Jump to content

[Solved] AJAX Requests Blocked on Production Host

Jason Huck

Recommended Posts

Trying to deploy a PW site to a client's hosting provider. Everything works as expected in development, but on the production host, certain AJAX requests fail. Here's what I'm seeing:

1) I have form on every page which is submitted via AJAX POST to the current page. No matter which page you POST to, it always returns a PW 404 page.

2) AJAX image uploads on the back end return a 200 or 302 for the original request, then spawn a GET request for the homepage.

In trying to troubleshoot this, I have found that the host has both suhosin and mod_security installed. They've provided me with a local php.ini to test configuration changes. I've added the following to .htaccess (temporarily):

# account-specific php.ini file
<IfModule mod_suphp.c>
	suPHP_ConfigPath /home/[username]
	<Files php.ini>
		order allow,deny
		deny from all

# disable mod_security
<IfModule mod_security.c>
	SecFilterEngine Off
	SecFilterScanPOST Off

In the php.ini file, I've set the following directives:

suhosin.simulation = On
always_populate_raw_post_data = -1

I've also set a specific directory for uploads:

upload_tmp_dir = /home/[username]/tmp

GD support is included.

PW doesn't log any errors, even with $config->debug set to true.

This is PW 2.7.3 on PHP 5.6.28.


What else should I check?



Link to comment
Share on other sites


- The host uses both nginx and varnish in front of Apache. I do not have access to the nginx config, and only realized it was in the mix by inspecting the response headers from the server.

- The host also uses varnish. I have access to a varnish folder, the only contents of which is a text file where you can exclude domains from caching. I added the domains for this host, but I still see varnish headers in the response. The response is a "miss", though, so I don't think caching is an issue.

- ProcessWire is fielding the AJAX request and the code I have in place to handle it gets executed without (server-side) errors. It subscribes the user to a MailChimp mailing list (verified at Mailchimp), sets a cookie, and returns a JSON response.

- Even though setcookie returns 1, the cookie doesn't get set in my browser. The standard PW cookies do get set, though.

I've tried explicitly setting various access control headers in .htaccess, but it's not a cross-origin request. My best guess currently is that nginx and/or varnish have security settings which are interfering. I've asked the provider for assistance but haven't had much luck yet.


Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Similar Content

    • By Liam88
      I'm really struggling with this as it's something not in my wheelhouse. I'm creating a blog style page (a grid of cards) which has attributes.
      I have a snip of javascript which grabs values from checkboxes which are put into a value like the below:
      document.querySelector("form").onsubmit=ev=>{ ev.preventDefault(); let o={}; ev.target.querySelectorAll("[name]:checked").forEach(el=>{ (o[el.name]=o[el.name]||[]).push(el.value)}) console.log(location.pathname+"?"+ Object.entries(o).map(([v,f])=> v+"="+f.join("_")).join("&") ); document.location.href = location.pathname+"?"+ Object.entries(o).map(([v,f])=> v+"="+f.join("_")).join("&"); } As I'm currently refeshing the page on button click with those values the end result includes the location but can easily remove this.
      I then use this value in "input->get" to get the values which I then append to a find() rule. See code below:
      $selector = "template='adbank_pages',sort=published,include=all,status!=hidden"; // Get the channel and content inputs $channel = $input->get->channel; $content = $input->get->content; if($channel){ // Grab the channel string, explode into an array for checkbox checking and then replace _ with | to create or rules in the selector. $chanArray = explode("_", $channel); $chan = $channel = str_replace('_', '|', $channel); $selector = $selector .= ",ab_channels=$chan"; } if($content){ // Grab the content string, explode into an array for checkbox checking and then replace _ with | to create or rules in the selector. $contArray = explode("_", $content); $cont = $content = str_replace('_', '|', $content); $selector = $selector .= ",ab_content=$cont"; } if($input->get){ // If a valid input result $all = $pages->find($selector); } }else{ // If no input show them all $all = $page->children("template='adbank_pages',sort=-published,include=all,status!=hidden"); } $items = $all->find("limit=12"); // Limit the output and use pagination As mentioned above I currently refresh the page to adjust the $selector filter within the $all with a fallback $all if there are no results.
      I know I need to use AJAX to filter the content without refresh but I am really struggling with the set up. I have read multiple posts including the original by Ryan but still confused.
      If anyone can direct/help on this it would be appreciated.
      Thank you
    • By Max Esnée
      When I upload a large(ish) SVG (≈120ko in this case) into an image field, it tends to get stuck at 100% and block the whole website. If I force refresh the admin page, the svg has not been uploaded. The file is correctly copied into the assets folder though. Other svg tends to be uploaded fine albeit I've noticed that pages containing svg images in the admin are very slow to load generally. Other pages using the same template but with jpeg or png images are much faster to load.
      I get the following error in the JS console:

