Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Activity
Caleb Rogers
@komali2
At least now the sails server is seeing the request
Caleb Rogers
@komali2
I found a weirdly relevant question: https://stackoverflow.com/questions/55079264/sails-js-how-to-get-csrf-to-use-in-vuejs but one user says to create a controller/action instead of using grant-csrf-token (not sure why) and another says not to use security/grant-csrf-token in production (also not sure why)
Jarrod
@nahanil
Could be something something CORS if different hostname/port https://sailsjs.com/documentation/concepts/security/cors#?enabling-cors
Caleb Rogers
@komali2
Right but I've got that sorted I think cors: {
allRoutes: true,
allowOrigins: ['http://localhost:8080'],
// allowCredentials: false,
},
8080 is the port my dev webapp is being served off of
Yea, it's something with csrf, if i disable that entirely, i can get requests though
Caleb Rogers
@komali2
I've summed it all up in a stackoverflow question if someone wants to take a crack at it: https://stackoverflow.com/questions/65696542/getting-401-error-on-xhr-request-from-local-frontend-app-to-local-backend-sails
Octavian Susnea
@sneakersgames
does anyone know if waterline can handle read replication like sequelize does (https://sequelize.org/master/manual/read-replication.html)?
6 replies
Brijesh Borad
@brijeshborad
Hello
I am using SailsJS with MySQL. I am built a food delivery app. When I tried to assign an order to the driver and after that auto-migrating script is getting run. Migrate is declared as 'safe' in config already. It is not mentioned in any other model. I am not sure from where this auto-migrating script is getting run.
Also sometimes i am getting "Pool is Closed" error. Can anyone help for this?
kiapkiap
@kiapkiap
Hi, anyone know how to read uploaded file without sails lift?
Jorge Vargas
@jorgevrgs
@komali2 check your policies.
Caleb Rogers
@komali2
Thanks Jorge, yup just found that out haha. Updated the stack overflow answer
Ok, new question. On https://sailsjs.com/documentation/concepts/security/csrf it says "You can choose to send the CSRF token as the X-CSRF-Token header instead of the _csrf parameter." However in a test route I have (same as in the stack overflow question above, actually), I'm noticing that my OPTIONS request (preflight), the response headers looks like Access-Control-Allow-Headers content-type, as in, it probably won't allow the x-csrf-token header. And indeed, if I make the request with that header present, I get "Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://localhost:1337/recipe. (Reason: header ‘x-csrf-token’ is not allowed according to header ‘Access-Control-Allow-Headers’ from CORS preflight response)." Sup with that?
I only took this step after failing to get a 200 on requests when I tried including _csrf in the body of my POST request
(with a token I got back from the csrf request action)'security/grant-csrf-token
Caleb Rogers
@komali2
The answer is adding allowRequestHeaders: 'x-csrf-token,content-type' to config/security.js cors object, just curious why it iddn't mention that in the docs
Alright, so now my question is, why am I getting 403s on POSTs (that worked before i turned on csrf), both if I try including the csrf token in the body as _csrf, or, in the headers as x-csrf-token ?
Actually, my terminal that's running sails isn't even showing the requests (it would show 401s previously when I was having the issue with policy rejection)
Bolstered by this response: https://stackoverflow.com/questions/26795796/sailsjs-csrf-mismatch-error-customize I should probably be seeing an error about csrf rather than just a generic 403 with no helper text, maybe this isn't csrf related... but it only started happening when i switched csrf on
sudo-apt-get-updates
@sudo-apt-get-updates
how do you extend the vue router so its supported on multiple pages?
at the moment u have to shove all ur code into 1 <name>.page.js for the vue router. but what happens if for example u want to support that page on 30 diff pages (like a setting navigation)
then u have to reuse the <name>.page.js but sails only allows u to have 1 per page
eoregel
@eoregel

Hi everyone. Sails (1.2.3) with Node backend app issue.
I'm having issue below:
ERR error: Unable to parse HTTP body- error occurred :: 'Error: EUNFNTEX: Timed out waiting for known text parameters to finish streaming their bytes into the server.\n at setTimer (/home/vcap/app/node_modules/sails/node_modules/skipper/lib/private/Parser/prototype.parseReq.js:182:23)\n at Timeout.<anonymous> (/home/vcap/app/node_modules/sails/node_modules/skipper/node_modules/async/dist/async.js:2959:48)\n at Timeout._onTimeout (/home/vcap/app/node_modules/sails/node_modules/skipper/node_modules/async/dist/async.js:339:31)\n at ontimeout (timers.js:498:11)\n at tryOnTimeout (timers.js:323:5)\n at Timer.listOnTimeout (timers.js:290:5)'

This happens with a feature from our front end that parses a CSV and sends that data in json to backend, but the request fails with the error above.

I've tried updating default timeout from 5ms to 5000ms in node_modules/skipper/lib/Parser/prototype.parseReq.js ~linw:160 function finally_waitForTextParams().
I've also tried setting an environment variable in my manifest file to increase max http header size with NODE_OPTIONS: --max_old_space_size=4096.
Both haven't helped.

