3x zoom broken on GB mirror
4 views
Skip to first unread message
David Hoover
Mar 4, 2016, 12:29:29 PM3/4/16
to genome...@soe.ucsc.edu
Hi,
This is a strange one. A user just reported that the 3x button (zoom in
and zoom out) gives this error message:
hgTracks object is missing from the response
I've traced it back to js/hgTracks.js, but I have no idea why only the
3x button gives this error. The 1.5x, 10x, and 100x buttons are fine.
The URL for our mirror is https://hpcwebapps.cit.nih.gov/eyebrowse.
Any clues of where to start looking to find a cause?
Thanks,
David Hoover
HPC @ NIH
This is a strange one. A user just reported that the 3x button (zoom in
and zoom out) gives this error message:
hgTracks object is missing from the response
I've traced it back to js/hgTracks.js, but I have no idea why only the
3x button gives this error. The 1.5x, 10x, and 100x buttons are fine.
The URL for our mirror is https://hpcwebapps.cit.nih.gov/eyebrowse.
Any clues of where to start looking to find a cause?
Thanks,
David Hoover
HPC @ NIH
Galt Barber
Mar 4, 2016, 3:37:34 PM3/4/16
to David Hoover, genome...@soe.ucsc.edu
Hi, David!
The 3x button is padded with some spaces to increase the width.Which has those spaces correctly html-encoded in the request.
If you go to that URL, you get this:
ERROR: bad input code is 521
I guess you guys made it up.
By they way, changing the URL to remove those %20 encoded
spaces around the hgt.out2 value will result in a normal response
instead of an error.
--
David Hoover
Mar 4, 2016, 5:46:33 PM3/4/16
to Galt Barber, genome...@soe.ucsc.edu
Yep, you're exactly right. I modified the code to filter out any
suspicious characters. I log the filters, and sure enough there it is.
Thanks,
David
On 3/4/2016 3:37 PM, Galt Barber wrote:
> Hi, David!
>
> The 3x button is padded with some spaces to increase the width.
> When ajax callback sends request it looks like this:
>
> https://hpcwebapps.cit.nih.gov/eyebrowse/cgi-bin/hgTracks?hgt.out2=%203x%20&hgt.trackImgOnly=1&hgt.ideogramToo=1&hgsid=913392_oET3IYqHdcdFHlBs5TCzhjQFhpsI&_=1457117769646
>
> Which has those spaces correctly html-encoded in the request.
>
> If you go to that URL, you get this:
>
> ERROR: bad input code is 521
>
> But 521 is not a standard http error code.
> I guess you guys made it up.
>
> By they way, changing the URL to remove those %20 encoded
> spaces around the hgt.out2 value will result in a normal response
> instead of an error.
>
> Since we do not see the error here, it must be a change
> made to your web server configuration, and if it started recently,
> then it is because somebody at your site just changed it.
>
> It seems that some sort of defensive mechanism you have on the server is
> objecting to having padded values, even though properly escaped.
> You will have to check your own settings, or talk to your admins.
> The defense mechanism is too sensitive, this is a false-positive.
>
> -Galt
>
> 2016-03-04 9:25 GMT-08:00 David Hoover <hoov...@helix.nih.gov
> <mailto:hoov...@helix.nih.gov>>:
suspicious characters. I log the filters, and sure enough there it is.
Thanks,
David
On 3/4/2016 3:37 PM, Galt Barber wrote:
> Hi, David!
>
> The 3x button is padded with some spaces to increase the width.
> When ajax callback sends request it looks like this:
>
> https://hpcwebapps.cit.nih.gov/eyebrowse/cgi-bin/hgTracks?hgt.out2=%203x%20&hgt.trackImgOnly=1&hgt.ideogramToo=1&hgsid=913392_oET3IYqHdcdFHlBs5TCzhjQFhpsI&_=1457117769646
>
> Which has those spaces correctly html-encoded in the request.
>
> If you go to that URL, you get this:
>
> ERROR: bad input code is 521
>
> But 521 is not a standard http error code.
> I guess you guys made it up.
>
> By they way, changing the URL to remove those %20 encoded
> spaces around the hgt.out2 value will result in a normal response
> instead of an error.
>
> Since we do not see the error here, it must be a change
> made to your web server configuration, and if it started recently,
> then it is because somebody at your site just changed it.
>
> It seems that some sort of defensive mechanism you have on the server is
> objecting to having padded values, even though properly escaped.
> You will have to check your own settings, or talk to your admins.
> The defense mechanism is too sensitive, this is a false-positive.
>
> -Galt
>
> 2016-03-04 9:25 GMT-08:00 David Hoover <hoov...@helix.nih.gov
Reply all
Reply to author
Forward
0 new messages