Jump to content

Recommended Posts

@Karinne Cyphers I've pushed up 1.5.52 which attempts to fix the change that PHP 7.3 made to preg_*, where hyphens need to be escaped if not at the end of a character set in an expression. Not able to test on my side, so please could you update and let me know if it runs? Thanks!

Share this post


Link to post
Share on other sites

Unfortunately, Using 1.5.52 created a number of issues for us.  We did downgrade our servers to PHP 7.2.x and for us, using 1.5.51 generates far fewer errors.  With 52 we were having an issue where the headers weren't being set and our cookies we use for different forms weren't being set.

Share this post


Link to post
Share on other sites

Hi @Mike Rockett

I'm moving WP site to PW where I have such URLs with Cyrillic characters 

2018/11/16/обухівських-школярів-навчать-писати/

and actualy it doesn't work. I have turned on debug mode and it says that there is no match.  

Also, I have tried to use Wildcards like

Source 
{year:num}/{month:num}/{date}/{title:segment}
Destination
[template=archive-item,archive_url=/{year}/{month}/{date}/{title}/]]

In the archive-item template, I have field archive_url that contain full URL in the format '/2018/11/16/обухівських-школярів-навчать-писати/'.

Have I missed something?

Thanks. 

Share this post


Link to post
Share on other sites

@wbmnfktr @Mike Rockett Thanks, but I'm not sure that you understand me correctly.

On PW site I don't want to use UTF8 name, but I have such URLs on the old site and I want to make a redirect from URLs like '2018/11/16/обухівських-школярів-навчать-писати/' to some destination page.

Currently, I tracked down that it's relative to urldecode/urlencode. 

For example, I have such jumplink

818805764_FireShotCapture016-JumplinksProcessWire_-http___obukhiv.test_admin_setup_jumplinks_entity_.png.05f69c74b3b2f92ca0580086db7168cf.png

Here is the output of Jumplink debug mode

1996786726_FireShotCapture017--http___obukhiv.test_4000_D182D0B5D181D182.png.74d4ffb4767c77cbb265551263507bee.png

617614397_FireShotCapture018--http___obukhiv.test_4000_D182D0B5D181D182.png.d3691c8df9cb8c08f0fff7d27797c614.png

 

As you can see "request" is not urldecoded, but we are trying match decoded string.

If I change this code on line 204 https://gitlab.com/rockettpw/seo/jumplinks-one/blob/master/ProcessJumplinks.module.php#L204

$this->request = ltrim(@$_SERVER['REQUEST_URI'], '/');

to

$this->request = urldecode(ltrim(@$_SERVER['REQUEST_URI'], '/'));

I get such output

874305864_FireShotCapture019--http___obukhiv.test_4000_D182D0B5D181D182.png.acde5f0327ada612a6b3c28fdcc6bc95.png

1162875510_FireShotCapture021--http___obukhiv.test_4000_D182D0B5D181D182.png.802a63b3a86d8afb391b91db114a15e8.png

-------------

The next issue is that I can't get wildcards to work with Cyrillic characters

1737388865_FireShotCapture022--http___obukhiv.test_4000_2014_06_18_D183D187D0BDD196-D188D0.thumb.png.69c5a923c58c747b343a746ed12be314.png

 

Share this post


Link to post
Share on other sites

It's weird. I have managed to get it working with German umlauts, but not with cyrillic characters.

I guess the culprit is not line 204, but further below:

$input = iconv('utf-8', 'us-ascii//TRANSLIT', $input);

I've tried to implement the fix suggested here, but it still didn't work... (1st user-contributed note).

Share this post


Link to post
Share on other sites

Hi everyone! Does anyone know if it's possible to map a source url taking into account optional string at the end? For example:

Source -> Destination

example.com/es/this-is-a-nice-url -> example.com/es/this-is-a-nice-url

example.com/es/this-is-a-nice-url-1 -> example.com/posts/this-is-a-nice-url

example.com/es/this-is-a-nice-url-2 -> example.com/posts/this-is-a-nice-url

 

Making the "-1" or "-2" optional.

