Tuesday, August 23, 2022

Content Security Policy CSP In or Out

Content Security Policy Script-src is something that tech lead or developer might have come across . This is one of the most common low security vulnerability defect raised by external penetration tester. They might suggest to whitelist Js library or third party libraries to safe guard against XSS attack. 

CSP protect from XSS


Well if you are working on .Net the only option you have is to add custom response header in Web.config file and list all JS. But here is the catch if you working with third party analytics this become tricky. There is a constraint and challenge to do so. Per say, these analytics injects lot of js libraries at runtime. It can be facebook , google tag manager, live person, social media plugins or advert. This is where one needs to draw line and give business technical reason why this cannot be achieved. Next stuff is browser compatibility. Under the hood testing will become exhaustive and chances are these are prones to more defects that leads to unknowns while move to production. Next time you come across CSP , think twice do your thorough research before you commit something. 

Sitecore XM Cloud Troubleshooting Part 2 Remote name could not be resolved 'dist.nuget.org'

Remote name could not be resolved 'dist.nuget.org'


Solution

Next, set the Interface Metric to 1 for Wi-Fi

Set-NetIPInterface -InterfaceAlias 'Wi-Fi' -InterfaceMetric 1


https://sitecore.stackexchange.com/questions/26095/remote-name-could-not-be-resolved-dist-nuget-org

 

Monday, August 22, 2022

Sitecore XM Cloud Deep Dive Troubleshooting Part 1

 I started with Github repo and followed the step. I got error while running the step given below

Bring up all the application elememnts for Local Mode

Next, use the up.ps1 script to bring up all of the containers required for Local Mode.

.\up.ps1
ERROR
a Windows version 10.0.20348-based image is incompatible with a 10.0.19042 host
I refer version of docker 
https://hub.docker.com/_/microsoft-dotnet-sdk
Go to .env file and change this configuration 
FROM
NETCORE_BUILD_IMAGE=mcr.microsoft.com/dotnet/sdk:6.0-nanoserver-ltsc2022
NETCORE_RELEASE_IMAGE= mcr.microsoft.com/dotnet/aspnet:6.0-nanoserver-ltsc2022
TO
NETCORE_BUILD_IMAGE=mcr.microsoft.com/dotnet/sdk:6.0.400-nanoserver-1809
NETCORE_RELEASE_IMAGE= mcr.microsoft.com/dotnet/aspnet:6.0.400-nanoserver-1809