mORMot Open Source

Hi As BUGFix i commented the Lines 1539-1541 in mormot.rest.mvc

  result := fContext.Validate(
    cookie, PRecordData, PRecordTypeInfo, PExpires, nil, Invalidate);
//  if result <= 0 then
//    // delete any invalid/expired cookie on server side
//    Finalize;
end;

I think both Variants are to complicated. I genereate ContentSecurityPolicy in GetViewInfo which generates 2 Nonce Values for script and style
This both values i give to mustache {{main.cspnonce}}

if i use callback it is called after mvc, how could i add my nonces to main.xy ?
if i use ttomas version i have to add my code to every function, i have a lot

To make it easy, i made a little patch to TRestUriParams and added a new value: ContentSecurityPolicy

   LowLevelUserAgent: RawUtf8;
    /// itSDS: für ContentSecurityPolicy !
    ContentSecurityPolicy: RawUtf8; // itSDS
    /// initialize the non RawUtf8 values
    procedure Init; overload;

Then i added a little bit of code to mormot.rest.http.server.pas

  call.LowLevelUserAgent := Ctxt.UserAgent;
  call.ContentSecurityPolicy := ''; // itSDS
  if fHosts.Count > 0 then

  Ctxt.OutCustomHeaders := call.OutHead;

  if call.ContentSecurityPolicy <> '' then // itSDS
    Ctxt.AddOutHeader(['Content-Security-Policy: ', call.ContentSecurityPolicy]);

  if call.OutInternalState <> 0 then

what do you think ?

Sry i must correct me, I changed above line without effect. Make new Ticket for my problem

I think you renamed it to mormot.core.base.concat

There was one thing, happened to me
I changed CookieName to "DIT Test" and later got error in Reverse Proxy:

  Description
  This violation occurs when HTTP cookies contain at least one of the following components:
  - Quotation marks in the cookie name.
  - A space in the cookie name.
  - An equal sign (=) in the cookie name.
  Note: A space between the cookie name and the equal sign (=), and between the equal sign (=) and cookie value is allowed.
  - An equal sign (=) before the cookie name.
  - A carriage return (hexadecimal value of 0xd) in the cookie name.

may be there should be a Check-Routine in SetCookieName throwing Exception if name does not match the rules für Cookie Names

I have the same observation

I was just looking fpr a reason, that the Log Files behave the described way.
The Problem is, if the BUG occurs, the Service seems to hang for the connected clients

Yes Timeout is set to 240min

Hi Arnaud, i',m back from holiday, did you change something i can test ?
atm we switched back to standard server implementation

Hi Arnaud, i checked all of this:

Yes

No on Server site i can see nothing

No

I don't know, i will add DoLog To OnLog

And the Connection is still alive - Server is responding to other clients
Client is sending next Request if i start any

The Only Thing i observed is, that the Packed is "bigger" lets say 600KB to 2MB

One other question in this context, is it possible to crypt the traffic from client with syncrossplatform client to m2 server without using ssl.

as ssl can be compromitted with man in the middle attacks

Sorry its

500*1024
or
1000*1024

Hi Arnaud, here a some screens from the Logs, may be you understand now what i mean

https://imgur.com/a/ciHf8nj

I think there is a Problem in TSynLog.PerformRotation, May be the File can not be deleted or something else

Hi Arnaud, today i had a litte bit of time to fix the Problem.

in my Code a had lots of
TSynLog.Add.Log(sllEnter, .... (Used in Class Procedure)
But there is no automatically genereted sllLeave

LogView uses a recursive function: ComputeProperTime to calc times
This was called to often.

i made to things:
1. i increased the Stack Size of LogView with Compiler Switch: {$M 16384,4194304}
2. i changed the sllEnter to sllDebug

How can i use sllEnter in class functions/procedures to get runtime ?
Should i manually add sllLeave ?

Ty just to give more information:

On Server Side Client Connection works in both modes.
Only Clients connecting over Network get timeout error

OpenSSL is disabled, I'll try it using OpenSSL

Hi thank you very much tomas, actually we have modified the mustache Template an can use it with m2. I ll report some things if we are finished

I testet today with the latest release - Same Error - Syncrossplatform Client can not be created with m2

Yes certificate is in HKLM/Software/Microsoft/SystemCertificates/MY/Certificates

But CertOpenStore returns nil ...

May Be Something wrong with Parameters:

  CERT_STORE_PROV_SYSTEM = 10;
  CERT_STORE_MAXIMUM_ALLOWED_FLAG = $00001000;
  CERT_SYSTEM_STORE_CURRENT_USER =  $00010000;
  CERT_SYSTEM_STORE_LOCAL_MACHINE = $00020000;


    var LProvider : AnsiChar := #10; // CERT_STORE_PROV_SYSTEM  or CERT_STORE_MAXIMUM_ALLOWED_FLAG
    var LMy := 'MY';
    fAcceptCertStore := mormot.lib.sspi.CertOpenStore(@LProvider, 0, nil, CERT_SYSTEM_STORE_LOCAL_MACHINE, @LMy);

tried also with Admin rights / Ask for User also does not work.

Hi Arnaud, my certificate is stored in local Machine storage. so i tried to add it to SChannel Afterbind, but get error on start i can not explain to me:

procedure TSChannelNetTls.AfterBind(var Context: TNetTlsContext);
var
  certblob: RawByteString;
  blob: TCryptDataBlob;
  pass: SynUnicode;
  flags: integer;
begin
  if Context.CertificateFile = '' then begin
    // Load certificate and private key from Windows certificate store
//     fAcceptCertStore := CertOpenSystemStoreW(nil, 'MY')
    var LProvider : WideChar := WideChar(CERT_STORE_PROV_SYSTEM);
    var LMy := 'MY';
    fAcceptCertStore := mormot.lib.sspi.CertOpenStoreW(@LProvider, 0, nil, CERT_SYSTEM_STORE_LOCAL_MACHINE, @LMy);
  end else
  begin
    certblob := StringFromFile(TFileName(Context.CertificateFile));

At Programm start a message pops up CertOpenStoreW not found in dll (my exe name) in source is it declared as extern crypt32.dll

any idea ?