Share this post


Link to post
Share on other sites
On 3/23/2019 at 4:10 PM, dragan said:

It's weird. I have managed to get it working with German umlauts, but not with cyrillic characters.

I guess the culprit is not line 204, but further below:


$input = iconv('utf-8', 'us-ascii//TRANSLIT', $input);

I've tried to implement the fix suggested here, but it still didn't work... (1st user-contributed note).

These regex expressions don't not match Cyrillic characters

https://gitlab.com/rockettpw/seo/jumplinks-one/blob/master/ProcessJumplinks.module.php#L94

https://gitlab.com/rockettpw/seo/jumplinks-one/blob/master/ProcessJumplinks.module.php#L95

https://gitlab.com/rockettpw/seo/jumplinks-one/blob/master/ProcessJumplinks.module.php#L98

https://gitlab.com/rockettpw/seo/jumplinks-one/blob/master/ProcessJumplinks.module.php#L99

They should be changed to something like

[\wа-я]+/ig

 

Share this post


Link to post
Share on other sites
6 hours ago, elabx said:

Hi everyone! Does anyone know if it's possible to map a source url taking into account optional string at the end? For example:

Source -> Destination

example.com/es/this-is-a-nice-url -> example.com/es/this-is-a-nice-url

example.com/es/this-is-a-nice-url-1 -> example.com/posts/this-is-a-nice-url

example.com/es/this-is-a-nice-url-2 -> example.com/posts/this-is-a-nice-url

 

Making the "-1" or "-2" optional.

 

Not tested

content/{path}/some-url[-{num}]

Share this post


Link to post
Share on other sites
4 hours ago, Zeka said:

Not tested


content/{path}/some-url[-{num}]

Didn't work unfortunately 😞

Share this post


Link to post
Share on other sites

Feature request, Mike. I know you're busy so just putting it out there.

I am logging 404 hits to a site that get's a ton of spam links. An old SEO spam issue which I am cleaning up.

Anyway, I notice that the jumplinks database table was becoming huge and had bloated to thousands of enties making the database itself very large.

That better house-keeping is my responsibility but wondered if a feature might be useful to optionally auto-delete these over a certain threshold. Or possibly send an email or notification that the logs were becoming quite big etc.

 

Share this post


Link to post
Share on other sites
On 4/10/2019 at 6:45 PM, elabx said:

Hi everyone! Does anyone know if it's possible to map a source url taking into account optional string at the end? For example:

Source -> Destination

example.com/es/this-is-a-nice-url -> example.com/es/this-is-a-nice-url

example.com/es/this-is-a-nice-url-1 -> example.com/posts/this-is-a-nice-url

example.com/es/this-is-a-nice-url-2 -> example.com/posts/this-is-a-nice-url

 

Making the "-1" or "-2" optional.

Unfortunately, this isn't built in as a feature, but I'm thinking the non-capture feature might work for you. Not tested, but try using <[-]{1}[\d*]> at the end of the source.

On 4/13/2019 at 2:31 PM, Peter Knight said:

Feature request, Mike. I know you're busy so just putting it out there.

I am logging 404 hits to a site that get's a ton of spam links. An old SEO spam issue which I am cleaning up.

Anyway, I notice that the jumplinks database table was becoming huge and had bloated to thousands of enties making the database itself very large.

That better house-keeping is my responsibility but wondered if a feature might be useful to optionally auto-delete these over a certain threshold. Or possibly send an email or notification that the logs were becoming quite big etc.

 

Thanks Peter – I recall wanting to do this for v2, where you choose how many you'd like to retain in the log.

I think I'm gonna need to find some time to finish v2. Will likely need to make a few changes here and there (not up to speed with all the new core-dev) before I proceed with the frontend work that's still due. 

