Any News?
If you're creating a bug/problem report, please include followings:
Open link :;;;:;base64______%2CPHNDcklwdCA%2BcHJvbXB0KDk1ODYpPCAvU2NSaXBUP g==
After login, return to Application button href will run the injected base64 script instead of going back to application
<div class="mb-2 row"> <div class="col"> <a class="btn btn-primary" id="returnUrlLink" href="data:;;;:;base64______,PHNDcklwdCA+cHJvbXB0KDk1ODYpPCAvU2NSaXBUPg=="> <i class="fa fa-chevron-left mr-2"></i>Volver a la aplicación </a> </div> </div>
My Application is currently under Pentration Test by Government and they won't give me a license if I didn't solve this threat.
same here
Did you enable the WebSocketfeature?
Yes I did and It didn't sovle the problem.
And I even changed IIS ARR URL Redirect to K8S Ingress and it didn't solve the problem!
The problem was not with IIS nor Ingress it was with Cloudflare Minimize Js and Css. I disabe it and It worked !
Thank you.
When we open blazor server web from localhost URL (which is localhost:44314) it works without any problem When we open blazor server web from domain URL ( it stuck on background screen like this :
These are blazor server web logs for localhost and requests :
[11:12:47 INF] Executed endpoint '/_blazor'
[11:12:47 INF] Request finished HTTP/1.1 GET https://localhost:44314/_blazor?id=uF18SGRpW46_Uj84M32d5Q - - - 101 - - 353825.4369ms
[11:12:47 INF] Request starting HTTP/1.1 POST https://localhost:44314/_blazor/disconnect multipart/form-data;+boundary=----WebKitFormBoundary6H5AkrTlek70VZIU 359
[11:12:47 INF] Executing endpoint 'Blazor disconnect'
[11:12:47 INF] Executed endpoint 'Blazor disconnect'
[11:12:47 INF] Request finished HTTP/1.1 POST https://localhost:44314/_blazor/disconnect multipart/form-data;+boundary=----WebKitFormBoundary6H5AkrTlek70VZIU 359 - 200 0 - 4.2039ms
[11:13:04 INF] Request starting HTTP/2 GET https://localhost:44314/ - -
[11:13:04 INF] Executing endpoint '/_Host'
[11:13:04 INF] Route matched with {page = "/_Host", action = "", controller = "", area = ""}. Executing page /_Host
[11:13:04 INF] Skipping the execution of current filter as its not the most effective filter implementing the policy Microsoft.AspNetCore.Mvc.ViewFeatures.IAntiforgeryPolicy
[11:13:04 INF] Executing an implicit handler method - ModelState is Valid
[11:13:04 INF] Executed an implicit handler method, returned result Microsoft.AspNetCore.Mvc.RazorPages.PageResult.
[11:13:04 INF] Executed page /_Host in 47.9573ms
[11:13:04 INF] Executed endpoint '/_Host'
[11:13:04 INF] Request finished HTTP/2 GET https://localhost:44314/ - - - 200 - text/html;+charset=utf-8 52.9126ms
[11:13:04 INF] Executed endpoint '/_blazor'
[11:13:04 INF] Request finished HTTP/1.1 GET https://localhost:44314/_blazor?id=VLwxJPC1xKpfedXSLdIVRQ - - - 101 - - 169640.5335ms
[11:13:04 INF] Request starting HTTP/2 POST https://localhost:44314/_blazor/disconnect multipart/form-data;+boundary=----WebKitFormBoundaryU1P6wVPCJDstCeJC 359
