Lift.js error upgrading an app from 2.6.2 to 3.0

[Channing Walton]

Hi,

I'm getting this error in an app I am trying to upgrade:

2016-12-10 14:44:28,871 IB-SYCOMORE ERROR net.liftweb.http.LiftRules - Exception being returned to browser when processing /classpath/lift.js

java.util.NoSuchElementException: head of empty list

        at scala.collection.immutable.Nil$.head(List.scala:420)

        at scala.collection.immutable.Nil$.head(List.scala:417)

        at net.liftweb.http.LiftServlet.stepThroughPipeline$1(LiftServlet.scala:428)

Any idea what that is caused by? This quite a big app I'm upgrading so any pointers where to start looking would be appreciated.

Channing

[Matt Farmer]

Hey Channing,

Is this happening on your local machine or in a deployed container server? I haven’t seen this issue myself, but it looks like somehow the classpath isn’t set up correctly.

Is there any chance that you don’t have all the Lift 3 jars on your classpath wherever this is running?

—
Matt Farmer | Blog | Twitter
GPG: CD57 2E26 F60C 0A61 E6D8  FC72 4493 8917 D667 4D07

--
--
Lift, the simply functional web framework: http://liftweb.net
Code: http://github.com/lift
Discussion: http://groups.google.com/group/liftweb
Stuck? Help us help you: https://www.assembla.com/wiki/show/liftweb/Posting_example_code

---
You received this message because you are subscribed to the Google Groups "Lift" group.
To unsubscribe from this group and stop receiving emails from it, send an email to liftweb+u...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Channing Walton]

Hi,

you’re right, something it right with my set up. I was running it from IDE, but when I ran from the cmd line under sbt it didn’t even compile.

I’ll sort my mess out and get back if there is still an issue.

Thanks,

Channing

You received this message because you are subscribed to a topic in the Google Groups "Lift" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/liftweb/jtUP3lmX9S4/unsubscribe.
To unsubscribe from this group and all its topics, send an email to liftweb+u...@googlegroups.com.

[Channing Walton]

Running  the app from SBT still gives me that errors plus all these:

http://127.0.0.1:8080/ib/classpath/lift.js Failed to load resource: the server responded with a status of 500 (Server Error)

login:54 [Report Only] Refused to apply inline style because it violates the following Content Security Policy directive: "default-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-aqNNdDLnnrDOnTNdkJpYlAxKVJtLt9CtFLklmInuUAE='), or a nonce ('nonce-...') is required to enable inline execution. Note also that 'style-src' was not explicitly set, so 'default-src' is used as a fallback.

login:91 [Report Only] Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'unsafe-eval' 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-WS/KMgTBa58PFP3TCyivf9yzvBTv0zyVEw/3EE2QJ88='), or a nonce ('nonce-...') is required to enable inline execution.

F1239448713875FN120Y.js:2 Uncaught TypeError: Cannot read property 'extend' of undefined

login:1 [Report Only] Refused to load the image 'data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABMAAAANCAYAAABLjFUnAAAACXBIW…8PGK9UlJQNxu8UMIZjVZDBPOawjNW4pmplE5jFkX/yPQDFYTbukzAYUgAAAABJRU5ErkJggg==' because it violates the following Content Security Policy directive: "img-src *".



I have no idea where to start.

I appreciate that this is going to be difficult to help with as this is a fairly large existing 2.6 app that has no issues.

I couldn’t find a migration path from 2.6 to 3.0, perhaps I missed it?

Channing

On 10 Dec 2016, at 17:52, Matt Farmer <ma...@frmr.me> wrote:

You received this message because you are subscribed to a topic in the Google Groups "Lift" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/liftweb/jtUP3lmX9S4/unsubscribe.
To unsubscribe from this group and all its topics, send an email to liftweb+u...@googlegroups.com.

[Matt Farmer]

The migration path actually shouldn’t be that difficult. I know what change is causing part of your trouble.

The “refused to apply” alerts are because we enabled a feature called Content Security Protection to further guard against XSS in Lift applications. Most immediately, you can just turn things off so that they are the way they were in 2.6 by adding the following to your boot class:

    LiftRules.securityRules = () => {

      SecurityRules(content = None)

    }      

However, I think there is still something funky going on with the way lift.js is being included. I don’t think there is supposed to be an “ib” prefix on that URL. Can you see if http://127.0.0.1:8080/classpath/lift.js seems valid with your app running?

—
Matt Farmer | Blog | Twitter
GPG: CD57 2E26 F60C 0A61 E6D8  FC72 4493 8917 D667 4D07

[Peter Petersson]

Actually if 'ib' is the context path of the path (http://hostname.com/contextPath/servletPath/pathInfo) i think that it is the correct behavior.

Best regards Peter Petersson

[Peter Petersson]

... but yes Matt is right this is normally not added in a development environment where you start your app from a SBT console.

best regards Peter Petersson

On 2016-12-11 00:33, Matt Farmer wrote:

[Channing Walton]

I’ll check that out but ‘ib’ is the context path so it should be there.

I’ll try the security settings thing too.

Thanks,

Channing

Channing Walton | Underscore Consulting Ltd
+44 (0) 7980 294809 | @channingwalton 

channin...@underscoreconsulting.com

Underscore Consulting Ltd

[Josef Vlach]

Hi Channing,

the problem was overriding allowedPaths in application boot code:

ResourceServer.allowedPaths = { case _ => false }

which prevented lift.js to be found in resource classpath, causing in the end calling of head on an empty list.

Josef

[Channing Walton]

Doh! Why did we do that? Mysterious decisions of the past.

Thanks!

Sent from my iPhone