The blog of dlaa.me
Archive: May, 2014
  • Too liberal a definition of "input" [Raising awareness of a quirk of the input event for text elements with a placeholder on Internet Explorer]
    Tuesday, May 13th 2014

    I tracked down a strange problem in a web app recently that turned out to be the result of a browser bug. I wasted some time because searching for info wasn't all that helpful and I wanted to blog the details so I could save someone else a bit of trouble.

    The scenario is simple; this application deals with private information and wants to log the user out after a period of inactivity. It does so by listening to the input event of its text boxes and resetting an inactivity timer whenever the user types. (There's similar handling for button clicks, etc..) If the inactivity timer ever fires, the user gets logged out. Because the freshly-loaded application has no private data, there's no need to start the inactivity timer until after the first user input.

    This behavior is pretty straightforward and the initial implementation worked as intended. But there was a problem on Internet Explorer (versions 10 and 11): a newly-loaded instance of the app would reload itself even without any input! What turned out to be the issue was that an input element with its placeholder attribute set also had its autofocus attribute set and when IE set focus to that element, it triggered the input event! The app (wrongly) believed the user had interacted with it and started its inactivity timer.

    Fortunately, this is not catastrophic because the app fails securely (though more by chance than design). But it's still annoying and a bit of a nuisance...

    Trying to detect and ignore the bogus first interaction on a single browser seemed dodgy, so I went with a call to setTimeout to clear the inactivity timer immediately after load on all browsers. Sometimes, this is harmlessly unnecessary; on IE, it undoes the effect of the bogus input event and achieves the desired behavior.

    Depending on your scenario, a different approach might be better - the biggest challenge is understanding what's going on in the first place! :)

    Notes:

    Tags: Technical Web
  • Avoiding unnecessary dependencies by writing a few lines of code [A simple URL rewrite implementation for Node.js apps under iisnode removes the need for the URL Rewrite module]
    Friday, May 2nd 2014

    As the administrator of multiple computers, I want the machines I run to be as stable and secure as possible. (Duh!) One way I go about that is by not installing anything that isn't absolutely necessary. So whenever I see a dependency that's providing only a tiny bit of functionality, I try to get rid of it. Such was the case with the URL Rewrite module for IIS when I migrated my blog to Node.js.

    Aside: I'm not hating: URL Rewrite does some cool stuff, lots of people love it, and it's recommended by Microsoft. However, my sites don't use it, so it represented a new dependency and was therefore something I wanted to avoid. :)

    The role URL Rewrite plays in the Node.js scenario is minimal - it points all requests to app.js, passes along the original URL for the Node app to handle, and that's about it. Tomasz Janczuk outlines the recommended configuration in his post Using URL rewriting with node.js applications hosted in IIS using iisnode.

     

    I figured I could do the same thing with a few lines of code by defining a simple IHttpModule implementation in App_Code. So I did! :)

    The class I wrote is named IisNodeUrlRewriter and using it is easy. Starting from a working Node.js application on iisnode (refer to Hosting node.js applications in IIS on Windows for guidance), all you need to do is:

    1. Put a copy of IisNodeUrlRewriter.cs in the App_Code folder
    2. Update the site's web.config to load the new module
    3. Profit!

    Here's what the relevant part of web.config looks like:

    <configuration>
      <system.webServer>
        <modules>
          <add name="IisNodeUrlRewriter" type="IisNodeUrlRewriter"/>
        </modules>
      </system.webServer>
    </configuration>
    

     

    Once enabled and running, IisNodeUrlRewriter rewrites all incoming requests to /app.js except for:

    • Requests at or under /iisnode, iisnode's default log directory
    • Requests at or under /app.js/debug, iisnode's node-inspector entry-point
    • Requests at or under /app.js.debug, the directory iisnode creates to support node-inspector

    If you prefer the name server.js, you want to block one of the above paths in production, or you're running Node as part of a larger ASP.NET site (as I do), tweak the code to fit your scenario.

     

    I modified the standard Node.js "hello world" sample to prove everything works and show the original request URL getting passed through:

    require("http").createServer(function (req, res) {
        res.writeHead(200, { "Content-Type": "text/plain" });
        res.end("Requested URL: " + req.url);
    }).listen(process.env.PORT, "127.0.0.1");
    console.log("Server running...");
    

    Sample output:

    http://localhost/app.js
    Requested URL: /app.js
    
    http://localhost/
    Requested URL: /
    
    http://localhost/any/path?query=params
    Requested URL: /any/path?query=params
    

    I also verified that IIS's default logging of requests remains correct (though you can't tell that from the output above).

