You are not logged in.
- Topics: Active | Unanswered
#1 Re: mORMot 2 » mORMot 2 support Delphi Mobile compiler ? » Yesterday 09:12:51
itSDS wrote:i think no one will make a server on mobile platform.
Our "peer cache" feature relies on local UDP/TCP servers, and could benefit on client side too, but I don't know how it is possible on the mobile, especially about firewall port opening.
I would think about a "pure client" peercache feature, without any UDP/TCP server.
I used http server on mobile a time ago and did not have to open any port but may this changed meanwhile
#2 Re: mORMot 2 » mORMot 2 support Delphi Mobile compiler ? » 2025-06-25 07:17:38
I too asked this question long time ago 
and actually using SynCrossPlatform Client with some Patches. It works generally great.
The Problem is that you have to generate special Client.pas Unit from Server. And it would be great if this step can be removed.
for the iOS/Android it is not neccessary to port the whole m2. only the client stuff and rtti because i think no one will make a server on mobile platform.
#3 Re: mORMot 2 » regression in logging » 2025-06-24 19:11:23
Ty Arnaud it solves my problem
#4 Re: mORMot 2 » regression in logging » 2025-06-10 11:50:40
Hi Arnaud, ty for your patch.
Today we wanted to see the Result of a SOA Call in Log. In former Versions there was the complete JSON Array.
In the new m2 there is only 1 line saying Response with 1.7MB
Is it possible to add the complete JSON to Log again. We need it to debug problems. Log Size and Performance does not matter in our case ! More important is to log the Information.
A switch to enable / Disable Big Data would be ok too.
#5 Re: mORMot 2 » regression in logging » 2025-05-16 08:41:46
As Workaround i changed:
procedure TRest.InternalLogResponse(const aContent: RawByteString;
const aContext: shortstring; Level: TSynLogLevel);
begin // caller checked that self<>nil and sllServiceReturn in fLogLevel
// fLogFamily.Add.LogEscape(Level, '%', [aContext], pointer(aContent), length(aContent), self);
fLogFamily.Add.Log(Level, aContent, self, MAX_SIZE_RESPONSE_LOG);
end;#6 mORMot 2 » regression in logging » 2025-05-16 08:27:39
- itSDS
- Replies: 5
Hi Arnaud,
today i saw that some SOA Parameters i formerly could read are shortened now.
There was a const MAX_SIZE_RESPONSE_LOG which i changed to a larger Value
now this const is not used any more and at the places it was formerly used InternalLogResponse is called!
InterlogResponse uses LogEscape which uses a ShortString now an cuts all after 200 Char.
This is not very useful.
#7 Re: mORMot 2 » Simple Question for new DoLog/Enter » 2025-05-15 09:19:17
TY Daniel, this makes sense if you like to add something else to the Log.
My Question was concerning the Use of the Cast to PUtf8Char
#8 mORMot 2 » Simple Question for new DoLog/Enter » 2025-05-13 08:26:21
- itSDS
- Replies: 4
Hi Arnaud i have a may be stupid question how to handle your Change in TSynLog.DoLog/Enter in our Programs
you changed one Parameter from RawUtf8 to PUtf8Char
what is the best way to fix the Compiler Errors:
Sample 1:
old:
var XYZ: String := 'test'; // Sometimes we got String Var
TSynLog.Enter(StringToUtf8(XYZ), ...);
new:
TSynLog.Enter(PUtf8Char(StringToUtf8(XYZ)), ...); // is this the best way ?
Im not sure what this cast really does 
#9 Re: mORMot 2 » Security Problem with Session Cookie » 2025-04-16 12:38:54
TY looks good !
#10 Re: mORMot 2 » Security Problem with Session Cookie » 2025-04-16 10:02:51
Hi As BUGFix i commented the Lines 1539-1541 in mormot.rest.mvc
result := fContext.Validate(
cookie, PRecordData, PRecordTypeInfo, PExpires, nil, Invalidate);
// if result <= 0 then
// // delete any invalid/expired cookie on server side
// Finalize;
end;#11 Re: mORMot 2 » Security Problem with Session Cookie » 2025-04-16 09:11:50
Please try with tonight's code.
It should keep track of the finalized sessions, and reject them.
I also switched the cookie signature and encryption to AES-GCM-128 which is both very fast and cryptographically secure.
As far as I can tell, there is no advantage of using a JWT in respect to our TBinaryCookieGenerator now.
Hi Arnaud, sorry i testet wrong. The Problem was not solved correctly.
I didn't provide function for fApplication.OnSessionFinalized so invalidate was not called.
But if i provide function there is an Stack Overflow generated because finalize is called recursive.
