Jump to content
Jason Huck

[Solved] AJAX Requests Blocked on Production Host

Recommended Posts

Trying to deploy a PW site to a client's hosting provider. Everything works as expected in development, but on the production host, certain AJAX requests fail. Here's what I'm seeing:

1) I have form on every page which is submitted via AJAX POST to the current page. No matter which page you POST to, it always returns a PW 404 page.

2) AJAX image uploads on the back end return a 200 or 302 for the original request, then spawn a GET request for the homepage.

In trying to troubleshoot this, I have found that the host has both suhosin and mod_security installed. They've provided me with a local php.ini to test configuration changes. I've added the following to .htaccess (temporarily):

# account-specific php.ini file
<IfModule mod_suphp.c>
	suPHP_ConfigPath /home/[username]
	<Files php.ini>
		order allow,deny
		deny from all
	</Files>
</IfModule>

# disable mod_security
<IfModule mod_security.c>
	SecFilterEngine Off
	SecFilterScanPOST Off
</IfModule>

In the php.ini file, I've set the following directives:

suhosin.simulation = On
always_populate_raw_post_data = -1

I've also set a specific directory for uploads:

upload_tmp_dir = /home/[username]/tmp

GD support is included.

PW doesn't log any errors, even with $config->debug set to true.

This is PW 2.7.3 on PHP 5.6.28.

 

What else should I check?

 

 

Share this post


Link to post
Share on other sites

Also:

- The host uses both nginx and varnish in front of Apache. I do not have access to the nginx config, and only realized it was in the mix by inspecting the response headers from the server.

- The host also uses varnish. I have access to a varnish folder, the only contents of which is a text file where you can exclude domains from caching. I added the domains for this host, but I still see varnish headers in the response. The response is a "miss", though, so I don't think caching is an issue.

- ProcessWire is fielding the AJAX request and the code I have in place to handle it gets executed without (server-side) errors. It subscribes the user to a MailChimp mailing list (verified at Mailchimp), sets a cookie, and returns a JSON response.

- Even though setcookie returns 1, the cookie doesn't get set in my browser. The standard PW cookies do get set, though.

I've tried explicitly setting various access control headers in .htaccess, but it's not a cross-origin request. My best guess currently is that nginx and/or varnish have security settings which are interfering. I've asked the provider for assistance but haven't had much luck yet.

 

Share this post


Link to post
Share on other sites

Just to close this out, there turned out to be multiple, unrelated issues. The 404 on the front end was due to a coding error on my part. The upload issue on the back end was due to missing support for iconv and imagick. All sorted now.

 

 

  • Like 2

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

  • Similar Content

    • By dimitrios
      Hello,
      this module can publish content of a Processwire page on a Facebook page, triggered by saving the Processwire page.
      To set it up, configure the module with a Facebook app ID, secret and a Page ID. Following is additional configuration on Facebook for developers:
      Minimum Required Facebook App configuration:
      on Settings -> Basics, provide the App Domains, provide the Site URL, on Settings -> Advanced, set the API version (has been tested up to v3.3), add Product: Facebook Login, on Facebook Login -> Settings, set Client OAuth Login: Yes, set Web OAuth Login: Yes, set Enforce HTTPS: Yes, add "https://www.example.com/processwire/page/" to field Valid OAuth Redirect URIs. This module is configurable as follows:
      Templates: posts can take place only for pages with the defined templates. On/Off switch: specify a checkbox field that will not allow the post if checked. Specify a message and/or an image for the post.
      Usage
      edit the desired PW page and save; it will post right after the initial Facebook log in and permission granting. After that, an access token is kept.
       
      Download
      PW module directory: http://modules.processwire.com/modules/auto-fb-post/ Github: https://github.com/kastrind/AutoFbPost   Note: Facebook SDK for PHP is utilized.


    • By rushy
      Hi. I've been using Processwire for a few years now and installed it on a few different shared hosting servers without issues, but I'm now running into an issue on a Fasthosts shared server that I've not seen before. The installation goes ok and I have a working default site profile but I am unable to complete any uploads of images. It just hangs at the progress spinner during the upload. I thought it might be a priviledge issue so have temporarily set the dir / file privs. as 777 / 666 just to test that but it made no difference. I have no errors in the wire log. In server error log I have:
      set_time_limit() has been disabled for security reasons in ....htdocs/wire/core/ImageSizerEngine.php on line 1035 and i note in the assets/file dir. where the image is being stored the date on the file being created has a year of 1970 and 0 length. If I leave the page this file disappears and nothing has been stored. 
      Does anyone know how I can enable set_time_limit if this is likely to be the problem? 
      Many thanks! Paul
    • By Fanni
      Hi all, 
      I am having some issues uploading a PDF to our website (a problem we’ve had before).
      I have tried reducing the size of the PDF but the problem seems to be with generating the thumbnail image because the upload works under the Fallback mode but the thumbnail is terrible (see attached). 
      Does anybody have any advice about this? Please note that I'm not a developer. 
      Thanks!
       


    • By michelangelo
      Hello there,
      I am building my website, which has a dozen projects with 10 images each. Basically, I need a filtering system but built in the most efficient and user-friendly way. You can see below that the images flow sideways so being hidden, JS lazy loading was a good tool, but I just wanted to try AJAX. Is it fit for this purpose or it's more for dynamic content?
       

    • By iipa
      Hello forum!
      I have a site, where I want to remember two settings defined by user:
      1) Theme (light or dark)
      2) Language (Finnish or English)
      Because user makes changes to these settings on client side, I am a bit lost with how can I save them in ProcessWire $session variable? I would like to use $session for more reliable saving, and since it is only two variables I will use, I doubt it will become too resource-needy.
      I have tried using jQuery's post() -method referring to a file in Templates folder (theme.php), but I get 403 Forbidden Error. I don't like the idea of trying to post to same file user currently is in, which is why I thought having a separate file would be good in this.
      Contents of theme.php:
      <?php namespace ProcessWire; header('Access-Control-Allow-Origin: https://domain.com'); $theme = $input->post['theme']; if(!empty($theme)) $session->theme = $theme; ?> Long story short: Does anybody have any pro tips I could use with setting and getting $session variables?
×
×
  • Create New...