Jump to content

Cart and BlockTopMenu Problems only on product pages


Whispar1

Recommended Posts

Actually my thoughts are it is a mod_sec issue. I am thinking that when PrestaShop combines the css there is an expression in there that is against the current mod_sec rule set so it redflags and maybe strips it. When it strips the expression it effectively breaks the css from that point. Your only real options are to ask your host to whitelist what ever is breaking it, or trying and seeing if the disable mod sec from the backend fixes it. Some hosts won't allow mod_sec to be disabled from the htaccess. 

  • Like 1
Link to comment
Share on other sites

Good points.

I had this conversation with them before and they echo'd your thoughts on whether or not disabling mod_sec in the BO would actually work or not. I guess I'll leave ccc off until this is addressed. It's a shame bc with it on at least my gt scores were in the green :)

 

Funny thing, the only reason they added the mod_sec rules was bc I recently moved to a different server within the hosting company when I rebuilt my 1.5 built to 1.6 and I was having issues with my blog in that the submit button does not work (nobody can post a comment) The mod_sec did nothing for it and messed up my pages instead - always a battle.

 

Anyway - thanks for the insight - very much appreciated.

Link to comment
Share on other sites

If you are using the popular free blog, I think it is by smart data soft, the issue is the cross domain request that it does when it posts. There are basically two options for that as well, make it post a http page, or add a line that I cannot remember into the htaccess that allows for the cross origin. 

 

If you are on a vps and have whm access, you can see where it is picking up the mod_sec error. More than likely it is a legacy css expression that can be removed. If not, ask them which file is setting it off and if they can allow the file in the whitelist for the mod_sec rules. Then you should be able to use ccc again.

Link to comment
Share on other sites

I sent a ticket to the host. Thanks for confirming my suspicions and giving me a little extra ammo to convince them this was a mod_sec issue. I'll post back here when I get a definitive answer on it. Maybe will be useful for future troubleshooting.

 

If ever I can help you out with something, albeit probably not with PS - I'm thinking you have that covered better than anyone  ;) let me know.

 

And yes, it's the SDS blog. I guess I'd rather add a directive to .htaccess (probably easier I would assume as well)

 

Do you think this would work and not be too broad?

# with AJAX withCredentials=true (cookies sent, SSL allowed...)
SetEnvIfNoCase ORIGIN (.*) ORIGIN=$1
Header always set Access-Control-Allow-Methods "POST, GET, PUT, OPTIONS, PATCH, DELETE" 
Header always set Access-Control-Allow-Origin "%{ORIGIN}e"
Header always set Access-Control-Allow-Credentials "true"
Header always set Access-Control-Allow-Headers "X-Accept-Charset,X-Accept,Content-Type"
RewriteEngine On
RewriteCond %{REQUEST_METHOD} OPTIONS
RewriteRule ^(.*)$ $1 [R=200,L,E=HTTP_ORIGIN:%{HTTP:ORIGIN}]
Link to comment
Share on other sites

×
×
  • Create New...