#12 Re: mORMot 2 » Question: Modifying OutCustomHeaders in GetViewInfo ? » 2025-03-21 09:22:53
I think both Variants are to complicated. I genereate ContentSecurityPolicy in GetViewInfo which generates 2 Nonce Values for script and style
This both values i give to mustache {{main.cspnonce}}
if i use callback it is called after mvc, how could i add my nonces to main.xy ?
if i use ttomas version i have to add my code to every function, i have a lot
To make it easy, i made a little patch to TRestUriParams and added a new value: ContentSecurityPolicy
LowLevelUserAgent: RawUtf8;
/// itSDS: für ContentSecurityPolicy !
ContentSecurityPolicy: RawUtf8; // itSDS
/// initialize the non RawUtf8 values
procedure Init; overload;Then i added a little bit of code to mormot.rest.http.server.pas
call.LowLevelUserAgent := Ctxt.UserAgent;
call.ContentSecurityPolicy := ''; // itSDS
if fHosts.Count > 0 then Ctxt.OutCustomHeaders := call.OutHead;
if call.ContentSecurityPolicy <> '' then // itSDS
Ctxt.AddOutHeader(['Content-Security-Policy: ', call.ContentSecurityPolicy]);
if call.OutInternalState <> 0 thenwhat do you think ?
#13 Re: mORMot 2 » Question: Modifying OutCustomHeaders in GetViewInfo ? » 2025-03-21 07:13:34
ty i'll try
#14 mORMot 2 » Question: Modifying OutCustomHeaders in GetViewInfo ? » 2025-03-20 19:26:16
- itSDS
- Replies: 5
Hi Arnaud, i like to add a different nonce for CSP to every call of GetViewInfo
Acually I put my CSP to OutCustomHeaders in HttpServer Request.
is it Possible to Access / Modify the Ctxt.OutCustomHeaders from MVCApplication ?
Thank you
#15 mORMot 2 » RS12.3 64Bit ComputeRoutes takes 99s in DEBUG Mode » 2025-03-19 11:19:19
- itSDS
- Replies: 1
I Start Service compiled for 64Bit in Debug Mode, it seems to hang, but in Log i can see that ComputeRoutes takes 99s to start.
Starting same Service from Command Line starts immediate as expected.
i saw thsi Problem before but not taking so long...
#16 Re: mORMot 2 » Delphi 12.3 doing timeout error starting server » 2025-03-19 11:00:56
Sry i must correct me, I changed above line without effect. Make new Ticket for my problem
#17 Re: mORMot 2 » Bug with Log To SynLz » 2025-03-19 10:15:23
After disabling the AntiVirus, the Problem does not happen again, may there was a problem with the AV ?!
#18 Re: mORMot 2 » Missing function NetConcat » 2025-03-19 10:12:20
I think you renamed it to mormot.core.base.concat
#19 mORMot 2 » Missing function NetConcat » 2025-03-19 10:03:53
- itSDS
- Replies: 2
Hi Arnaud, in latest version NetConcat is missing in mormot.net.http.pas
#20 Re: mORMot 2 » Security Problem with Session Cookie » 2025-03-19 09:45:06
There was one thing, happened to me
I changed CookieName to "DIT Test" and later got error in Reverse Proxy:
Description
This violation occurs when HTTP cookies contain at least one of the following components:
- Quotation marks in the cookie name.
- A space in the cookie name.
- An equal sign (=) in the cookie name.
Note: A space between the cookie name and the equal sign (=), and between the equal sign (=) and cookie value is allowed.
- An equal sign (=) before the cookie name.
- A carriage return (hexadecimal value of 0xd) in the cookie name.may be there should be a Check-Routine in SetCookieName throwing Exception if name does not match the rules für Cookie Names
#21 Re: mORMot 2 » Security Problem with Session Cookie » 2025-03-19 09:38:13
Hi Arnaud i testet it today an it seems to be secure now, could not use deletet Cookie any more.
#22 Re: mORMot 2 » Delphi 12.3 doing timeout error starting server » 2025-03-19 09:37:11
I have the same observation
#23 mORMot 2 » How Get RemoteIP correctly ? » 2025-03-17 18:36:57
- itSDS
- Replies: 1
Hi Arnaud,
i try to get RemoteIP in MVC Server.
I set RemoteIPServer either to X-Real-IP or X-Forwarded-For.
But how can i access/Request RemoteIP from function in MVC-Server ?
i tried it this way:
function TMyMVCApplication.GetCallerIPAdresse: RawUtf8;
begin
Result := FindIniNameValue(pointer(ServiceRunningContext.Request.Call.InHead), 'REMOTEIP: ');
if Length(Result) = 0 then
Result := ServiceRunningContext.Request.Call.LowLevelRemoteIP;
if Length(Result) = 0 then
Result := '127.0.0.1';
end;But RemoteIP is empty
Thank you
#24 Re: mORMot 2 » Bug with Log To SynLz » 2025-03-13 19:05:54
I was just looking fpr a reason, that the Log Files behave the described way.
