php - XHR2 file upload to subdomain token mismatch in Laravel5.1/nginx upload module -

-

i using laravel5.1 both domain.com , upload.domain.com, same script(copy pasted , changed site url in config file).

session domain set .domain.com , on upload.domain.com have added cors headers upload.domain.com , ajax posts work fine, , using database sessions.

i have following nginx config:

location /upload {  add_header access-control-expose-headers accept-ranges; add_header access-control-expose-headers content-encoding; add_header access-control-expose-headers content-length; add_header access-control-expose-headers content-range; add_header accept_ranges bytes;  upload_state_store /tmp; upload_resumable on; add_header pragma no-cache; add_header x-content-type-options nosniff; #add_header cache-control "no-story, no-cache, must-revalidate";  # access control cors { ....}  add_header x-csrf-token $http_x_csrf_token; add_header x-xsrf-token $http_x_csrf_token; upload_set_form_field "_token" $http_x_csrf_token;  client_max_body_size 4096m; upload_pass /internal_upload; upload_pass_args on;  upload_store /storage/uploaded 1; upload_store_access user:r group:r all:r; upload_set_form_field $upload_field_name.name "$upload_file_name"; upload_set_form_field $upload_field_name.path "$upload_tmp_path"; upload_cleanup 400 404 499 500-505;   }

location /internal_upload {

proxy_pass http://upload.domain.com/fileupload/; proxy_redirect off; proxy_set_header host $host; proxy_set_header x-real-ip $remote_addr; proxy_set_header x-forwarded-for $proxy_add_x_forwarded_for;

}

when doing xhr2 requests pass token via header using: 

xhr.setrequestheader("x-csrf-token", globalobj._token ); xhr.setrequestheader("x-xsrf-token", globalobj._token );

and problem in final step when nginx passes data backend application on subdomain token mismatch exception thrown.

i noticed domain.com sets cookie called x-xsrf-token , uses domain.com domain name , upload.domain.com sets x-xsrf-token token domain name upload.domain.com. normal because both of applications set x-xsrf-token , values not equal, , guess might problem or maybe nginx strips data , passes them backend?

for future references, had send cookie set in main domain along xhr2 request. done changing xhr settings to:

xhr.withcredentials = true;

Comments

Post a Comment

Popular posts from this blog

javascript - oscilloscope of speaker input stops rendering after a few seconds -

-
the following script reads audio user's microphone , renders oscilloscope on html canvas. the source taken example of mozilla developer network: visualizations web audio api and here fiddle: http://jsfiddle.net/b7j8pktp/ mozgetusermedia (note: code has no fork mechanism different browsers: works firefox) it works fine few seconds , stops rendering. whereas works totally stable: http://mdn.github.io/voice-change-o-matic/ the problem can reduced following code. microphone activation icon (next the address bar in firefox) disappears after 5 seconds: navigator.mozgetusermedia({audio: true}, function() {}, function() {} ); ( http://jsfiddle.net/b7j8pktp/2/ ) this known bug in firefox. take stream getusermedia call , hook window so: navigator.mozgetusermedia({audio: true}, function(stream) { window.stream = stream; // rest of code }, function err() { // handle error }); hopefully can fixed soon. problem we're f
Read more

javascript - gulp-nodemon - nodejs restart after file change - Error: listen EADDRINUSE events.js:85 -

-
i'm running nodejs 0.12.3 - gulp 3.10.8 , gulp-nodemon 2.0.3. gulpfile.js : gulp.task('serve', ['build'], function() { gulp.start('fb-flo'); nodemon({ script: paths.server, env: { 'node_env': 'development' }, // env: { 'node_env': 'production' }, execmap: { 'js': 'node_modules/babel/bin/babel-node --stage 1' //es7 cote server }, delay: '0ms', watch: ['src/shared/', 'src/server/'], ignore: ['src/shared/components'], tasks: function (changedfiles) { var tasks = []; changedfiles.foreach(function (file) { if (path.extname(file) === '.jsx' && !~tasks.indexof('bundlejs')) tasks.push('bundlejs'); if (path.extname(file) === '.less' && !~tasks.indexof('compileless')) tasks.push('compileless'); }); return tasks; }
Read more

Fatal Python error: Py_Initialize: unable to load the file system codec. ImportError: No module named 'encodings' -

-
i trying make simple python program opening list of webpages user manually download reports site. don't have previous experience preparing exe files.. , i'm in learning process python coding. of done on windows 7 x64 this python code: #!c:/python34/python.exe -u splinter import * import time import os import csv #---------------------------------- raporty = [] open('../raporty.csv', newline='') csvfile: contents = csv.reader(csvfile, delimiter=' ', quotechar='|') row in contents: r = ', '.join(row) r = r.replace(',','') raporty.append(r) #--not implemented yet zmienne = [] open('../zmienne.csv', newline='') csvfile: contents = csv.reader(csvfile, delimiter=' ', quotechar='|') row in contents: r = ', '.join(row) r = r.replace(',','') zmienne.append(r) print("start") browser = browser(
Read more