Resolving Checkmarx issues reported
So, here we are using input variable String[] args without any validation…
December 19, 2017
You are developing a nodejs web application having some UI and backend APIs (express). You encounter the following issue:
response to preflight request doesn't pass access control check: no 'access-control-allow-origin' header is present on the requested resource. origin 'https://yourweb.com' is therefore not allowed access
Well, none of them works (at least in my case)!
So, UI was calling an API to fetch user information, and since the user is not authenticated. Backend denied the request, and send a 302 redirect to OKTA url. Since UI was calling API via XHR. And, when it got the redirect URL, and XHR automatically tries to load that OKTA URL, and failed as expected.
Note: No additional header will solve this issue. And, this is not related to CSP.
See code below:
$(document).ajaxError((e, x) => {
if (x.status === 401) {
//In case we got an unauthorized then please do redirect and
// load the login page
storage.set('callback', window.location.hash);
window.location = jQuery.parseJSON(x.responseText).redirectUrl;
}
//else handle something
});
Ahh, this problem ate my 2 days.
So, here we are using input variable String[] args without any validation…
Introduction While this topic may applicable to all mysql/mariadb users who…
Introduction In your backend and frontend projects, you always need to deal with…
Introduction Consider a scenario where you are building a docker image on your…
I wanted to fetch all image tags from a big html, and wanted to perform some…
Introduction I was trying to integrate Okta with Spring, and when I deploy the…
Introduction So you have a Django project, and want to run it using docker image…
Introduction It is very important to introduce few process so that your code and…
Introduction In this post, we will see a sample Jenkin Pipeline Groovy script…
Introduction We often require to execute in timed manner, i.e. to specify a max…
Introduction In some of the cases, we need to specify namespace name along with…
Introduction In most of cases, you are not pulling images from docker hub public…