The Problem is, if the BUG occurs, the Service seems to hang for the connected clients
#25 Re: mORMot 2 » Bug with Log To SynLz » 2025-03-13 11:32:11
Hi Arnaud, today we had this Problem again, consuming also a lot of cpu cycles in the service with the Log - Problem.
I found out, that on the server running the logs, Microsoft defender was scanning the logs.
Is this a possible Reason for the Problem?
I deaktivated the Defender - Scan for our Log/Service directories.
I will report if Problem has gone or not
#26 Re: mORMot 2 » Security Problem with Session Cookie » 2025-03-12 18:17:42
Yes Timeout is set to 240min
#27 Re: mORMot 2 » Custom SQL Queries Creating New Connections » 2025-03-12 08:15:47
In MySQL we increased the number of allowed connections, may be there is an option in PostgresSQL
#28 mORMot 2 » Security Problem with Session Cookie » 2025-03-11 20:05:31
- itSDS
- Replies: 10
Hi Arnaud, a Pentester has tested our mvc Server !
He found this vulnerability:
He saved the Session Cookie on client Site. Logged out frrom Server (On Server CurrentSession.Finalize is called and client Cookie Removed)
But after this he used the saved Cookie to call MVC - Pages.
The Cookie is still valid.
Do you know a simple way to invalidate such cookies ?
We Create Session Cookies after Login-Funktion with CurrentSession.Initialize and check it with CurrentSession.CheckAndRetrieve
Thank you
#29 Re: mORMot 2 » Json - Passing Variant a record » 2025-03-11 07:01:06
May be its better to use TObject instead of record than null in val should be possible
#30 Re: mORMot 2 » unexpected request timeouts » 2025-03-04 11:00:19
Hi Arnaud, i',m back from holiday, did you change something i can test ?
atm we switched back to standard server implementation
#31 Re: mORMot 2 » unexpected request timeouts » 2025-02-07 12:42:23
Hi Arnaud yes i think daniel has an other problem.
I sent you new Logs today with low level logs
And yes my Problem is primary with big data packets (exact size unkown) but its reproducable in different client server scenarios.
#32 Re: mORMot 2 » unexpected request timeouts » 2025-02-04 08:17:12
Hi Arnaud, i checked all of this:
What do you call "request timeout"?
Is it a HTTP_TIMEOUT = 408 error code?
Yes
On server side:
Is it visible on the server side, via TRestServerUriContext.ExecuteCommand() as TimeOut method - i.e. InternalLog('TimeOut %.Execute(%) after % ms' ?
No on Server site i can see nothing
Do you use the HeaderRetrieveAbortDelay option?
No
On client side:
It may come from a long SockReceivePending()=cspNoData line 2373 of THttpClientSocket from mormot.net.client.
Is it the case?
I don't know, i will add DoLog To OnLog
And the Connection is still alive - Server is responding to other clients
Client is sending next Request if i start any
The Only Thing i observed is, that the Packed is "bigger" lets say 600KB to 2MB
#33 Re: mORMot 2 » unexpected request timeouts » 2025-02-03 19:20:01
@AB yes its a 408 error. I made a documented client / Server / Log and sent it to you also.
#34 mORMot 2 » unexpected request timeouts » 2025-02-03 12:00:03
- itSDS
- Replies: 13
Hi Arnaud, this topic is not very easy, but i can not find the reason.
Using a m2 TRestHttpServer with WEBSOCKETS_DEFAULT_MODE and TRestHttpClientSocket only http connection
we get unexpected request timeouts on client site.
In Log we can see timestamp request to server, auth, instance and contract request.
But then using one of the interface function sometimes gives "request timeout"
On Server site we can see all as normal. but if request timeout nothing is in log on server site.
We checked firewall / content filter there should be nothing.
Do you have any idea what else we can check / Enable any extra log or so ?
#35 Re: mORMot 2 » Securing http server » 2025-02-02 19:01:46
Now i have ported Boilderplate to m2, just to let it run
I think your Code is Work in Progress !
The whole thing is very big so i understand, that other things are more important.
#36 mORMot 2 » Securing http server » 2025-01-28 19:49:53
- itSDS
- Replies: 1
Hi Arnaud,
i would like to make the http Server more secure and like to add this Options:
X-Frame-Options
Content-Security-Policy
Permissions-Policy
Cross-Origin-Embedder-Policy
Cross-Origin-Resource-Policy
Cross-Origin-Opener-Policy
I saw in mormot.net.http.pas some Options like in Boilerplate, but no implementation. Is it missing ?
