Comments (11)
Correct, and there are no errors. Also everything else works flawlessly. I will need a few hours but I will try to clone the project, strip some sensitive stuff and link it here so you can poke and prod. Thanks for all the support so far
from air.
Are you accessing localhost:8090?
from air.
Im not sure how to check the error code in the browser, sorry. There is essentially no error, I can access the app on both 8080 and 8090, when i inspect them they are identical. The script is not present in either. I have the latest release of air and im on go 1.22.1
edit i do have the body tag
from air.
You need to access always the proxy port (8090), and make sure your app returns Content-Type text/html
and has a <body></body>
tag. The script will be injected before the end of the body tag
from air.
I am on 8090. I have and I return text/html. The code is not getting injected.
There is a different script at the end (gtag) could it be interfering in some way?
from air.
Can you share your repository link?
from air.
Sorry I can't. Here is everything I think might be relevant. If it ends up not being enough i will try to recreate the problem on a smaller project then link it.
mux := http.NewServeMux()
wrappedMux := gziphandler.GzipHandler(mux)
mux.HandleFunc("/", handleHome)
http.ListenAndServe(":8080", wrappedMux)
func handleHome(w http.ResponseWriter, r *http.Request) {
// Serve the index.html file
http.StripPrefix("/", http.FileServer(http.Dir("./src"))).ServeHTTP(w, r)
the index.html file is super simple and does have a body tag so thats not an issue.
from air.
Are there any errors in the terminal? When you stop running air, both app and proxy port are gone, and you restart and both ports work?
from air.
@ndajr Here is the repo https://github.com/DrVeseli/Kreateni
if you are pulling it on your machine export ENV=DEV so you can skip some init work
from air.
I ran air locally with you project, and it was weird. When loading /
, proxy server called your app multiple times and the headers didn't contain text/html
content type, that's why it skipped the script injection. This is because your handleHome function is a file server based on src
, stripping /index.html
from the final URL, that's why it is able to serve the page, but it's highly dangerous. Your app will be easily exposed to path traversal attacks (since you're serving a file server on the root endpoint) and can end up exposing sensitive files and directories. My suggestion for you is to move all your html pages to a separate folder like views
and use go templates for rendering them. Go template/html
package will escape the page content and prevents security issues like XSS attacks. I was able to see the injected script by doing the following:
- Comment wrappedMux and serve mux directly with
http.ListenAndServe(":8080", mux)
. You can still use gzip for static content, but not for the html pages - handleHome code (please do a proper error handling there as well)
func handleHome(w http.ResponseWriter, r *http.Request) {
tmpl, _ := template.New("index.html").ParseFiles("./src/index.html")
_ = tmpl.Execute(w, nil)
}
It visually breaks the page, you'll need to move your assets to a different endpoint like /assets
and update the links in your HTML files, see https://blog.devgenius.io/serving-css-in-gos-native-server-8bc58d85d0b2.
from air.
Its still text/html on my end.
Was it gzip that was interfering or the FS/strip function? Thanks a lot for all the help.
from air.
Related Issues (20)
- ldflags not being applied when building binary with Air
- Issue with air just hanging after awhile; cant ctrl+c process [WSL] (I think its the proxy setting) HOT 3
- Air with Dlv and breakpoints does not work HOT 1
- Not exexuting the exucutable HOT 1
- Live reload not working correctly with devcontainers HOT 2
- Why must rebuild when changed? HOT 3
- Run a passive command? HOT 1
- Panic in proxy handler HOT 1
- Air sometimes just crashes wsl1 and no commands work, but the process keeps running HOT 1
- proxy reloads before app is built HOT 1
- Win 10 Reload fails unable to delete main.exe
- Proxy is not available on :8090 HOT 2
- air add confusing `.exe` argument HOT 2
- Templ files are not being generated on save HOT 2
- Go 1.23 support HOT 3
- Are there plans to continue developing plugins for Goland and Vscode?
- This version of tmp\main.exe is not compatible with the version of Windows you're running.
- Sometimes `air` panics when ran HOT 2
- "Proxy handler: unable to reach app" on hot-reload
- The Docker container fails to restart with cosmtrek/air
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from air.