[Solved] AJAX Requests Blocked on Production Host

[Jason Huck]

Trying to deploy a PW site to a client's hosting provider. Everything works as expected in development, but on the production host, certain AJAX requests fail. Here's what I'm seeing:

1) I have form on every page which is submitted via AJAX POST to the current page. No matter which page you POST to, it always returns a PW 404 page.

2) AJAX image uploads on the back end return a 200 or 302 for the original request, then spawn a GET request for the homepage.

In trying to troubleshoot this, I have found that the host has both suhosin and mod_security installed. They've provided me with a local php.ini to test configuration changes. I've added the following to .htaccess (temporarily):

# account-specific php.ini file
<IfModule mod_suphp.c>
	suPHP_ConfigPath /home/[username]
	<Files php.ini>
		order allow,deny
		deny from all
	</Files>
</IfModule>

# disable mod_security
<IfModule mod_security.c>
	SecFilterEngine Off
	SecFilterScanPOST Off
</IfModule>

In the php.ini file, I've set the following directives:

suhosin.simulation = On
always_populate_raw_post_data = -1

I've also set a specific directory for uploads:

upload_tmp_dir = /home/[username]/tmp

GD support is included.

PW doesn't log any errors, even with $config->debug set to true.

This is PW 2.7.3 on PHP 5.6.28.

 

What else should I check?

 

 

[Jason Huck]

Also:

- The host uses both nginx and varnish in front of Apache. I do not have access to the nginx config, and only realized it was in the mix by inspecting the response headers from the server.

- The host also uses varnish. I have access to a varnish folder, the only contents of which is a text file where you can exclude domains from caching. I added the domains for this host, but I still see varnish headers in the response. The response is a "miss", though, so I don't think caching is an issue.

- ProcessWire is fielding the AJAX request and the code I have in place to handle it gets executed without (server-side) errors. It subscribes the user to a MailChimp mailing list (verified at Mailchimp), sets a cookie, and returns a JSON response.

- Even though setcookie returns 1, the cookie doesn't get set in my browser. The standard PW cookies do get set, though.

I've tried explicitly setting various access control headers in .htaccess, but it's not a cross-origin request. My best guess currently is that nginx and/or varnish have security settings which are interfering. I've asked the provider for assistance but haven't had much luck yet.

 

[Jason Huck]

Just to close this out, there turned out to be multiple, unrelated issues. The 404 on the front end was due to a coding error on my part. The upload issue on the back end was due to missing support for iconv and imagick. All sorted now.