Activities of "jeromevoxteneo"

Hello,

Thank you for posting the solution.

I was looking for the same, I have a synchronization system and in this case I want not to have my LastModificationTime/CreationTime updated.

It would be nice to have this kind of option to disable AbpConcepts in Abp Framework

Regards,

Thanks for your responses.

I finally make it working by following this answer: <a class="postlink" href="https://stackoverflow.com/questions/42075792/net-web-api-2-post-consuming-gzip-compressed-content/46282062#comment79550906_46282062">https://stackoverflow.com/questions/420 ... 6_46282062</a>

Implemented a delegate.

Result: Json from my mobile application is compressed and I add a header in the Content "gzip" On the Web the content is decompressed if the header is present.

Half of the size for my big call ! :)

Hello,

For performance reason, we would like to compress the content of the Post request on a mobile app that call our api.

To do so, we compress the json serialization of the parameter of the post method as following:

byte[] jsonBytes = Encoding.UTF8.GetBytes(json);
MemoryStream ms = new MemoryStream();
using (GZipStream gzipStream = new GZipStream(ms, CompressionMode.Compress, true))
{
    gzipStream.Write(jsonBytes, 0, jsonBytes.Length);                   
}
ms.Position = 0;
StreamContent content = new StreamContent(ms);
content.Headers.ContentType = new MediaTypeHeaderValue("application/json");
content.Headers.ContentEncoding.Add("gzip");

In response of the Post, we receive an error 500 with an Abp Validation error has content.

How could we configure or override the server to accept the gzip content ?

We have tried with a module to add, at Context_BeginRequest, a filter to decompress the content if the it is gzip has following, but without result. (The filter is applied, but it doesn’t help)

string requestEncoding = ctx.Request.Headers["Content-encoding"];
if (requestEncoding != null && requestEncoding == "gzip")
{
    app.Request.Filter =
         new System.IO.Compression.GZipStream(app.Request.Filter, CompressionMode.Decompress);
}

Thanks

Hi,

I was already have this configuration activated.

The problem was in ExternalLoginCallback, as the CurrentTenancyName was null and there is no tenant linked to the login Facebook, it was redirecting to the classic registration page. I change the code to handle that if there is no tenant for this login it should be link to the default one.

switch (tenants.Count)
                    {
                        case 0:
                            //Change this line because we want that by default any member that connect with Facebook be register as default tenant
                            //return await RegisterView(loginInfo);
                            tenancyName = Donaki.MultiTenancy.Tenant.DefaultTenantName;
                            break;
                        case 1:
                            tenancyName = tenants[0].TenancyName;
                            break;
                        default:
                            return View("TenantSelection", new TenantSelectionViewModel
                            {
                                Action = Url.Action("ExternalLoginCallback", "Account", new { returnUrl }),
                                Tenants = tenants.MapTo<List<TenantSelectionViewModel.TenantInfo>>()
                            });
                    }

After that I'm now able to register with facebook without the need to set a password.

Hello,

I was expecting that using aspnet zero with social login, the user didn't have the needs of choosing a password but that's not the case.

Actually when I click on Facebook icon, I'm redirected to Account/ExternalLoginCallback where I have my firstname, lastname and email prefilled and I need to provide a password.

Is there an option or something to activate to make this flow simpler:

Register with social login should logged in the user without asking to define a password.

Regards,

Hello,

Is it possible to configure the max length of the exception stored on the audit logs?

Thank's

Any news about this issue ?

Thank you, plz keep me in touch when you find a good solution to prevent this.

Actually I'm doing this in jtable as you suggest:

lastName: {
                    title: app.localize('LastName'),
                    width: '10%',
                    //TODO: Remove when XSS issue is fixed.
                    display: function (data) {
                        return $('<div/>').text(data.record.lastName).html();
                    }
                },

No I didn't. I was expecting to have a mechanism that automatically makes it.

By checking again the template have actually this issue:

Database:

see: <a class="postlink" href="http://hpics.li/088a0c3">http://hpics.li/088a0c3</a>

Url: <a class="postlink" href="http://localhost:6240/Mpa/Users">http://localhost:6240/Mpa/Users</a>

and you get an alert js. That means that an attacker can potentially run js file with the context of the domain and steal sensitive information.

In the Angular part the entry is html safed.

Yes the data showing in jtable execute the html.

So when I set in my input field: t <script>alert('security breach');</script> click on save.

jtable refresh the table and execute the script.

So I get an js alert "security breach".