  • Like 2

Share this post


Link to post
Share on other sites

Just a note on unicode support: this is vastly improved in v2, once rule 16b is in use. Not planning on bringing it to v1, unfortunately.

Share this post


Link to post
Share on other sites

Hey Mike,

is there anything the community could do to support you with v2? The new version is highly anticipated 🙂

  • Like 1

Share this post


Link to post
Share on other sites

Thanks for the reply @Mike Rockett!

In a completely different scneario, I am trying this as source: 

[propiedades]/detalle_propiedad/1363/some-segment[/][?b=1]

(As destination it's a plain url)

So that it would match:

  • detalle_propiedad/1363/casa-en-preventa-colonia-maya?b=1
  • detalle_propiedad/1363/casa-en-preventa-colonia-maya/?b=1
  • propiedades/detalle_propiedad/1363/casa-en-preventa-colonia-maya/?b=1

Does anyone know if I am correct in this assumption?

EDIT: Solved it with two jumplinks like this:

  • {segments}/{num:num}/{segment}/?b=1
  • {segments}/{num:num}/{segment}?b=1

I also think there might be something the community could do to help? Funding? "Crowdfunding"? Though maybe Mike's slammed with client work or sth and that's it haha

Share this post


Link to post
Share on other sites
On 4/17/2019 at 1:20 AM, elabx said:

I also think there might be something the community could do to help? Funding? "Crowdfunding"? Though maybe Mike's slammed with client work or sth and that's it haha

Under normal circumstances, contributions to OSS help out with continued development – issue on my side is exactly that: slammed with work. With that said, there are several public holidays coming up (four-day weeks for two/three weeks), so I think I can slot in some time to get things going here and at maybe even put up a testing version of sorts next month. Further on down the line, when it's stable, we'd definitely need to look at getting someone onboard to assist with maintenance.

  • Like 1

Share this post


Link to post
Share on other sites

Hi Mike, the update 1.5.53->1.5.54 with the PW "Upgrades" plugin does not work (worked before). It re-installes the old version.

Share this post


Link to post
Share on other sites

Hey @Mike Rockett – just wondering if you could add this module to Packagist as well? Would make installing via Composer nice and easy 🙂

Again setting type as pw-module and adding wireframe-framework/processwire-composer-installer as a dependency would be perfect. Thanks in advance for considering!

Share this post


Link to post
Share on other sites

Hi everyone,

I oversaw a site migration recently. A large part of the legacy site's URL structure changed and we installed Jumplinks to manage all the redirects.

Since the launch I've been monitoring 404s in Google Analytics and we appear to getting quite a few (around 40 per week). What's odd is that the affected URLs all have jumplinks in places, and when I test them the redirects work perfectly fine. 

I can't see why Analytics would be picking these up but I'm quite concerned- if anyone as any insight it would be greatly appreciated.

Best

Harry

 

Screenshot 2019-07-11 at 14.05.23.png

Screenshot 2019-07-11 at 14.06.22.png

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.

  • Similar Content

    • By Gadgetto
      Status update links (inside this thread) for SnipWire development will be always posted here:
      2019-08-08
      2019-06-15
      2019-06-02
      2019-05-25
      If you are interested, you can test the current state of development:
      https://github.com/gadgetto/SnipWire
      Please note that the software is not yet intended for use in a production system (alpha version).
      If you like, you can also submit feature requests and suggestions for improvement. I also accept pull requests.
      ---- INITIAL POST FROM 2019-05-25 ----
      I wanted to let you know that I am currently working on a new ProcessWire module that fully integrates the Snipcart Shopping Cart System into ProcessWire. (this is a customer project, so I had to postpone the development of my other module GroupMailer).
      The new module SnipWire offers full integration of the Snipcart Shopping Cart System into ProcessWire.
      Here are some highlights:
      simple setup with (optional) pre-installed templates, product fields, sample products (quasi a complete shop system to get started immediately) store dashboard with all data from the snipcart system (no change to the snipcart dashboard itself required) Integrated REST API for controlling and querying snipcart data webhooks to trigger events from Snipcart (new order, new customer, etc.) multi currency support self-defined/configurable tax rates etc. Development is already well advanced and I plan to release the module in the next 2-3 months.
      I'm not sure yet if this will be a "Pro" module or if it will be made available for free.
      I would be grateful for suggestions and hints!
      (please have a look at the screenshots to get an idea what I'm talking about)
       