      I develop locally using MAMP on macOS and I'm using Firefox. I'm using the last ProcessWire version (3.0.165).
      I also tested in Chrome and got the same error.
    • By Marvin
      I'm new at process wire and i want to make an web using upload file and showing it at the table as a link to open it at the new tab. I wa succed while upload a file, but how i showing it as a link at the table to open it at the new tab of my browser? Any suggestion may helpfull
      Here i attach my code below :
      This code is for upload it to back-end (process wire)
      <?php $note = $note2 = $hidden =""; if($input->post->submit){ $upload_path = $config->paths->assets.'files/upload/'; if(!is_dir($upload_path)){ if(!wireMkdir($upload_path)) throw new WireException("No upload path"); } $original = $sanitizer->text($input->post->original); $indonesia = $sanitizer->text($input->post->indonesia); $other = $sanitizer->text($input->post->other); $composer = $sanitizer->text($input->post->composer); if(!$original || !$indonesia || !$other || !$composer){ $note = "Data tidak lengkap"; } else { $newFile = new WireUpload("song_files"); $newFile->setMaxFiles(1); $newFile->setOverwrite(false); $newFile->setDestinationPath($upload_path); $newFile->setValidExtensions(array('pdf','docx','doc')); $files = $newFile->execute(); if(!count($files)) { $newFile->error("No files received, so not creating page."); return false; } $newImg = new WireUpload("img_files"); $newImg->setMaxFiles(1); $newImg->setOverwrite(false); $newImg->setDestinationPath($upload_path); $newImg->setValidExtensions(array('jpeg','jpg','png','gif')); $files = $newImg->execute(); if(!count($files)) { $newImg->error("No files received, so not creating page."); return false; } $newPage = new Page(); $newPage->template = "files"; $newPage->parent = $pages->get("/files/"); $newPage->title = $original; $newPage->text_1 = $indonesia; $newPage->text_2 = $other; $newPage->text_3 = $composer; $newPage->of(false); $newPage->save(); foreach($files as $filename) { $filepath = $upload_path . $filename; $newPage->files->add($filepath); $newPage->message("Add file : $filename"); unlink($filepath); } $newPage->save(); } } ?> and this code to showing it as a link at the table
      <table class="border"> <tr> <th>No.</th> <th>Original Song Title</th> <th>Indonesia Song Title</th> <th>Other Song Title</th> <th>Composer</th> <th>File (pdf)</th> </tr> <?php $num = 1; $song; foreach($pages->get("/files/")->children as $child) { //showing every child at files parent directory $page == $child; $song = $pages->get("/files/".$child->id."/")->files; //showing uploaded files at child directory echo $child->id; echo "<tr><td>".$num++.".</td><td>".$child->title."</td><td>".$child->text_1."</td><td>".$child->text_2."</td><td>".$child->text_3."</td><td><a href='".$song->httpUrl."'</a>".$song->name."</td></tr>"; } ?> </table> Thank you for any suggestion
    • By 997 998 999
      I'm trying to edit the field of a page with a value from a javascript fetch post request but I can't get the
      file_get_contents("php://input") or
      $_POST value in my PHP file.
      I created a `update` template and a `update` page (to allow access from fetch request and avoid 404/403/... errors) containing this code :
      $data = file_get_contents('php://input'); echo $data; # test edit the page field with random value #$home = $pages->get("/"); #$home->of(false); #$home->testfield = "test value"; #$home->save(); # test fetch response with random value #echo "test fetch response"; That I fetch request with my client javascript like this :
      fetch('/update', { method: 'POST', body: 'test' }) .then(function(response) { return response.text(); }) .then(function(data) { console.log(data); }) .catch(error => console.log('error')) } The field edit works fine and I get the test response from the `update` file but I can't get the posted value, I only get `<empty string>`. It is working fine outside of ProcessWire so I guess this is related to how PW handle $_POST ?
      I found this post where it seems to be working :
      Is there any way to get post value from javascript fetch request? What am I doing wrong?
      Thank you
    • By markus_blue_tomato
      We have created a module to create BlurHash strings for images while uploading in ProcessWire. This blurry images will be saved in the database because they are very small (20-30 characters) and can be used for Data-URL's  as placeholders for image-lazy loading.
      E.g. where we use this in production:
      https://www.blue-tomato.com/en-INT/blue-world/ https://www.blue-tomato.com/en-INT/blue-world/products/girls-are-awesome/ https://www.blue-tomato.com/en-INT/buyers-guides/skateboard/skateboard-decks/ https://www.blue-tomato.com/en-INT/team/anna-gasser/
  • Create New...