[11:13:04 INF] Executing endpoint 'Blazor disconnect'
[11:13:04 INF] Request starting HTTP/2 GET https://localhost:44314/__bundles/Blazor.LeptonTheme.Global.D8E7FFCED8296200CA04CF2C3E1E76E9.css?_v=637780985056135159 - -
[11:13:04 INF] Request starting HTTP/2 GET https://localhost:44314/__bundles/Blazor.LeptonTheme.Global.B7C1A01BBF10A40E7A8DFE398B3A12BA.js?_v=637780985063819269 - -
[11:13:04 INF] The file /__bundles/Blazor.LeptonTheme.Global.D8E7FFCED8296200CA04CF2C3E1E76E9.css was not modified
[11:13:04 INF] The file /__bundles/Blazor.LeptonTheme.Global.B7C1A01BBF10A40E7A8DFE398B3A12BA.js was not modified
[11:13:04 INF] Request finished HTTP/2 GET https://localhost:44314/__bundles/Blazor.LeptonTheme.Global.D8E7FFCED8296200CA04CF2C3E1E76E9.css?_v=637780985056135159 - - - 304 - text/css 0.5486ms
[11:13:04 INF] Request finished HTTP/2 GET https://localhost:44314/__bundles/Blazor.LeptonTheme.Global.B7C1A01BBF10A40E7A8DFE398B3A12BA.js?_v=637780985063819269 - - - 304 - application/javascript 0.5461ms
[11:13:04 INF] Request starting HTTP/2 POST https://localhost:44314/_blazor/negotiate?negotiateVersion=1 text/plain;charset=UTF-8 0
[11:13:04 INF] Executing endpoint '/_blazor/negotiate'
[11:13:04 INF] Executed endpoint '/_blazor/negotiate'
[11:13:04 INF] Request finished HTTP/2 POST https://localhost:44314/_blazor/negotiate?negotiateVersion=1 text/plain;charset=UTF-8 0 - 200 316 application/json 4.8935ms
[11:13:04 INF] Request starting HTTP/2 GET https://localhost:44314/_content/Volo.Abp.AspNetCore.Components.Web.LeptonTheme/assets/backgrounds/bg-transparent.png - -
[11:13:04 INF] The file /_content/Volo.Abp.AspNetCore.Components.Web.LeptonTheme/assets/backgrounds/bg-transparent.png was not modified
[11:13:04 INF] Request finished HTTP/2 GET https://localhost:44314/_content/Volo.Abp.AspNetCore.Components.Web.LeptonTheme/assets/backgrounds/bg-transparent.png - - - 304 - image/png 0.5240ms
[11:13:04 INF] Request starting HTTP/2 GET https://localhost:44314/favicon.ico - -
[11:13:04 INF] The file /favicon.ico was not modified
[11:13:04 INF] Request finished HTTP/2 GET https://localhost:44314/favicon.ico - - - 304 - image/x-icon 0.5405ms
[11:13:04 INF] Request starting HTTP/1.1 GET https://localhost:44314/_blazor?id=kx1ruEJxFhJjYxmpi7IpKw - -
[11:13:04 INF] Executing endpoint '/_blazor'
[11:13:04 INF] Authorization failed. These requirements were not met:
PermissionRequirement: SettingManagement.Emailing
[11:13:04 INF] Authorization failed. These requirements were not met:
PermissionRequirement: AbpIdentity.SettingManagement
[11:13:04 INF] Authorization failed. These requirements were not met:
PermissionRequirement: LeptonThemeManagement.Settings
[11:13:04 INF] Authorization failed. These requirements were not met:
PermissionRequirement: AbpAccount.SettingManagement
[11:13:04 INF] Authorization failed. These requirements were not met:
DenyAnonymousAuthorizationRequirement: Requires an authenticated user.