    • By apeisa
      Update 31.7.2019: AdminBar is now maintained by @teppo. Modules directory entry has been updated, as well as the "grab the code" link below.
      ***
      Latest screencast: http://www.screencas...73-ab3ba1fea30c
      Grab the code: https://github.com/teppokoivula/AdminBar
      ***
      I put this Adminbar thingy (from here: http://processwire.c...topic,50.0.html) to modules section and to it's own topic.
      I recorded quick and messy screencast (really, my first screencast ever) to show what I have made so far. You can see it from here: http://www.screencas...18-1bc0d49841b4
      When the modal goes off, I click on the "dark side". I make it so fast on screencast, so it might seem a little bit confusing. Current way is, that you can edit, go back to see the site (without saving anything), continue editing and save. After that you still have the edit window, but if you click "dark side" after saving, then the whole page will be reloaded and you see new edits live.
      I am not sure if that is best way: there are some strengths in this thinking, but it is probably better that after saving there shouldn't be a possibility to continue editing. It might confuse because then if you make edits, click on dark side -> *page refresh* -> You lose your edits.
      ***
      When I get my "starting module" from Ryan, I will turn this into real module. Now I had to make some little tweaks to ProcessPageEdit.module (to keep modal after form submits). These probably won't hurt anything:
      if($this->redirectUrl) $this->session->redirect($this->redirectUrl); if(!empty($_GET['modal'])) $this->session->redirect("./?id={$this->page->id}&modal=true"); // NEW LINE else $this->session->redirect("./?id={$this->page->id}");   and...
      if(!empty($_GET['modal'])) { $form->attr('action', './?id=' . $this->id . '&modal=true'); } else { $form->attr('action', './?id=' . $this->id); // OLD LINE }  
    • By nbcommunication
      I've spent the last while experimenting with srcset implementation - and PageimageSrcset is the result:
      PageimageSrcset
      Provides configurable srcset and sizes properties/methods for Pageimage.
      Overview
      The main purpose of this module is to make srcset implementation as simple as possible in your template code. It does not handle images rendered in CKEditor or similar fields.
      For an introduction to srcset and sizes, please read this Mozilla article about responsive images.
      Pageimage::srcset()
      // The property, which uses the set rules in the module configuration $srcset = $image->srcset; // A method call, using a set rules string // Delimiting with a newline (\n) would also work, but not as readable $srcset = $image->srcset("320, 480, 640x480 768w, 1240, 2048 2x"); // The same as above but using an indexed/sequential array $srcset = $image->srcset([ "320", "480", "640x480 768w", "1240", "2048 2x", ]); // The same as above but using an associative array // No rule checking is performed $srcset = $image->srcset([ "320w" => [320], "480w" => [480], "768w" => [640, 480], "1240w" => [1240], "2x" => [2048], ]); // Use the default set rules with portrait images generated for mobile/tablet devices $srcset = $image->srcset(true); // Return the srcset using all arguments $srcset = $image->srcset("320, 480, 640x480 768w, 1240, 2048 2x", [ "portrait" => "320, 640", ]); // The set rules above are a demonstration, not a recommendation! Image variations are only created for set rules which require a smaller image than the Pageimage itself. On large sites this may still result in a lot of images being generated. If you have limited storage, please use this module wisely.
      Portrait Mode
      In many situations, the ratio of the image does not need to change at different screen sizes. However, images that cover the entire viewport are an exception to this and are often the ones that benefit most from srcset implementation.
      The main problem with cover images is that they need to display landscape on desktop devices and portrait when this orientation is used on mobile and tablet devices.
      You can automatically generate portrait images by enabling portrait mode. It is recommended that you use this in combination with Pageimage::focus() so that the portrait variations retain the correct subject.
