As proposed in #344 I tried to use Context::finalize()
instead of Context::detach()
but that crashes the application.
I use a private action to show CSRF denied message. CSRFProtection plugin detaches to that action.
void Root::csrfDenied(Context *c)
{
qCDebug(GIK_CORE) << "Entering Root::csrfDenied()";
c->response()->setBody(QStringLiteral("CSRF check failed"));
c->response()->setContentType(QStringLiteral("text/html; charset=utf-8"));
c->finalize();
}
Logging output:
16136:16136 cutelyst.dispatcher[debug] Path is "login"
16136:16136 cutelyst.plugin.csrfprotection[debug] Got token "GD4nxPfxQwSKMUjPnh0lQAKk6-NncjS-pGpN7n6Dvn0s9Eby_lz4qeD_M6NJ-ly6" from cookie.
16136:16136 cutelyst.plugin.csrfprotection[debug] Can not get token from HTTP header or form field.
16136:16136 cutelyst.plugin.csrfprotection[warning] Forbidden: (CSRF token missing or incorrect): /login [IP logging disabled]
16136:16136 gikwimi.core[debug] Entering Root::csrfDenied()
16136:16136 cutelyst.stats[debug] Response Code: 403; Content-Type: text/html; charset=utf-8; Content-Length: 17
DAMN ! worker 1 (pid: 16136) died, killed by signal 0 :( trying respawn ..
Respawned WSGI worker 1 (new pid: 16485, cores: 1)
Backtrace:
Program received signal SIGSEGV, Segmentation fault.
0x00007ffff74bdbd7 in QHash<QString, QString>::findNode (ahp=0x0, akey=..., this=0x5555555e11b0) at /usr/include/qt5/QtCore/qhash.h:945
945 if (d->numBuckets || ahp) {
Missing separate debuginfos, use: zypper install libX11-6-debuginfo-1.8-1.1.x86_64 libbz2-1-debuginfo-1.0.8-4.1.x86_64 libfreetype6-debuginfo-2.12.1-1.1.x86_64 libxcb1-debuginfo-1.15-1.1.x86_64
(gdb) bt
#0 0x00007ffff74bdbd7 in QHash<QString, QString>::findNode (ahp=0x0, akey=..., this=0x5555555e11b0) at /usr/include/qt5/QtCore/qhash.h:945
#1 QHash<QString, QString>::constFind (akey=..., this=0x5555555e11b0) at /usr/include/qt5/QtCore/qhash.h:907
#2 Cutelyst::Headers::contentType (this=0x5555555e11b0) at /usr/src/debug/cutelyst3-qt5-3.3.60~git.1651935712.84b1cdc-5.1.x86_64/Cutelyst/headers.cpp:73
#3 0x00007ffff74c9bd2 in Cutelyst::Response::contentType (this=this@entry=0x5555555e8830) at /usr/src/debug/cutelyst3-qt5-3.3.60~git.1651935712.84b1cdc-5.1.x86_64/Cutelyst/response.cpp:207
#4 0x00007ffff2e877eb in Cutelyst::RenderView::doExecute (this=<optimized out>, c=0x5555555d1f80)
at /usr/src/debug/cutelyst3-qt5-3.3.60~git.1651935712.84b1cdc-5.1.x86_64/Cutelyst/Actions/RenderView/renderview.cpp:90
#5 0x00007ffff74df172 in Cutelyst::Component::execute (this=0x5555555c6740, c=0x5555555d1f80) at /usr/src/debug/cutelyst3-qt5-3.3.60~git.1651935712.84b1cdc-5.1.x86_64/Cutelyst/component.cpp:90
#6 0x00007ffff74cc07d in Cutelyst::Context::execute (this=0x5555555d1f80, code=<optimized out>) at /usr/src/debug/cutelyst3-qt5-3.3.60~git.1651935712.84b1cdc-5.1.x86_64/Cutelyst/context.cpp:452
#7 0x00007ffff40eb5cb in Cutelyst::CSRFProtectionPrivate::reject (c=0x5555555d1f80, logReason=..., displayReason=...)
