirectUri" :  "https://tenantName.sharepoint.com"
         },  
         success: function (response) {  
             console.log(response);  
             token = response.access_token;  
             console.log(token);  
                
         },  
         error: function (error) {  
             console.log(JSON.stringify(error));  
         }  
     })  
 }  

I have setup the app registrations and also added Redirect URIs for SPA and Web

Not sure what else I’m missing. Do i need any other settings in azure?

Thanks in Advance

encryption – iPad Attempting 10,000+ HTTP Requests within 5 Minutes

encryption – iPad Attempting 10,000+ HTTP Requests within 5 Minutes – Ask Different

encryption – iPad Attempting 10,000+ HTTP Requests within 5 Minutes

encryption – iPad Attempting 10,000+ HTTP Requests within 5 Minutes – Ask Different

http request – Drupal 8 and 304 Responses / Revalidations

We have a Drupal 8 site, using nginx and Adv/Agg with typical settings.

Our server never returns 304 response codes to requests for html documents, even if the etag is unchanged. It always returns a 200 response.

The server will return 304s for image files, css, js, pdf etc. But never for html requests. Verified by doing “if-none-match” curls, reviewing access logs, etc.

Can someone tell us whether this is expected behavior?

If it is expected behavior – why? Isn’t the purpose of the etags to support revalidation?

If it is not expected behavior, any suggestions for troubleshooting would be appreciated.

Media Library http to https

My website is currently displaying mixed content because the images from Media Library are in http.

I’ve used a few plugins to update the URL and search and replace all http references to https.

I’ve updated the site url and site address via mysql.

However, media library is still inconsistently using http://.

Where else do I have to update for Media Library to change to https?

DreamProxies - Cheapest USA Elite Private Proxies 100 Private Proxies 200 Private Proxies 400 Private Proxies 1000 Private Proxies 2000 Private Proxies ExtraProxies.com - Buy Cheap Private Proxies Buy 50 Private Proxies Buy 100 Private Proxies Buy 200 Private Proxies Buy 500 Private Proxies Buy 1000 Private Proxies Buy 2000 Private Proxies ProxiesLive Proxies-free.com New Proxy Lists Every Day Proxies123