We recently launched a site and as part of a PCI Compliance security audit noticed that when we do a redirect from an XSLT extension trace information is included in the response event though all debugging and trace config settings are turned off. This made us fail the PCI compliance.
I got the source code set up and noticed that an exception is thrown in the Macro (see below), but I am unsure why the trace information is getting output.
Can anyone shed any light of this please?
Trace Information
Category
Message
From First(s)
From Last(s)
aspx.page
Begin PreInit
umbracoInit
handling request
2.06345864661654E-05
0.000021
request handler
current url ''
4.69233082706767E-05
0.000026
umbracoRequestHandler
xpath: '/root/node'
7.82827067669173E-05
0.000031
umbracoRequestHandler
xpath: '/root/node [@urlName = ""] | /root/node'
9.35308270676692E-05
0.000015
umbracoRequestHandler
xpath: '/root/node [@urlName = ""] | /root/node'
0.000110240601503759
0.000017
umbracoRequestHandler
Just before xPath query (False, '/root/node [@urlName = ""] | /root/node')
0.000124472180451128
0.000014
umbracoRequestHandler
pageXPathQueryStart: '/root'
0.000136872180451128
0.000012
umbracoRequestHandler
After xPath query
0.000175633082706767
0.000039
umbracoRequestHandler
Access checking started
0.000216911278195489
0.000041
umbracoRequestHandler
Page not protected
0.000237524812030075
0.000021
umbracoRequestHandler
Access checking ended
0.000250084210526316
0.000013
umbracoInit
Done handling request
0.000264661654135338
0.000015
umbracoPage
Element loaded: storefrontPath
0.000322439097744361
0.000058
umbracoPage
Element loaded: galleryFolder
0.000344403007518797
0.000022
umbracoPage
Element loaded: breadcrumbTitle
0.000359906766917293
0.000016
umbracoPage
Element loaded: serviceUrl
0.000375560902255639
0.000016
umbracoPage
Element loaded: analyticsCode
0.000392562406015038
0.000017
umbracoPage
Element loaded: facebookURL
0.000408051127819549
0.000015
umbracoPage
Element loaded: twitterURL
0.00042286015037594
0.000015
umbracoPage
Element loaded: flickrURL
0.000438144360902256
0.000015
umbracoPage
Element loaded: youtubeURL
0.000453022556390977
0.000015
umbracoPage
Element loaded: ShowDistributorsLink
0.000468156390977444
0.000015
umbracoPage
Element loaded: metaTitle
0.000483603007518797
0.000015
umbracoPage
Element loaded: keywords
0.000499028571428571
0.000015
umbracoPage
Element loaded: metaDescription
0.000514264661654135
0.000015
umbracoPage
Element loaded: umbracoNaviHide
0.000534878195488722
0.000021
umbracoPage
Pagedata loaded for My Site (ID: 1051, Version: 221ed11e-e58e-4736-8d78-9a648b14d4c3)
0.0005512
0.000016
aspx.page
End PreInit
0.000765461654135338
0.000214
aspx.page
Begin Init
0.000783025563909774
0.000018
umbracoMacro
Macro loaded from cache (ID: 23, Get Geolocation)
0.000812535338345865
0.000030
renderMacro
Rendering started (macro: Get Geolocation, type: 1, cacheRate: 0)
Thread was being aborted. at umbraco.macro.loadMacroXSLT(macro macro, Hashtable attributes, Hashtable pageElements)
0.00246293533834586
0.001090
Template
Error adding macro Get Geolocation
Thread was being aborted. at umbraco.macro.loadMacroXSLT(macro macro, Hashtable attributes, Hashtable pageElements) at umbraco.macro.renderMacro(Hashtable attributes, Hashtable pageElements, Int32 pageId) at umbraco.presentation.templateControls.Macro.CreateChildControls()
Did you ever get to the bottom of this? I have a custom 500 page which appears when an error occurs and for some reason the trace info is appearing at the bottom of the page.
Tracing Security Risk
We recently launched a site and as part of a PCI Compliance security audit noticed that when we do a redirect from an XSLT extension trace information is included in the response event though all debugging and trace config settings are turned off. This made us fail the PCI compliance.
I got the source code set up and noticed that an exception is thrown in the Macro (see below), but I am unsure why the trace information is getting output.
Can anyone shed any light of this please?
Trace Information
Error loading XSLT GetGeolocation.xslt
Thread was being aborted.at umbraco.macro.loadMacroXSLT(macro macro, Hashtable attributes, Hashtable pageElements)
Error adding macro Get Geolocation
Thread was being aborted.at umbraco.macro.loadMacroXSLT(macro macro, Hashtable attributes, Hashtable pageElements)
at umbraco.macro.renderMacro(Hashtable attributes, Hashtable pageElements, Int32 pageId)
at umbraco.presentation.templateControls.Macro.CreateChildControls()
Hi Brendan
Did you ever get to the bottom of this? I have a custom 500 page which appears when an error occurs and for some reason the trace info is appearing at the bottom of the page.
Thanks
Ah - nevermind. Found the solution in another post.
In case anyone else has this issue, set debug=false in default.aspx.
is working on a reply...