at /usr/src/debug/cutelyst3-qt5-3.3.60~git.1651935712.84b1cdc-5.1.x86_64/Cutelyst/Plugins/CSRFProtection/csrfprotection.cpp:452
#8 0x00007ffff40efea4 in Cutelyst::CSRFProtectionPrivate::beforeDispatch (c=0x5555555d1f80, this=<optimized out>)
at /usr/src/debug/cutelyst3-qt5-3.3.60~git.1651935712.84b1cdc-5.1.x86_64/Cutelyst/Plugins/CSRFProtection/csrfprotection.cpp:645
#9 0x00007ffff7c98453 in QtPrivate::QSlotObjectBase::call (a=0x7fffffffcb00, r=0x5555555c3480, this=0x5555555c0cf0) at ../../include/QtCore/../../src/corelib/kernel/qobjectdefs_impl.h:398
#10 doActivate<false> (sender=0x5555555b2080, signal_index=4, argv=0x7fffffffcb00) at kernel/qobject.cpp:3886
#11 0x00007ffff7c917af in QMetaObject::activate (sender=sender@entry=0x5555555b2080, m=<optimized out>, local_signal_index=local_signal_index@entry=1, argv=argv@entry=0x7fffffffcb00) at kernel/qobject.cpp:3946
#12 0x00007ffff74e5662 in Cutelyst::Application::beforeDispatch (this=this@entry=0x5555555b2080, _t1=<optimized out>, _t1@entry=0x5555555d1f80)
at /usr/src/debug/cutelyst3-qt5-3.3.60~git.1651935712.84b1cdc-5.1.x86_64/build/Cutelyst/Cutelyst3Qt5_autogen/include/moc_application.cpp:228
#13 0x00007ffff74ed855 in Cutelyst::Application::handleRequest (this=<optimized out>, request=0x5555555d2528) at /usr/src/debug/cutelyst3-qt5-3.3.60~git.1651935712.84b1cdc-5.1.x86_64/Cutelyst/application.cpp:400
#14 0x00007ffff7f753b7 in Cutelyst::ProtocolHttp::processRequest (io=0x5555555d14f0, sock=0x5555555d1500, this=0x5555555a01c0)
at /usr/src/debug/cutelyst3-qt5-3.3.60~git.1651935712.84b1cdc-5.1.x86_64/server/protocolhttp.cpp:212
#15 Cutelyst::ProtocolHttp::parse (this=0x5555555a01c0, sock=0x5555555d1500, io=0x5555555d14f0) at /usr/src/debug/cutelyst3-qt5-3.3.60~git.1651935712.84b1cdc-5.1.x86_64/server/protocolhttp.cpp:175
#16 0x00007ffff7c98453 in QtPrivate::QSlotObjectBase::call (a=0x7fffffffcdc0, r=0x5555555d14f0, this=0x5555555d06e0) at ../../include/QtCore/../../src/corelib/kernel/qobjectdefs_impl.h:398
#17 doActivate<false> (sender=0x5555555d14f0, signal_index=3, argv=0x7fffffffcdc0) at kernel/qobject.cpp:3886
#18 0x00007ffff7c917af in QMetaObject::activate (sender=sender@entry=0x5555555d14f0, m=m@entry=0x7ffff7f34040 <QIODevice::staticMetaObject>, local_signal_index=local_signal_index@entry=0, argv=argv@entry=0x0)
at kernel/qobject.cpp:3946
#19 0x00007ffff7b90050 in QIODevice::readyRead (this=this@entry=0x5555555d14f0) at .moc/moc_qiodevice.cpp:190
#20 0x00007ffff73d41bf in QAbstractSocketPrivate::emitReadyRead (channel=0, this=0x555555596000) at socket/qabstractsocket.cpp:1323
#21 QAbstractSocketPrivate::canReadNotification (this=0x555555596000) at socket/qabstractsocket.cpp:748
--Type <RET> for more, q to quit, c to continue without paging--
#22 0x00007ffff73e9fd1 in QReadNotifier::event (this=<optimized out>, e=<optimized out>) at socket/qnativesocketengine.cpp:1274
#23 0x00007ffff7c61b2f in doNotify (event=0x7fffffffced0, receiver=0x5555555d1d50) at kernel/qcoreapplication.cpp:1154
#24 QCoreApplication::notify (event=<optimized out>, receiver=<optimized out>, this=<optimized out>) at kernel/qcoreapplication.cpp:1140
#25 QCoreApplication::notifyInternal2 (receiver=0x5555555d1d50, event=0x7fffffffced0) at kernel/qcoreapplication.cpp:1064
#26 0x00007ffff7cb9e6d in socketNotifierSourceDispatch (source=source@entry=0x5555555972d0) at kernel/qeventdispatcher_glib.cpp:107
#27 0x00007ffff6a5e122 in g_main_dispatch (context=0x555555594fc0) at ../glib/gmain.c:3417
#28 g_main_context_dispatch (context=0x555555594fc0) at ../glib/gmain.c:4135
#29 0x00007ffff6a5e4b8 in g_main_context_iterate (context=context@entry=0x555555594fc0, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at ../glib/gmain.c:4211
#30 0x00007ffff6a5e56f in g_main_context_iteration (context=0x555555594fc0, may_block=1) at ../glib/gmain.c:4276
#31 0x00007ffff7cb92b4 in QEventDispatcherGlib::processEvents (this=0x55555558e9e0, flags=...) at kernel/qeventdispatcher_glib.cpp:423
#32 0x00007ffff7c6055b in QEventLoop::exec (this=this@entry=0x7fffffffd0e0, flags=..., flags@entry=...) at ../../include/QtCore/../../src/corelib/global/qflags.h:69
#33 0x00007ffff7c68820 in QCoreApplication::exec () at ../../include/QtCore/../../src/corelib/global/qflags.h:121
#34 0x00007ffff7f63edd in Cutelyst::Server::exec (this=this@entry=0x7fffffffd6b0, app=app@entry=0x0) at /usr/src/debug/cutelyst3-qt5-3.3.60~git.1651935712.84b1cdc-5.1.x86_64/server/server.cpp:652
#35 0x000055555555641e in main (argc=<optimized out>, argv=<optimized out>) at /usr/src/debug/cutelyst3-qt5-3.3.60~git.1651935712.84b1cdc-5.1.x86_64/server/main.cpp:53