      The generated variations are HiDPI/Retina versions. Their height is determined by the portrait ratio (e.g. 9:16). Variations are always generated, regardless of whether the original image is smaller. Upscaling is disabled though, so you may find that some variations are actually smaller than they say they are in their filename.
      The sizes attribute should be used when portrait mode is enabled. Pageimage::sizes will return (orientation: portrait) and (max-width: {maxWidth}px) 50vw by default, which handles the use of these images for retina devices. The maximum width used in this rule is the largest set width.
      Pageimage::sizes()
      There is no option to configure default sizes because in most cases 100vw is all you need, and you do not need to output this anyway as it is inferred when using the srcset attribute. You can use the method for custom sizes though:
      // The property $sizes = $image->sizes; // Returns 100vw in most cases // Returns '(orientation: portrait) and (max-width: {maxWidth}px)50vw' if portrait mode enabled // A method call, using a mixture of integer widths and media query rules // Integer widths are treated as a min-width media query rule $sizes = $image->sizes([ 480 => 50, "(orientation: portrait) and (max-width: 640px)" => 100, 960 => 25, ]); // (min-width: 480px) 50vw, (orientation: portrait) and (max-width: 640px) 100vw, (min-width: 960px) 25vw // Determine widths by UIkit 'child-width' classes $sizes = $image->sizes([ "uk-child-width-1-2@s", "uk-child-width-1-3@l", ]); // (min-width: 640px) 50vw, (min-width: 1200px) 33.33vw // Determine widths by UIkit 'width' classes $sizes = $image->sizes([ "uk-width-1-2@m", "uk-width-1-3@xl", ]); // (min-width: 960px) 50vw, (min-width: 1600px) 33.33vw // Return the portrait size rule $sizes = $image->sizes(true); // (orientation: portrait) and (max-width: {maxWidth}px) 50vw // The arguments above are a demonstration, not a recommendation! Pageimage::render()
      This module extends the options available to this method with:
      srcset: When the module is installed, this will always be added, unless set to false. Any values in the formats described above can be passed. sizes: Only used if specified. Any values in the formats described above can be passed. uk-img: If passed, as either true or as a valid uk-img value, then this attribute will be added. The srcset attribute will also become data-srcset. Please refer to the API Reference for more information about this method.
      // Render an image using the default set rules echo $image->render(); // <img src='image.jpg' alt='' srcset='{default set rules}'> // Render an image using custom set rules echo $image->render(["srcset" => "480, 1240x640"]); // <img src='image.jpg' alt='' srcset='image.480x0-srcset.jpg 480w, image.1240x640-srcset.jpg 1240w'> // Render an image using custom set rules and sizes // Also use the `markup` argument echo $image->render("<img class='image' src='{url}' alt='Image'>", [ "srcset" => "480, 1240", "sizes" => [1240 => 50], ]); // <img class='image' src='image.jpg' alt='Image' srcset='image.480x0-srcset.jpg 480w, image.1240x640-srcset.jpg 1240w' sizes='(min-width: 1240px) 50vw'> // Render an image using custom set rules and sizes // Enable uk-img echo $image->render([ "srcset" => "480, 1240", "sizes" => ["uk-child-width-1-2@m"], "uk-img" => true, ]); // <img src='image.jpg' alt='' data-uk-img data-srcset='image.480x0-srcset.jpg 480w, image.1240x640-srcset.jpg 1240w' sizes='(min-width: 960px) 50vw'> // Render an image using portrait mode // Default rule sets used: 320, 640, 768, 1024, 1366, 1600 // Portrait widths used: 320, 640, 768 // Original image is 1000px wide // Not possible to use portrait mode and custom sets or portrait widths in render() // Sizes attribute automatically added echo $image->render(["srcset" => true]); // <img src='image.jpg' alt='' srcset='image.320x569-srcset-hidpi.jpg 320w, image.640x1138-srcset-hidpi.jpg 640w, image.768x1365-srcset-hidpi.jpg 768w, image.jpg 1024w' sizes='(orientation: portrait) and (max-width: 768px) 50vw'> Configuration
      To configure this module, go to Modules > Configure > PageimageSrcset.
      Set Rules
      These are the default set rules that will be used when none are specified, e.g. when calling the property: $image->srcset.
