Activities of "zulfazlibakri"

The microservice solution was built using abp studio, database postgreSQL, EF Core DB provider, LeptonX theme, Angular.

After pushing a code of overriding/replacing ABP default component, Angular starts to run into internal error despite other services and database run completely fine. This effects all of the branches (including master branch which does not has any coding changes).

Console log error on Angular page Is it possible that the issue could be underlying due to server connection? Please help and apologies if there's lack of information, I'm still new.

  • ABP Framework version: v8.2.0
  • UI Type: Angular
  • Database System: EF Core (PostgreSQL)
  • Auth Server Separated (for Angular): no
  • Exception message and full stack trace: Angular itself was successfully compiled and had no error but when viewing localhost:4200, internal error occured.
  • Steps to reproduce the issue: The latest PR changes was overriding a default component which includes replacing and adding coding changes in app.component.ts, app.module.ts, route.provider.ts similar to this documentation. https://abp.io/docs/latest/framework/ui/angular/component-replacement

Yes, I set manually. But this issue still harmful is if attackers attack local machine and change this cookies manually to put some script. I hope ABP can take this issue seriously because it will effect our current development in term of security if this issue not solve. Tq

  • ABP Framework version: v5.3.1
  • UI type: Angular
  • DB provider: EF Core
  • Exception message and stack trace: Cross-site scripting works by manipulating a vulnerable web site so that it returns malicious JavaScript to users. When the malicious code executes inside a victim's browser, the attacker can fully compromise their interaction with the application.
  • Steps to reproduce the issue:" We identify that a cookie name “_tenant” was infected with XSS attack. Please sanitize this to block all executable payload in the cookie. It affected on HttpApi.Host and IdentityServer

Preventing cross-site scripting is trivial in some cases but can be much harder depending on the complexity of the application and the ways it handles user-controllable data.

Question

Hi, I just upgrade to ABP v5.3.0 and implement Minio Blob service. Based on this documentation(https://docs.abp.io/en/abp/latest/Blob-Storing-Minio), I have implement on ABP v5.2.0 and got no issue, Here I provide screenshot from error occur

Attachment:

Check the docs before asking a question: https://docs.abp.io/en/commercial/latest/ Check the samples, to see the basic tasks: https://docs.abp.io/en/commercial/latest/samples/index The exact solution to your question may have been answered before, please use the search on the homepage.

If you're creating a bug/problem report, please include followings:

  • ABP Framework version: v5.3.0
  • UI type: Angular
  • DB provider: EF Core
  • Tiered (MVC) or Identity Server Separated (Angular): yes
  • Exception message and stack trace:
Showing 1 to 4 of 4 entries
Made with ❤️ on ABP v9.1.0-preview. Updated on December 26, 2024, 06:07