    Note: I've found that accessing the debug path through IisNodeUrlRewriter can be somewhat finicky and take a few tries to load successfully. I'm not sure why, but because I don't use that functionality, I haven't spent much time investigating.

     

    The implementation of IisNodeUrlRewriter is straightforward and boils down to two calls to HttpContext.RewritePath that leverage ASP.NET's default execution pipeline. One handy thing is the use of HttpContext.Items to save/restore the original URI. One obscure thing is the use of a single regular expression to match all three (actually six!) paths above. (If you're not comfortable with regular expressions or prefer to be more explicit, the relevant check can easily be turned into a set of string comparisons.)

    The implementation is included below in its entirety; it ends up being more comments than code! I've also created a GitHub Gist for IisNodeUrlRewriter in case anyone wants to iterate on it or make improvements. (Some ideas: auto-detect the logging/debug paths by parsing web.config/iisnode.yml, use server.js instead of app.js when present, support redirects for only parts of the site, etc.)

     

    // Copyright (c) 2014 by David Anson, http://dlaa.me/
    // Released under the MIT license, http://opensource.org/licenses/MIT
    
    using System;
    using System.Text.RegularExpressions;
    using System.Web;
    
    /// <summary>
    /// An IHttpModule that rewrites all URLs to /app.js (making the original URL available to the Node.js application).
    /// </summary>
    /// <remarks>
    /// For use with Node.js applications running under iisnode on IIS as an alternative to installing the URL Rewrite module.
    /// </remarks>
    public class IisNodeUrlRewriter : IHttpModule
    {
        /// <summary>
        /// Unique lookup key for the HttpContext.Items dictionary.
        /// </summary>
        private const string ItemsKey_PathAndQuery = "__IisNodeUrlRewriter_PathAndQuery__";
    
        /// <summary>
        /// Regex matching paths that should not be rewritten.
        /// </summary>
        /// <remarks>
        /// Specifically: /iisnode(/...) /app.js/debug(/...) and /app.js.debug(/...)
        /// </remarks>
        private Regex _noRewritePaths = new Regex(@"^/(iisnode|app\.js[/\.]debug)(/.*)?$", RegexOptions.IgnoreCase);
    
        /// <summary>
        /// Initializes a module and prepares it to handle requests.
        /// </summary>
        /// <param name="context">An HttpApplication that provides access to the methods, properties, and events common to all application objects within an ASP.NET application.</param>
        public void Init(HttpApplication context)
        {
            context.BeginRequest += HandleBeginRequest;
            context.PreRequestHandlerExecute += HandlePreRequestHandlerExecute;
        }
    
        /// <summary>
        /// Occurs as the first event in the HTTP pipeline chain of execution when ASP.NET responds to a request.
        /// </summary>
        /// <param name="sender">The source of the event.</param>
        /// <param name="e">An System.EventArgs that contains no event data.</param>
        private void HandleBeginRequest(object sender, EventArgs e)
        {
            // Get context
            var application = (HttpApplication)sender;
            var context = application.Context;
    
            // Rewrite all paths *except* those to the default log directory or those used for debugging
            if (!_noRewritePaths.IsMatch(context.Request.Path))
            {
                // Save original path
                context.Items[ItemsKey_PathAndQuery] = context.Request.Url.PathAndQuery;
    
                // Rewrite path
                context.RewritePath("/app.js");
            }
        }
    
        /// <summary>
        /// Occurs just before ASP.NET starts executing an event handler (for example, a page or an XML Web service).
        /// </summary>
        /// <param name="sender">The source of the event.</param>
        /// <param name="e">An System.EventArgs that contains no event data.</param>
        private void HandlePreRequestHandlerExecute(object sender, EventArgs e)
        {
            // Get context
            var application = (HttpApplication)sender;
            var context = application.Context;
    
            // Restore original path (if present)
            var originalPath = context.Items[ItemsKey_PathAndQuery] as string;
            if (null != originalPath)
            {
                context.RewritePath(originalPath);
            }
        }
    
        /// <summary>
        /// Disposes of the resources (other than memory) used by the module that implements IHttpModule.
        /// </summary>
        public void Dispose()
        {
            // Nothing to do here; implementation of this method is required by IHttpModule
        }
    }
    
    Tags: Node.js Technical Web