Anyone encounter this before or have any recommendations for what to try?

5 replies
eoregel
@eoregel
Sorry. Mistake in my original message. I used —max-http-header-size=64000. I’ll see what I can share from the request. It’s an internal project for work.
Daniel Handley
@mbcx6djh
@AciDev Did you ever sort the 'Property or method "test" is not defined on the instance but referenced during render' error as I'm facing the same? Data is in the controller but I can't get it to pass to the view. All working fine if I replicate the Code in a web app - just not when I run in Empty App... hope you managed to source a solution?
Eden Corbin
@edencorbin
Struggling with 1.4.0 removing color from logs, using winston, have set color: false and colorize: false in just about every parameter, and every log gets: \u001b[32m info: \u001b[39m appended.
King Etiosasere
@iyosayi

Hi all, I am getting issues trying to start sails using sails lift. I keep getting these error messages 

error:                                                                                                                      
error: Error: Sails is taking too long to load.                                                                             

--  --  --  --  --  --  --  --  --  --  --  --  --  --  --  --  --  --  --  --  --                                          
 Troubleshooting tips:                                                                                                      
  -• Were you still reading/responding to an interactive prompt?                                                            
     (Whoops, sorry!  Please lift again and try to respond a bit more quickly.)                                             

  -• Do you have a lot of stuff in `assets/`?  Grunt might still be running.                                                
    (Try increasing the hook timeout.  Currently it is 40000.                                                               
     e.g. `sails lift --hookTimeout=80000`)                                                                                 

  -• Is `blueprints` a custom or 3rd party hook?                                                                            
    (*If* `initialize()` is using a callback, make sure it's being called.)                                                 
--  --  --  --  --  --  --  --  --  --  --  --  --  --  --  --  --  --  --  --  --                                          

    at Timeout.tooLong [as _onTimeout] (K:\PC\pods\node_modules\sails\lib\app\private\loadHooks.js:191:21)      
    at listOnTimeout (internal/timers.js:551:17)                                                                            
    at processTimers (internal/timers.js:494:7)                                                                             

error: Could not load Sails app.                                                                                            
error:                                                                                                                      
error: Tips:                                                                                                                
error:  • First, take a look at the error message above.                                                                    
error:  • Make sure you've installed dependencies with `npm install`.                                                       
error:  • Check that this app was built for a compatible version of Sails.                                                  
error:  • Have a question or need help?  (http://sailsjs.com/support)

I have removed Grunt tasks from running, I also removed all custom hooks from running but I don't get why these errors still keep occurring. It normally happens when I set the migration method to alter. If I keep it on safe, the server starts up easily, but on alter or drop, I always have the issue. I am actually confused. Could it be that another hook might be running somewhere.?
I don't know about any blueprints hook that might be running. I went through the blueprints.js file and everything seems normal there, as its a single export with some properties.

Please I need som help, I have been stuck on this for three days now.
Jason David Miller
@designbymind
Hey @svenvarkel which version of Sails are you using? — I'm trying to update from MongoDB 3.6 to 4.x (preferably 4.4). Thanks man!
sudo-apt-get-updates
@sudo-apt-get-updates
How do you proxy external images on Sails js to prevent external chimpanzees from fetching browser info, ip addresses, and header info (so things like referrals)
Which could be considered a security risk (not by Sails js, just web security overall since you don't want chimps having access to customer data when you allow external urls)
or whats the best solution if not proxy?
Atm what I'm doing is fetching and uploading the image to an internal storage server (buckets), using clam av, to scan, and then compressing
but then you run into problem two
which is then it takes forever to finish the query since too much overhead
and was wondering if like
a new route could be created, like so
myapp.com/proxy/<new_image_url>.png
and then they're viewing it from your website, rather than an external website. so ur website just proxies it for the user, which is more safe than the user downloading it directly from the external website. that way apes dont go nuts and steal user data
sudo-apt-get-updates
@sudo-apt-get-updates
also now that i think of it
if ur just proxying like that
then whats stops a malicious actor from being like "okay bucko" and then posting a .php or .js hidden as a .png
and trying to go bananas that way, so then u run into a new problem which is
myapp.com/proxy/<new_image_url>.zip??
so then u would have to prefetch the image regardless? that way u can check mime types and all that jazz? and at that point u might as well scan with clamav?
but now that i think of it, they can't go full bananas right? because even if its .zip, or .php, or .js, u wouldnt be downloading the image, just proxying it?
but now that i think of it even more, they can actually go full donkey kong, because if they somehow trick it to be .js, especially with the .js file type or mime type, then ur website would render a .js file???
bro what the heck is this crud, so either ur screwed or screwed because theres no way to proxy images safely? but google apparently proxies for gmail without prefetching?
https://blog.filippo.io/how-the-new-gmail-image-proxy-works-and-what-this-means-for-you/
sudo-apt-get-updates
@sudo-apt-get-updates
man life is too short for this, i'm chimping out right now