Hide Survey Time Created & Number of Responses

enter image description here

Hi, I am very new to SharePoint. I do not have any coding background.

I created a survey as shown in the photo. However, I am trying to hide the two columns,

  • Time Created
  • Number of Responses

Appreciate if I can get guided steps on how to hide the 2 columns. Thanks in advance.

Nginx socket reverse proxy got 503 responses on concurrent requests

I am using Nginx as a reverse proxy for my PHP base WebSocket application and I try to load test the WebSocket server with Nginx reverse proxy. And I got 503 errors when concurrent users reach around 1,000.

But when I test the PHP application directly without Nginx reverse proxy, the application can handle over 5,000 concurrent users.

My Nginx Version nginx version: nginx/1.18.0

The following is my Nginx configuration.

user nginx;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
worker_rlimit_nofile 30000;

events {
        worker_connections 10000;
        multi_accept on;
}

http {
        ##
        # Basic Settings
        ##

        sendfile on;
        tcp_nopush on;
        types_hash_max_size 2048;
        # server_tokens off;

        server_names_hash_bucket_size 128;
        # server_name_in_redirect off;

        include /etc/nginx/mime.types;
        default_type application/octet-stream;

        ##
        # SSL Settings
        ##

        ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
        ssl_prefer_server_ciphers on;

        ##
        # Logging Settings
        ##

        access_log /var/log/nginx/access.log;
        error_log /var/log/nginx/error.log;

        ##
        # Gzip Settings
        ##

        gzip on;

        # gzip_vary on;
        # gzip_proxied any;
        # gzip_comp_level 6;
        # gzip_buffers 16 8k;
        # gzip_http_version 1.1;
        # gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

        ##
        # Virtual Host Configs
        ##

        include /etc/nginx/conf.d/*.conf;
        include /etc/nginx/sites-enabled/*;
}

The following is my Nginx site configuration.

server {
  listen        80;
  listen        [::]:80;
  server_name   socket.mydomain.com;

  location / {
    proxy_pass                          http://127.0.0.1:6001;
    proxy_set_header Host               $host;
    proxy_set_header X-Real-IP          $remote_addr;

    proxy_set_header X-Forwarded-For    $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto  https;
    proxy_set_header X-VerifiedViaNginx yes;
    proxy_read_timeout                  60;
    proxy_connect_timeout               60;
    proxy_redirect                      off;

    # Specific for websockets: force the use of HTTP/1.1 and set the Upgrade header
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection 'upgrade';
    proxy_set_header Host $host;
    proxy_cache_bypass $http_upgrade;
  }
}

Is something wrong with my configuration? Or do I miss to update anything?

rest – Single item endpoint responses: List vs. object

So I’m currently working on building a restful API. Let’s keep it simple and say I have two endpoints, both GET:

/products
/products/{productId}

The first returns a list of all products, the second returns a particular product.

The response for the first endpoint would likely look something this:

(
   {
       "id": 1,
       "name": ...
   },
   ...
)

However, when designing the second endpoint, I was curious whether it would be better to return a singular object like this:

{
    "id": 1,
    "name": ...
}

or a list of one object like:

(
   {
       "id": 1,
       "name": ...
   }
)

In my mind, the former feels more clean and natural (I am getting a particular product, the endpoint should return that product to me), but I could also see arguments for the latter giving more flexibility (ie. the ability to return an empty list vs. returning null).

Indeed, what is generally accepted as a best practice response when the id of the product does not match any stored products? In the first case it seems like you could return null or an exception (404 I would assume), but the second case you would also have the option of returning an empty list (similar to what would happen for the first endpoint if there were no products at all).

Is there guidelines on best practices here? I’m mostly ignoring the wrapper aspect (eg. wrapping the data in another json object and putting the data itself in a property), but if that’s pertinent to this decision I’m fine with exploring it.

Setup Nginx as a proxy that adds a specific header to any responses

I’m putting together a few Docker containers to allow my team to spot XSS vulnerabilities in their apps by launching a Google Chrome instance using a particular proxy server. e.g.,

/Applications/Google Chrome.app/Contents/MacOS/Google Chrome --user-data-dir=/tmp --proxy-server=http://localhost:8080

Then they can navigate to any URLs, do some testing and check the results.

