Dynamic scripts with CSP (Content Security Policy)

An ASP.NET WebForms project adds several scripts to the page on the fly. Since these scripts don’t exist in the compile time, how to whitelist these dynamic scripts with CSP?

The title and the first paragraph may sound pretty abstract. Let’s look at the fundamentals first.

Are you receiving “Custom JavaScript is not allowed” error? Check this post out.

What is CSP (Content Security Policy)?

CSP is an HTTP header that we use to prevent cross site scripting (XSS) and packet sniffing attacks. Long story short: By using CSP header, we tell the browser which scripts or other resources we trust. The browser executes these resources and ignores the rest.

Here is an example CSP header:

object-src 'none';  script-src 'nonce-{random}' 'unsafe-inline'

As mentioned in this article, this header means:

object-src 'none' Prevents fetching and executing plugin resources embedded using <object>, <embed> or <applet> tags. The most common example is Flash.

script-src nonce-{random} 'unsafe-inline' The nonce directive means that <script> elements will be allowed to execute only if they contain a nonce attribute matching the randomly-generated value which appears in the policy.

Note: In the presence of a CSP nonce the unsafe-inline directive will be ignored by modern browsers. Older browsers, which don’t support nonces, will see unsafe-inline and allow inline scripts to execute.

For more information about CSP:

If the browser blocks a resource because it doesn’t comply with CSP, you will see this error in browser logs:

Refused to execute inline script because it violates the following Content Security Policy directive: “script-src ‘self'”. Either the ‘unsafe-inline’ keyword, a hash, or a nonce is required to enable inline execution.

Dynamic scripts with CSP

How to prevent executing dynamic scripts with CSP?

Using unsafe-inline removes the error above (“Refuse to execute inline script“). However, it is not a secure way of whitelisting dynamically created scripts.

script-src 'self' 'unsafe-inline'

Other than using unsafe-inline, it doesn’t seem like there is another way to whitelist dynamic scripts with CSP. There are a few open questions below if you want to keep posted about future updates on this topic.

3D printing for beginners

3D printing for beginners (with Snapmaker)

3D printing was something only manufacturers were able to afford years ago. Now, it’s entering our houses with a low cost and easy-to-use 3D printers. Here is a jump-start guide to 3D printing for beginners.

If you are new to this area and have a limited budget (just like me), I would recommend buying a user-friendly 3D printer that comes with all the equipment you need including a filament (like the ink for normal printers).

There are several good alternatives on Amazon. The price for 3D printers goes from $150 to a few thousand dollars. I chose a relatively new product, Snapmaker. It has $799 price tag on Amazon.

3D printing for beginners
Printing a Storm Trooper with 3D printer!

One big advantage of Snapmaker 3D printer is that its capability of laser engraving and CNC carving. Only other 3-in-1 alternative was Dobot Mooz. Both are results of successful Kickstarter campaigns.

Need a tool to design infographics and charts? Check this post out.

A quick guide to 3D printing for beginner

It took only about an hour from me to assembly my 3D printer and start the first printing job. Here is a 2-minute video for my first 3D printing experience!

Here are the high level steps to 3D printing for beginners:

  1. Assembly the printer. It is as easy as assembling IKEA furniture. Follow the instructions of the manufacturer. I would say, Snapmaker did a good job on instructions document. It was easy to follow.
  2. Do the calibration. The printer should know the exact position of the heated bed (the plate on which the 3D model is printed). Follow the instructions carefully as even millimeters make a difference for the final result.
  3. Load filament. Snapmaker comes with a white filament (PLA type). This is all you need to get started! Again, instructions are pretty clear about how to load the filament.
  4. Download the software. You will need Snapmaker3D software to send models to your printer. It’s fast and easy to download via their website. The printer is also compatible with Cura, Simplify 3D, and Slic3r (I haven’t tested any of these).
  5. Open the 3D file in the software. You will need 3D models in STL files. You can download free samples on Thingiverse. This a good source about 3D printing for beginners.
  6. Connect and print! Once you open your STL file successfully in Snapmaker3D, connect your laptop to the printer via USB cable and click “Connect” button. Then click “Preview”. If everything looks good, click “Print” and enjoy!

It may take several hours to print out a 3D model. The wait time depends on the size of the model and the quality you choose. I printed this Storm Trooper model in %90 scale and “Fast Printing” option. It took about 10 hours to finish.

If you have recommendations about 3D printing for beginners, please drop a comment!

If you are interested in devices such as 3D printers, you will probably like Amazon’s voice assistant, Alexa, too! Check this post out to see what Alexa can do for you.

w3wp.exe crashes every 5 minutes with error code 0xc0000374

w3wp.exe is the executable file of IIS worker process. It’s basically a Windows process that handles requests coming to your web server. Each worker process specifically serves for an application pool. Each application pool creates at least one instance of w3wp.exe. In some cases, w3wp.exe may crash with the error code 0xc0000374 in Event Viewer.

Here is the error message in Event Viewer:

Event ID 1000
Faulting application name: w3wp.exe
Faulting module name: ntdll.dll
Exception code: 0xc0000374

Error code 0xc0000374 in Event Viewer

A symptom of this issue could be extremely slow performance of the application.

Related topic: How to enable Assembly Binding Logging debugging .NET applications?

What to do when w3wp.exe crashes with the exception code 0xc0000374

I would recommend getting running DebugDiag tool to collect crash dump. After collecting and analyzing the crash dump, I noticed that the root cause of the issue was a heap corruption.

Heap corruption 0xc0000374

If this is the issue in your case, here are a few things to try:

  • One of the major cause of heap corruptions is that access violation error. An Antivirus software may cause this. I recommend temporarily disabling any antivirus software and monitoring the system
  • Another major cause of heap corruptions is memory leaks. A logical issue in the application itself may cause memory leaks. It’s a good idea to do a health check in your application. If you have recently upgraded it, it is possible that the new version is causing this issue. It’s very common that third-party applications cause this issue
  • Make sure to keep your Windows and third-party software up-to-date

DebugDiag logs provides a valuable information so you can narrow down the issue. However, a heap corruption may need a deeper level of debugging for further analysis. You can use WinDbg to troubleshoot heap corruption issues.

AppFabric Caching Service is crashing too? Check this post out.