#37 Re: mORMot 2 » How to Set secure attribute in cookie of MVC Application » 2025-01-20 13:57:35
Hi Arnaud, sounds good, is there an example of mutual Authentication available ?
#38 Re: mORMot 2 » How to Set secure attribute in cookie of MVC Application » 2025-01-20 11:55:16
One other question in this context, is it possible to crypt the traffic from client with syncrossplatform client to m2 server without using ssl.
as ssl can be compromitted with man in the middle attacks
#39 mORMot 2 » How to Set secure attribute in cookie of MVC Application » 2025-01-20 11:12:38
- itSDS
- Replies: 4
Hi Arnaud, we are asked to set secure Attribute for cookies, is this possible with m2 and how ?
ty
#40 Re: mORMot 2 » Bug with Log To SynLz » 2024-09-04 08:05:18
Sorry its
500*1024
or
1000*1024
#41 Re: mORMot 2 » Bug with Log To SynLz » 2024-09-03 19:10:23
In this case its 1000M but get same with 500M
The Content of the Log is nearly the same Just some lines added from file to file..
#42 Re: mORMot 2 » Bug with Log To SynLz » 2024-09-03 13:49:56
Hi Arnaud, here a some screens from the Logs, may be you understand now what i mean
I think there is a Problem in TSynLog.PerformRotation, May be the File can not be deleted or something else
#43 Re: mORMot 2 » Bug with Log To SynLz » 2024-08-30 08:54:58
Hi Arnaud, what do you mean ?
You need more details ?
The Problem occours not very often !
#44 mORMot 2 » Bug with Log To SynLz » 2024-08-27 12:26:05
- itSDS
- Replies: 11
Hi Arnaud,
today we had this Problem:
TSynLog.Family.RotateFileCount := 100
TSynLog.Family.RotateFileSizeKB := 500MB
TSynLog.Family.RotateFileDailyAtHour := 23
LogSize : 946MB
And 100 Files Created each containing the Log with some few lines added
It seems that the Log is not truncated / deleted after creating the synlz
so that every synlz contains the Log beginning at the same Line but enhanced with some newly added rows.
After restarting the Service everything runs as expected
Any Idea ?
#45 Re: mORMot 2 » Question concerning "auto"-Retry » 2024-06-03 11:42:51
Ty for your answer, i understand that client should not wait long for answers
#46 mORMot 2 » Question concerning "auto"-Retry » 2024-06-03 11:20:09
- itSDS
- Replies: 2
Hi Arnaud, i found this topic: https://synopse.info/forum/viewtopic.php?id=6249
and have a similar problem.
On Client Side i prepare a lot of Data lets say 50000 Records.
I pass them as an array of Records thru a SOA Function
The Server needs 10min to work on this records.
so i have to set my Timeouts > 10min (Send/Receive/Connect)
else a retry will occur and send the Records again.
As you wrote in the topic the server should only use ms to answer.
What will be the best approach to realise this big task ?
Should i implement an own thread handling it and send notifications during processing to client ?
Also as in topic, debugging is anoying with the retry.
What is the reason to retry the sending of data ? Should this not be handled in the SOA Call.
#47 Re: mORMot 2 » Stack Overflow in LogView » 2024-05-22 09:23:03
Good Tip thank you very much
#48 Re: mORMot 2 » Stack Overflow in LogView » 2024-05-22 08:19:26
Hi Arnaud, today i had a litte bit of time to fix the Problem.
in my Code a had lots of
TSynLog.Add.Log(sllEnter, .... (Used in Class Procedure)
But there is no automatically genereted sllLeave
LogView uses a recursive function: ComputeProperTime to calc times
This was called to often.
i made to things:
1. i increased the Stack Size of LogView with Compiler Switch: {$M 16384,4194304}
2. i changed the sllEnter to sllDebug
How can i use sllEnter in class functions/procedures to get runtime ?
Should i manually add sllLeave ?
#49 Re: mORMot 2 » E10060 with THttpClientSocket and not with Winhttp Client » 2024-05-14 09:56:57
Just to end this Ticket, with OPENSSL Version the Connection coulf be establiched.
One Thing: if i copy only the first dll (libcrypto...) and Libssl is missing, the Error Message should be like: libssl.. is missing ...
#50 Re: mORMot 2 » E10060 with THttpClientSocket and not with Winhttp Client » 2024-03-22 08:25:42
Ty just to give more information:
On Server Side Client Connection works in both modes.
Only Clients connecting over Network get timeout error
OpenSSL is disabled, I'll try it using OpenSSL