On port 8080 is an Nginx server which I use as a proxy to add a specific header to any responses:

Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri //localhost:9090

What this header will do is to report any CSP violations to localhost:9090 which runs a CSP report collector service.

The only thing that Nginx has to do is:

  1. Let any request through
  2. Intercept any response and add the header
  3. Let the response through

Here’s my current Nginx conf:

As you can see below I haven’t made any attempt to add the header yet (that’s fine I’ll manage this later), however I’m really struggling with point 3. I can see requests going through Nginx but nothing seems to come out of it.

events {
  worker_connections  1024;
}

http {
  server {
    listen 80;
    location / {
      proxy_pass $host;
    }
  }
}

How do I configure Nginx to do that? I’m also open to alternatives to Nginx if that’s simpler.

Handling errors in potentially incomplete responses

I am using the library geoip2 to get Geolocation of many IP adderesses


"""
input:
        str:   IP
output ordered list: 
    (0) str:   City, State, Country
    (1) tuple: (Lat; Log)
    (2) str:   Postal
"""

for i in pd.unique(df_to_print('requesterIp')):
    res = reader.city(i)
    # NOTE: Second snippet is added here
    myDict(i) = (res.city.names('en') + ", " + res.subdivisions(0).names('en') + ", " +  res.country.names('en'),(res.location.latitude, res.location.longitude), res.postal.code)

# output:  ('Calgary, Alberta, Canada', (50.9909, -113.9632), 'T2C')

Sometimes the response, which is in JSON, is missing some fields. This causes a exception.

Here is my proposed "fix", the code works as intended, but looks sinful

try:
    city = res.city.names('en')
except:
    city = "-1" 

try:
    state = res.subdivisions(0).names('en')
except:
    state = "-1" 
    
try:
    country =  res.country.names('en')
except:
    country =  "-1"
    
try:
    cord = (res.location.latitude, res.location.longitude)
except:
    cord = (-1, -1)

postal = res.postal.code if res.postal.code is not None else -1


print((city + ", " + state + ", " +  country, cord, postal)) 
# output: ('-1, -1, China', (34.7725, 113.7266), -1)

What can I do to make my code more professional and efficient?

(this will run for apx. 100K unique IPs, several times a hour; DB is local)

How do i make google form responses become public ? (all people can see , even without sign in)

Yeah the title is clear , how do i make the result of google form become public ? so anyone , including people that didn’t sign in to google , can see the result of the form . I’ve tried to search in search engine but no luck so far.

Does Google Analytics track 404 page responses as valid page views?

I’m interested to know what counts as a valid page view. I would assume a server status code in the 200 range would be valid. And anything 300, 400, 500 related would not be counted.

Can anyone confirm or point me to documentation that confirms this.

(I asked this question too Google but I get too many results on how to set up tracking for 404s. Which I don’t want. Also I couldn’t find it on the documentation, I kept getting results about handling 404 on the Data export api.)

I’m working with a single page application with short lived pages. I can see hits after the page expires which alludes me. I’m not sure how I’m getting hits days or weeks after it expires. Could it be browser caches are still executing the js and triggering a page view. If they are valid page views I should treat them as such in reports.

user tracking – Does Google Analytics track 404 page responses as valid page views?

I’m interested to know what counts as a valid page view. I would assume a server status code in the 200 range would be valid. And anything 300, 400, 500 related would not be counted.

Can anyone confirm or point me to documentation that confirms this.

(I asked this question too Google but I get too many results on how to set up tracking for 404s. Which I don’t want. Also I couldn’t find it on the documentation, I kept getting results about handling 404 on the Data export api.)

I’m working with a single page application with short lived pages. I can see hits after the page expires which alludes me. I’m not sure how I’m getting hits days or weeks after it expires. Could it be browser caches are still executing the js and triggering a page view. If they are valid page views I should treat them as such in reports.

javascript – How to handle multiple server responses in one client request (NODE)?

Hi I’m in a situation where I don’t know what is the right/best approach I’m looking for. This the sequence of events I’m looking for:

User enters some data in a FORM to find a job
On submit -> data will be passed to NODE.
Calculate how many results are found and inform the user about how much time to wait.
NODE still processing the same request to identify job location, salary etc.
Once done with all results -> reload page and display markers on map.
The issue I’m currently facing is that I cannot get 2 responses on one request. I’m aware that this is impossible so I tried changing it to two different request, but I have no clue how to pass data from one function to another. Obviously making global variables is not the most efficient way of doing it as I’m dealing with more that 25 variables.

