Cart and BlockTopMenu Problems only on product pages

[Whispar1]

Hello,

 

Yesterday, host made some security exception changes and now my product pages are messed up.

See example here of menu and shopping cart: http://www.whispardesign.com/pendant-lighting/587-yorkville-lantern

 

They are saying the changes would not affect this but I am not so sure - any thoughts on this at all?

Thanks for any help.

 

 

[Dh42]

What happens when you turn css off and clear the cache and recompile?

[Whispar1]

You're a genius Lesley

I also disabled apache mod_sec as well - not sure if that part mattered. So does this mean I can't use ccc for css? 

[Dh42]

Actually my thoughts are it is a mod_sec issue. I am thinking that when PrestaShop combines the css there is an expression in there that is against the current mod_sec rule set so it redflags and maybe strips it. When it strips the expression it effectively breaks the css from that point. Your only real options are to ask your host to whitelist what ever is breaking it, or trying and seeing if the disable mod sec from the backend fixes it. Some hosts won't allow mod_sec to be disabled from the htaccess. 

[Whispar1]

Good points.

I had this conversation with them before and they echo'd your thoughts on whether or not disabling mod_sec in the BO would actually work or not. I guess I'll leave ccc off until this is addressed. It's a shame bc with it on at least my gt scores were in the green

 

Funny thing, the only reason they added the mod_sec rules was bc I recently moved to a different server within the hosting company when I rebuilt my 1.5 built to 1.6 and I was having issues with my blog in that the submit button does not work (nobody can post a comment) The mod_sec did nothing for it and messed up my pages instead - always a battle.

 

Anyway - thanks for the insight - very much appreciated.

[Dh42]

If you are using the popular free blog, I think it is by smart data soft, the issue is the cross domain request that it does when it posts. There are basically two options for that as well, make it post a http page, or add a line that I cannot remember into the htaccess that allows for the cross origin. 

 

If you are on a vps and have whm access, you can see where it is picking up the mod_sec error. More than likely it is a legacy css expression that can be removed. If not, ask them which file is setting it off and if they can allow the file in the whitelist for the mod_sec rules. Then you should be able to use ccc again.

[Whispar1]

I sent a ticket to the host. Thanks for confirming my suspicions and giving me a little extra ammo to convince them this was a mod_sec issue. I'll post back here when I get a definitive answer on it. Maybe will be useful for future troubleshooting.

 

If ever I can help you out with something, albeit probably not with PS - I'm thinking you have that covered better than anyone   let me know.

 

And yes, it's the SDS blog. I guess I'd rather add a directive to .htaccess (probably easier I would assume as well)

 

Do you think this would work and not be too broad?

# with AJAX withCredentials=true (cookies sent, SSL allowed...)
SetEnvIfNoCase ORIGIN (.*) ORIGIN=$1
Header always set Access-Control-Allow-Methods "POST, GET, PUT, OPTIONS, PATCH, DELETE" 
Header always set Access-Control-Allow-Origin "%{ORIGIN}e"
Header always set Access-Control-Allow-Credentials "true"
Header always set Access-Control-Allow-Headers "X-Accept-Charset,X-Accept,Content-Type"
RewriteEngine On
RewriteCond %{REQUEST_METHOD} OPTIONS
RewriteRule ^(.*)$ $1 [R=200,L,E=HTTP_ORIGIN:%{HTTP:ORIGIN}]

[Dh42]

That should work.

[Whispar1]

Thank you sir. It posts (sorta) but now captcha is broken

But I'm getting off topic from original post - but thank you again for the info.

Edited October 11, 2014 by Whispar1 (see edit history)