      Each set rule should be entered on a new line, in the format {width}x{height} {inherentwidth}w|{resolution}x.
      Not all arguments are required - you will probably find that specifying the width is sufficient for most cases. Here's a few examples of valid set rules and the sets they generate:
      Set Rule Set Generated Arguments Used 320 image.320x0-srcset.jpg 320w {width} 480x540 image.480x540-srcset.jpg 480w {width}x{height} 640x480 768w image.640x480-srcset.jpg 768w {width}x{height} {inherentwidth}w 2048 2x image.2048x0-srcset.jpg 2x {width} {resolution}x How you configure your rules is dependent on the needs of the site you are developing; there are no prescriptive rules that will meet the needs of most situations. This article gives a good overview of some of the things to consider.
      When you save your rules, a preview of the sets generated and an equivalent method call will be displayed to the right. Invalid rules will not be used, and you will be notified of this.
      Portrait Mode
      Set Widths
      A comma limited list of widths to create HiDPI/Retina portrait variations for.
      Crop Ratio
      The portrait ratio that should be used to crop the image. The default of 9:16 should be fine for most circumstances as this is the standard portrait ratio of most devices. However, you can specify something different if you want. If you add a landscape ratio, it will be switched to portrait when used.
      Any crops in the set rules ({width}x{height}) are ignored for portrait mode variations as this ratio is used instead.
      UIkit Widths
      If your website theme uses UIkit, you can pass an array of UIkit width classes to Pageimage::sizes to be converted to sizes. The values stored here are used to do this. If you have customised the breakpoints on your theme, you should also customise them here.
      Please note that only 1- widths are evaluated by Pageimage::sizes, e.g. uk-width-2-3 will not work.
      Remove Variations
      If checked, the image variations generated by this module are cleared on Submit. On large sites, this may take a while. It makes sense to run this after you have made changes to the set rules.
      Image Suffix
      You will see this field when Remove Variations is checked. The value is appended to the name of the images generated by this module and is used to identify variations. You should not encounter any issues with the default suffix, but if you find that it conflicts with any other functionality on your site, you can set a custom suffix instead.
      Debug Mode
      When this is enabled, a range of information is logged to pageimage-srcset.
      PageimageSrcsetDebug.js is also added to the <head> of your HTML pages. This will console.log a range of information about the images and nodes using srcset on your page after a window.onresize event is triggered. This can assist you in debugging your implementation.
      The browser will always use the highest resolution image it has loaded or has cached. You may need to disable browser caching to determine whether your set rules are working, and it makes sense to work from a small screen size and up. If you do it the other way, the browser is going to continue to use the higher resolution image it loaded first.
      UIkit Features
      This module implements some additional features that are tailored towards UIkit being used as the front-end theme framework, but this is not required to use the module.
      Installation
      Download the zip file at Github or clone the repo into your site/modules directory. If you downloaded the zip file, extract it in your sites/modules directory. In your admin, go to Modules > Refresh, then Modules > New, then click on the Install button for this module. ProcessWire >= 3.0.123 is required to use this module.
    • By nbcommunication
      Wondering how to get that A+ rating on Mozilla Observatory? Now you can with ⭐⭐⭐MarkupContentSecurityPolicy⭐⭐⭐
      Of course, MarkupContentSecurityPolicy does not guarantee an A+ rating, but it does help you implement a Content Security Policy for your ProcessWire website.
      Markup Content Security Policy
      Configure and implement a Content Security Policy for all front-end HTML pages.