[11:13:04 INF] Request starting HTTP/2 GET https://localhost:44314/images/logo/logo-light.png - -
[11:13:04 INF] The file /images/logo/logo-light.png was not modified
[11:13:04 INF] Request finished HTTP/2 GET https://localhost:44314/images/logo/logo-light.png - - - 304 - image/png 0.5681ms
[11:13:04 INF] Request starting HTTP/2 GET https://localhost:44314/libs/flag-icon-css/flags/1x1/gb.svg - -
[11:13:04 INF] The file /libs/flag-icon-css/flags/1x1/gb.svg was not modified
[11:13:04 INF] Request finished HTTP/2 GET https://localhost:44314/libs/flag-icon-css/flags/1x1/gb.svg - - - 304 - image/svg+xml 0.4285ms
[11:13:04 INF] Request starting HTTP/2 GET https://localhost:44314/_content/Volo.Abp.AspNetCore.Components.Web.LeptonTheme/assets/fonts/poppins-v6-latin-regular.woff2 - -
[11:13:04 INF] Request starting HTTP/2 GET https://localhost:44314/libs/@fortawesome/fontawesome-free/webfonts/fa-solid-900.woff2 - -
[11:13:04 INF] Request starting HTTP/2 GET https://localhost:44314/_content/Volo.Abp.AspNetCore.Components.Web.LeptonTheme/assets/fonts/poppins-v6-latin-600.woff2 - -
[11:13:04 INF] The file /libs/@fortawesome/fontawesome-free/webfonts/fa-solid-900.woff2 was not modified
[11:13:04 INF] Request finished HTTP/2 GET https://localhost:44314/libs/@fortawesome/fontawesome-free/webfonts/fa-solid-900.woff2 - - - 304 - font/woff2 0.2809ms
[11:13:04 INF] The file /_content/Volo.Abp.AspNetCore.Components.Web.LeptonTheme/assets/fonts/poppins-v6-latin-regular.woff2 was not modified
[11:13:04 INF] The file /_content/Volo.Abp.AspNetCore.Components.Web.LeptonTheme/assets/fonts/poppins-v6-latin-600.woff2 was not modified
[11:13:04 INF] Request finished HTTP/2 GET https://localhost:44314/_content/Volo.Abp.AspNetCore.Components.Web.LeptonTheme/assets/fonts/poppins-v6-latin-regular.woff2 - - - 304 - font/woff2 0.4767ms
[11:13:04 INF] Request finished HTTP/2 GET https://localhost:44314/_content/Volo.Abp.AspNetCore.Components.Web.LeptonTheme/assets/fonts/poppins-v6-latin-600.woff2 - - - 304 - font/woff2 0.4818ms logs :
[11:58:32 INF] Request starting HTTP/1.1 GET https://localhost:44314/ - -
[11:58:32 INF] Executing endpoint '/_Host'
[11:58:32 INF] Route matched with {page = "/_Host", action = "", controller = "", area = ""}. Executing page /_Host
[11:58:32 INF] Skipping the execution of current filter as its not the most effective filter implementing the policy Microsoft.AspNetCore.Mvc.ViewFeatures.IAntiforgeryPolicy
[11:58:32 INF] Executing an implicit handler method - ModelState is Valid
[11:58:32 INF] Executed an implicit handler method, returned result Microsoft.AspNetCore.Mvc.RazorPages.PageResult.
[11:58:32 INF] Executed page /_Host in 37.5513ms
[11:58:32 INF] Executed endpoint '/_Host'
[11:58:32 INF] Request finished HTTP/1.1 GET https://localhost:44314/ - - - 200 - text/html;+charset=utf-8 42.1522ms
[11:58:32 INF] Executed endpoint '/_blazor'
[11:58:32 INF] Request finished HTTP/1.1 GET https://localhost:44314/_blazor?id=QHhH7TRHSL6YW70Pna5Q2g - - - 101 - - 39064.6072ms
[11:58:32 INF] Request starting HTTP/1.1 POST https://localhost:44314/_blazor/disconnect multipart/form-data;+boundary=----WebKitFormBoundary2ZXINqAD4LZ0yvBg 359
[11:58:32 INF] Executing endpoint 'Blazor disconnect'
[11:58:32 INF] Executed endpoint 'Blazor disconnect'
[11:58:32 INF] Request finished HTTP/1.1 POST https://localhost:44314/_blazor/disconnect multipart/form-data;+boundary=----WebKitFormBoundary2ZXINqAD4LZ0yvBg 359 - 200 0 - 4.9411ms
[11:58:32 INF] Request starting HTTP/1.1 GET https://localhost:44314/__bundles/Blazor.LeptonTheme.Global.B7C1A01BBF10A40E7A8DFE398B3A12BA.js?_v=637781038206322823 - -
[11:58:32 INF] Sending file. Request path: '/__bundles/Blazor.LeptonTheme.Global.B7C1A01BBF10A40E7A8DFE398B3A12BA.js'. Physical path: 'N/A'
[11:58:32 INF] Request finished HTTP/1.1 GET https://localhost:44314/__bundles/Blazor.LeptonTheme.Global.B7C1A01BBF10A40E7A8DFE398B3A12BA.js?_v=637781038206322823 - - - 200 393770 application/javascript 3.6102ms
