403 when saving Template with Style in it



  • I am not sure what in the work would cause this, but if i add a template and put inline style or a style tag in it, i get a 403. If i change nothing except that style tag it works fine. I don't even know what would cause a 403 in the first place. There don't seem to be any logs for 403. The PATCH call to https://**************/odata/templates(cdGdbjDSZP5JBfPh) is the same except the Request Payload. The 2 different payloads are below. I have tried it on your playground and it doesn't seem to error. I am using 2.11.0.

    Any ideas?

    Works fine:

    {
        "name": "screen",
        "recipe": "html",
        "shortid": "LEB697L",
        "folder": {
            "shortid": "e9NsHvZ"
        },
        "_id": "cdGdbjDSZP5JBfPh",
        "engine": "handlebars",
        "chrome": {
            "printBackground": true
        },
        "creationDate": "2021-06-14T14:49:01.078Z",
        "modificationDate": "2021-06-29T17:27:51.340Z",
        "data": {
            "shortid": "1RDNoRa"
        },
        "resources": {
            "items": [],
            "defaultLanguage": ""
        },
        "scripts": [{
                "shortid": "9oy9LL3"
            }
        ],
        "htmlToXlsx": {
            "htmlEngine": "chrome"
        },
        "content": "<div>\r\n    \"This is a test\"\r\n</div>",
        "helpers": "function formatDate(date, format){\r\n  console.log(\"formatting date\")\r\n  moment = require('moment');\r\n  return moment(date).format(format);\r\n}\r\n\r\nfunction groupedData(data){\r\n  console.log(data);\r\n    return buildData(group(data));\r\n}\r\nfunction group(data){\r\n  let group = data.reduce((r, a) => {\r\n   r[a.TaskId] = [...r[a.TaskId] || [], a];\r\n   return r;\r\n  }, {});\r\n  return group;\r\n}\r\n\r\nfunction buildData(data){\r\n\tvar obj = {\"Data\": []}\r\n\tObject.keys(data).forEach(function(key, index){\r\n    obj[\"Data\"][index] = {\"TaskId\": key, \"Milestones\": data[key]}\r\n  });  \r\n  return obj;\r\n}\r\n\r\n"
    }
    

    FAILS:

    {
        "name": "screen",
        "recipe": "html",
        "shortid": "LEB697L",
        "folder": {
            "shortid": "e9NsHvZ"
        },
        "_id": "cdGdbjDSZP5JBfPh",
        "engine": "handlebars",
        "chrome": {
            "printBackground": true
        },
        "creationDate": "2021-06-14T14:49:01.078Z",
        "modificationDate": "2021-06-29T17:30:22.338Z",
        "data": {
            "shortid": "1RDNoRa"
        },
        "resources": {
            "items": [],
            "defaultLanguage": ""
        },
        "scripts": [{
                "shortid": "9oy9LL3"
            }
        ],
        "htmlToXlsx": {
            "htmlEngine": "chrome"
        },
        "content": "<div style=\"height: 50%\">\r\n    \"This is a test\"\r\n</div>",
        "helpers": "function formatDate(date, format){\r\n  console.log(\"formatting date\")\r\n  moment = require('moment');\r\n  return moment(date).format(format);\r\n}\r\n\r\nfunction groupedData(data){\r\n  console.log(data);\r\n    return buildData(group(data));\r\n}\r\nfunction group(data){\r\n  let group = data.reduce((r, a) => {\r\n   r[a.TaskId] = [...r[a.TaskId] || [], a];\r\n   return r;\r\n  }, {});\r\n  return group;\r\n}\r\n\r\nfunction buildData(data){\r\n\tvar obj = {\"Data\": []}\r\n\tObject.keys(data).forEach(function(key, index){\r\n    obj[\"Data\"][index] = {\"TaskId\": key, \"Milestones\": data[key]}\r\n  });  \r\n  return obj;\r\n}\r\n\r\n"
    }
    


  • Didn't someone enable freeze extension?

    0_1624993755120_upload-2ffe43f3-bf23-47b5-a19c-d7299510f230

    Don't you have a network proxy in use?

    I tried a normal update and it passes. I don't know about any reason why a style change in the template content could cause 403.



  • Freeze Edits isn't on for sure. I double checked that. Also, it allows me to save just fine when no Style is involved.

    We don't use a proxy, but we are saving to S3 for our stuff. Is it possible that something within the S3 saving could be causing this? Is there a way to debug/troubleshoot/log where this might be coming from?



  • Please try the same with normal disk fs store. Do you experience the same error?

    If it turns out to be an S3 problem, please try to add some console.log here and here.
    What if you create a new entity with the same content, do you also get an error?



  • I have tracked down the issue. In our S3 configuration, we use Versioning. This is is causing 2 issues. The first is that it's creating a new version every 15 seconds in our S3 bucket. The other is, it's stopping anything with a Style tag to be able to be saved for some reason. I am not sure what Style has to do with anything, but as soon as I suspended versioning in our S3 bucket, everything saves perfectly now.

    Why would it keep saving a version of a non-changing file every 15 seconds? This has turned our < 2MB file store in to a 90+GB file store since it's been running so long.



  • well crap...that didn't actually fix it. It stopped the files from creating new versions every time, but it's still getting a 403 when we use the word "style" anywhere.

    Still interested in finding out why it's saving the file every 15 seconds. I will continue looking in to the style issue



  • Thank you for tracking the issue and sharing the results.

    Still interested in finding out why it's saving the file every 15 seconds. I will continue looking in to the style issue

    This is described in the docs. There are periodic processes running on the data files and it is recommended to increase the intervals when using s3 store using the following config.

    {  
      "extensions":     
        "fs-store": { "compactionInterval": 60000 }     
        "studio": { "flushLogsInterval": 60000 },
        "scheduling": { "intreval": 60000 }  
      }
    }
    


  • This issue is resolved. AWS must have changed their rules on the XSS validation because their WAF was the cause of the problem. I added an exclusion for odata within our XSS rules and now it's working fine. Thanks for the info on the intervals changes. We will update that as well.


Log in to reply
 

Looks like your connection to jsreport forum was lost, please wait while we try to reconnect.