@jaasalmeida Thank you for submitting this topic. Could you share your WordPress site settings under Settings > General from the WordPress Dashboard? We can check if there are conflicting settings between the WordPress Address (URL) and the Site Address (URL)? If you wish to share this privately you can use this form.
Hi @luckynasan,
I’ve just checked the Setting and the WordPress Address (URL) and the Site Address (URL) is exactly the same: https://blog.mysite.com.br
Can it be related to the fact that we are using a subdomain?
@jaasalmeida
Can it be related to the fact that we are using a subdomain?
The console error you received when saving the draft may indicate this is an issue with the REST API instead of with the subdomain.
/wp-json/web-stories/v1/web-story/3698?_locale=user:1 Failed to load resource: the server responded with a status of 403 ()
api-fetch.min.js?ver=8773a93ea0d1278a2eaa147fdb6eb96d:2 POST https://blog.mysite.com.br/wp-json/web-stories/v1/web-story/3698?_locale=user 403
It would be helpful if you can navigate to the Site Health section under the “Status” tab, and let us know if the REST API is available?
Sharing your Site Health info privately here will help us investigate this further. Thanks!
First of all, the script you used is blocked by cloudflare XSS, HTML Injection security, their firewall rule 100173. However, even if I disable it, I still get another error even when going to your dashboard. There is nothing else in the console.
Unable to Load Stories
The response is not a valid JSON response.
But we use json and api for other services which work. I can see in the console that you try to load ALL??? users? We have over 2k users. You should be probably loading only those with rights to write posts.
Anyway, right now it’s not working at all.
@keengamer Thanks for your topic! While we are still in the early stages of the plugin your insight is valuable to us. However, per forum guidelines, we’ll need to address your issue in a separate support topic. If you can post a new support topic with all the relevant information related to your issue that would be great.
I can but the problem is still the same as the OP.
Hi @luckynasan,
I managed to sort it out by allowing the CloudFlare managed rule protection “XSS, HTML Injection – Script Tag”. The problem is that we end up being exposed while allowing to bypass this rule. Any chance that you can improve the plugin allowing us to be protected against this kind of injection?
Best!
@jaasalmeida Thank you for sharing those details. We’re still looking into this and will follow up with any updates.
Hi @jaasalmeida
In the new version 1.1.0 of the plugin we’ve included an experimental solution for this issue that allows you to keep using the plugin while still being fully protected by Cloudflare.
Because it’s still experimental, it takes a couple of steps to enable this:
1. Add define( 'WEBSTORIES_DEV_MODE', true ); to your **wp-config.php** file
(somewhere before the /* That's all, stop editing! Happy publishing. */) line)
2. In your WordPress admin, go to **Stories** -> **Experiments**
3. Toggle the **WAF Compatibility** checkbox and save the changes.
4. Create a new story!
Could you try this and let us know if this works for you?
Meanwhile, we’re working hard on stabilizing this feature in time for our 1.2.0 release so you don’t have to do these steps anymore.
@jaasalmeida Hello! We’ve recently released version 1.2.0 of Web Stories which includes the work to stabilize WAF compatibility. Could you please update to the latest version and let us know if there are any issues?
Thanks!
@jaasalmeida Closing this topic as resolved since we haven’t received a response. Please feel free to open a new support topic if you continue to experience any issues. Thank you!