[11:58:32 INF] Request starting HTTP/1.1 GET https://localhost:44314/__bundles/Blazor.LeptonTheme.Global.D8E7FFCED8296200CA04CF2C3E1E76E9.css?_v=637781038198640524 - -
[11:58:32 INF] Sending file. Request path: '/__bundles/Blazor.LeptonTheme.Global.D8E7FFCED8296200CA04CF2C3E1E76E9.css'. Physical path: 'N/A'
[11:58:32 INF] Request finished HTTP/1.1 GET https://localhost:44314/__bundles/Blazor.LeptonTheme.Global.D8E7FFCED8296200CA04CF2C3E1E76E9.css?_v=637781038198640524 - - - 200 485141 text/css 5.6802ms
[11:58:32 INF] Request starting HTTP/1.1 GET https://localhost:44314/_content/Volo.Abp.AspNetCore.Components.Web.LeptonTheme/assets/backgrounds/bg-transparent.png - -
[11:58:32 INF] The file /_content/Volo.Abp.AspNetCore.Components.Web.LeptonTheme/assets/backgrounds/bg-transparent.png was not modified
[11:58:32 INF] Request finished HTTP/1.1 GET https://localhost:44314/_content/Volo.Abp.AspNetCore.Components.Web.LeptonTheme/assets/backgrounds/bg-transparent.png - - - 304 - image/png 0.6117ms
[11:58:32 INF] Request starting HTTP/1.1 GET https://localhost:44314/__bundles/ - -
[11:58:32 INF] Request finished HTTP/1.1 GET https://localhost:44314/__bundles/ - - - 302 0 - 7.1426ms
[11:58:32 INF] Request starting HTTP/1.1 POST https://localhost:44314/_blazor/negotiate?negotiateVersion=1 text/plain;charset=UTF-8 0
[11:58:32 INF] Executing endpoint '/_blazor/negotiate'
[11:58:32 INF] Executed endpoint '/_blazor/negotiate'
[11:58:32 INF] Request finished HTTP/1.1 POST https://localhost:44314/_blazor/negotiate?negotiateVersion=1 text/plain;charset=UTF-8 0 - 200 316 application/json 3.7473ms
[11:58:32 INF] Request starting HTTP/1.1 GET https://localhost:44314/Error?httpStatusCode=404 - -
[11:58:32 INF] Executing endpoint 'Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared.Controllers.ErrorController.Index (Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared)'
[11:58:32 INF] Route matched with {action = "Index", controller = "Error", area = "", page = ""}. Executing controller action with signature System.Threading.Tasks.Task`1[Microsoft.AspNetCore.Mvc.IActionResult] Index(Int32) on controller Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared.Controllers.ErrorController (Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared).
[11:58:32 INF] Request starting HTTP/1.1 GET https://localhost:44314/favicon.ico - -
[11:58:32 INF] Sending file. Request path: '/favicon.ico'. Physical path: '/app/wwwroot/favicon.ico'
[11:58:32 INF] Request finished HTTP/1.1 GET https://localhost:44314/favicon.ico - - - 200 32038 image/x-icon 0.9172ms
[11:58:32 INF] Executing ViewResult, running view ~/Views/Error/404.cshtml.
[11:58:32 INF] Authorization failed. These requirements were not met:
PermissionRequirement: SettingManagement.Emailing
[11:58:32 INF] Authorization failed. These requirements were not met:
PermissionRequirement: AbpIdentity.SettingManagement
[11:58:32 INF] Authorization failed. These requirements were not met:
PermissionRequirement: LeptonThemeManagement.Settings
[11:58:32 INF] Authorization failed. These requirements were not met:
PermissionRequirement: AbpAccount.SettingManagement
[11:58:32 INF] Request starting HTTP/1.1 GET https://localhost:44314/_blazor?id=9LEJcrBO2QkqiJDrEWBPfQ - -
[11:58:32 INF] Executing endpoint '/_blazor'
[11:58:32 INF] Executed ViewResult - view ~/Views/Error/404.cshtml executed in 65.3172ms.
[11:58:32 INF] Executed action Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared.Controllers.ErrorController.Index (Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared) in 111.1334ms
[11:58:32 INF] Executed endpoint 'Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared.Controllers.ErrorController.Index (Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared)'
[11:58:32 INF] Request finished HTTP/1.1 GET https://localhost:44314/Error?httpStatusCode=404 - - - 404 - text/html;+charset=utf-8 116.6776ms
Thank you for yor help.