I found the following SO question rather interesting but in my case it didn’t work or I have done it wrong. I have also tried using next() but it messes up my for loop. I have also tried setting my flash messages on res.locals but also didn’t work or I have done it wrong. I have also tried with redirect instead of render and the error remains.

The whole thing is really confusing and I have no clue how to proceed. I managed to get my program to work up until STEP 4, but I get the following error:

Error (ERR_HTTP_HEADERS_SENT): Cannot set headers after they are sent to the client
    at ServerResponse.setHeader (_http_outgoing.js:518:11)
    at ServerResponse.header (C:inetpubwwwrootmymindmappernode_modulesexpresslibresponse.js:771:10)
    at ServerResponse.send (C:inetpubwwwrootmymindmappernode_modulesexpresslibresponse.js:170:12)
    at done (C:inetpubwwwrootmymindmappernode_modulesexpresslibresponse.js:1008:10)
    at tryHandleCache (C:inetpubwwwrootmymindmappernode_modulesejslibejs.js:278:5)
    at View.exports.renderFile (as engine) (C:inetpubwwwrootmymindmappernode_modulesejslibejs.js:489:10)
    at View.render (C:inetpubwwwrootmymindmappernode_modulesexpresslibview.js:135:8)
    at tryRender (C:inetpubwwwrootmymindmappernode_modulesexpresslibapplication.js:640:10)
    at Function.render (C:inetpubwwwrootmymindmappernode_modulesexpresslibapplication.js:592:3)
    at ServerResponse.render (C:inetpubwwwrootmymindmappernode_modulesexpresslibresponse.js:1012:7)
    at C:inetpubwwwrootmymindmapperroutesfindJob.js:187:28

This is my code:

router.get('/getJob', (req, res) => {

    return res.render('dashboardPages/jobSearchEngine', {
        data: { 
            jobLocations: listOfJobLocations,
            message: req.flash('message_handler')
        }
    });
});

router.post('/setJobFields', (req, res) => {

    let numOfPages; //Number of pages according to the number of jobs found!

    //get user input 
    let job_title = req.body.job_title;
    //...

    const options = {
        //...
    }
    
    rp(options).then( (data) => { //FIND NUMBER OF PAGES

        listOfJobIds = (); //CLEAR LIST OF JOB ID's
        listOfJobLocations = (); //CLEAR LIST OF JOB LOCATIONS
        numOfPages = getNumberOfPagesToLoop(data); //Get Number of PAGES according to number of jobs found!
        rp(options).then( (data) => { //COLLECT ALL THE JOB ID's

            var jobCounter = 1;

            for(let i=0; i<numOfPages; i++){ //Loop thorugh number of pages
                //Loop through results and get all ids
                for(let j=0; j<50; j++){ //50 results per page

                    if(jobCounter <= data.numberRecords){
                        listOfJobIds.push(data.jvs(j).id);    
                    }else{
                        console.log("    > ALL JOB ID's HAVE BEEN SAVED!");
                        break;
                    }
                    jobCounter++;
                }
            }
            
            req.flash('message_handler', {
                type: 'info',
                intro: 'PROCESSING :  ',
                msg: 'Your request have been submitted. We have found ' + (jobCounter-1) + ' jobs. Please wait X SECONDS while we process your request!'
            });
            res.render('dashboardPages/jobSearchEngine', 
                {
                    data: { 
                        jobLocations: listOfJobLocations,
                        message: req.flash('message_handler')
                    }
                }
            );
            
            
            loopJobs(listOfJobIds).then( () => { //COLLECT JOB INFORMATION FOR ALL THE LISTED ID's
                req.flash('message_handler', {
                    type: 'success',
                    intro: 'DONE :  ',
                    msg: 'See the map below and click the markers to reveal the information about each job!'
                });
                
                console.log("nnn" + listOfJobLocations);

                return res.render('dashboardPages/jobSearchEngine', //ERROR HERE
                    {
                        data: { 
                            jobLocations: listOfJobLocations,
                            message: req.flash('message_handler')
                        }
                    }
                );
            }).catch( (err) => {
                console.log(err);
            });
        }).catch((err) => {
            console.log(err);
        });    
    }).catch( (err) => {
        console.log(err);
    });  
});

Again, I understand that ONE client request should receive ONE server response back. However, I’m stuck and have no clue how to proceed. Most answers from the questions I have read confused me more.