      This module should only be used in production once it has been fully tested in development. Implementing a Content Security Policy on a site without testing will almost certainly break something!
      Overview
      Website Security Auditing Tools such as Mozilla Observatory will only return a high score if a Content Security Policy is implemented. It is therefore desirable to implement one.
      A common way of adding the Content-Security-Policy header would be to add it to the .htaccess file in the site's root directory. However, this means the policy would also cover the ProcessWire admin, and this limits the level of security policy you can add.
      The solution is to use the <meta> element to configure a policy, for example: <meta http-equiv="Content-Security-Policy" content="default-src 'self'; img-src https://*; child-src 'none';">. MarkupContentSecurityPolicy places this element with your configured policy at the beginning of the <head> element on each HTML page of your site.
      There are some limitations to using the <meta> element:
      Not all directives are allowed. These include frame-ancestors, report-uri, and sandbox. The Content-Security-Policy-Report-Only header is not supported, so is not available for use by this module. Configuration
      To configure this module, go to Modules > Configure > MarkupContentSecurityPolicy.
      Directives
      The most commonly used directives are listed, with a field for each. The placeholder values given are examples, not suggestions, but they may provide a useful starting point.
      You will almost certainly need to use 'unsafe-inline' in the style-src directive as this is required by some modules (e.g. TextformatterVideoEmbed) or frameworks such as UIkit.
      Should you wish to add any other directives not listed, you can do so by adding them in Any other directives.
      Please refer to these links for more information on how to configure your policy:
      https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy https://scotthelme.co.uk/content-security-policy-an-introduction/ https://developers.google.com/web/fundamentals/security/csp/ Violation Reporting
      Because the report-uri directive is not available, when Violation Reporting is enabled a script is added to the <head>which listens for a SecurityPolicyViolationEvent. This script is based on https://developer.mozilla.org/en-US/docs/Web/API/SecurityPolicyViolationEvent and POSTs the generated report to ?csp-violations=1. The module then logs the violation report to csp-violations.
      Unfortunately, most of the violations that are reported are false positives, and not actual attempts to violate the policy. These are most likely from browser extensions and are not easy to determine and filter.
      For this reason, there is no option for the report to be emailed when a policy is violated. Instead, you can specify an endpoint for the report to be sent to. This allows you to handle additional reporting in a way that meets your needs. For example, you may want to log all reports in a central location and send out an email once a day to an administrator notifying them of all sites with violations since the last email.
      Retrieving the Report
      To retrieve the report at your endpoint, the following can be used:
      $report = file_get_contents("php://input"); if(!empty($report)) { $report = json_decode($report, 1); if(isset($report) && is_array($report) && isset($report["documentURI"])) { // Do something } } Debug Mode
      When this is enabled, a range of information is logged to markup-content-security-policy. This is probably most useful when debugging a reporting endpoint.
      Additional .htaccess Rules
      To get an A+ score on Mozilla Observatory, besides using HTTPS and enabling the HSTS header, you can also place the following prior to ProcessWire's htaccess directives:
      Header set Content-Security-Policy "frame-ancestors 'self'" Header set Referrer-Policy "no-referrer-when-downgrade" Installation
      Download the zip file at Github or clone the repo into your site/modules directory. If you downloaded the zip file, extract it in your sites/modules directory. In your admin, go to Modules > Refresh, then Modules > New, then click on the Install button for this module. ProcessWire >= 3.0.123 is required to use this module.
×
×
  • Create New...