The only easy solution I can think of is to pass the flash-message and somehow display it without calling render or redirect or send or json. Any help or guidance will be much appreciated, thanks!

brute force – wfuzz show –hs responses when it should hide it

Test site: http://testfire.net/login.jsp

Error when login failed: Login Failed: We're sorry, but this username or password was not found in our system. Please try again.

Web Form

<form action="doLogin" method="post" name="login" id="login" onsubmit="return (confirminput(login));">
          <table>
            <tbody><tr>
              <td>
                Username:
              </td>
              <td>
                <input type="text" id="uid" name="uid" value="" style="width: 150px;">
              </td>
              <td>
              </td>
            </tr>
            <tr>
              <td>
                Password:
              </td>
              <td>
                <input type="password" id="passw" name="passw" style="width: 150px;">
                </td>
            </tr>
            <tr>
                <td></td>
                <td>
                  <input type="submit" name="btnSubmit" value="Login">
                </td>
              </tr>
          </tbody></table>
        </form>

The actual password is admin too. Therefore, I created simple passlist.txt for this purpose.

wolf@linux:~$ cat passlist.txt 
admin
pwd
pass
password
wolf@linux:~$ 

wfuzz flag

--ss/hs regex             : Show/Hide responses with the specified regex within the content

Here are few tests, but none of them really work.

wfuzz -cz file,passlist.txt –hs Failed -d “uid=admin&passw=FUZZ&btnSubmit=Login” http://testfire.net/doLogin

wolf@linux:~$ wfuzz -cz file,passlist.txt --hs Failed -d "uid=admin&passw=FUZZ&btnSubmit=Login" http://testfire.net/doLogin

Warning: Pycurl is not compiled against Openssl. Wfuzz might not work correctly when fuzzing SSL sites. Check Wfuzz's documentation for more information.

********************************************************
* Wfuzz 2.4.5 - The Web Fuzzer                         *
********************************************************

Target: http://testfire.net/doLogin
Total requests: 4

===================================================================
ID           Response   Lines    Word     Chars       Payload                                                                          
===================================================================

000000003:   302        0 L      0 W      0 Ch        "pass"                                                                           
000000004:   302        0 L      0 W      0 Ch        "password"                                                                       
000000001:   302        0 L      0 W      0 Ch        "admin"                                                                          
000000002:   302        0 L      0 W      0 Ch        "pwd"                                                                            

Total time: 0.517212
Processed Requests: 4
Filtered Requests: 0
Requests/sec.: 7.733766

wolf@linux:~$ 

wfuzz -cz file,passlist.txt –hs Failed -d “uid=admin&passw=FUZZ&btnSubmit=Login” http://testfire.net/login.jsp

wolf@linux:~$ wfuzz -cz file,passlist.txt --hs Failed -d "uid=admin&passw=FUZZ&btnSubmit=Login" http://testfire.net/login.jsp

Warning: Pycurl is not compiled against Openssl. Wfuzz might not work correctly when fuzzing SSL sites. Check Wfuzz's documentation for more information.

********************************************************
* Wfuzz 2.4.5 - The Web Fuzzer                         *
********************************************************

Target: http://testfire.net/login.jsp
Total requests: 4

===================================================================
ID           Response   Lines    Word     Chars       Payload                                                                          
===================================================================

000000003:   200        194 L    582 W    8519 Ch     "pass"                                                                           
000000001:   200        194 L    582 W    8519 Ch     "admin"                                                                          
000000002:   200        194 L    582 W    8519 Ch     "pwd"                                                                            
000000004:   200        194 L    582 W    8519 Ch     "password"                                                                       

Total time: 0.583132
Processed Requests: 4
Filtered Requests: 0
Requests/sec.: 6.859507

wolf@linux:~$ 

It didn’t work even thought the right user/pass combination was there.

Any idea what’s wrong in this wfuzz syntax?