Abigailm
Forum Replies Created
-
Forum: Plugins
In reply to: [Cloudflare] 3.0.6 Mixed ContentThanks, John.
I have hand-edited the files on the sites with the mixed content to correct the mixed content error, so I can’t submit a ticket on those. However, I have started with the smallest site, and if I find the problem recurring on another site. I currently have about ten wordpress-based sites on Cloudflare, and am trying to move gradually toward forcing https (as appropriate on a per-site basis)
But given the issues I observed, I am taking a gradual approach.
Forum: Plugins
In reply to: [Cloudflare] 3.0.6 Mixed Content@pjv — I apologize — when I saw your post, I was under the mistaken impression that you were with Cloudflare, as I posted here in hopes that they would provide support.
While I understand your explanation, it does not resolve the problem that the current plugin simply doesn’t work for the intended purpose– so it is either a coding problem (bug) that the Cloudflare developers should know about, or else perhaps there is something that they can advise me to do to resolve the issue.
As it is, I cannot really deploy the upgraded plugin on most of the sites I manage until this is resolved. I am also not comfortable simply leaving the older plugin in place long term, given that it is no longer being actively supported, and therefore over time could end up with security vulnerabilities that would not be addressed.
Forum: Plugins
In reply to: [Cloudflare] 3.0.6 Mixed ContentThanks for the response… but I have to admit that I don’t understand the blog post. And nothing in that comes close to explaining what my problem could be
I understand the concept –that the plugin is doing some sort of check to before rewriting a URL to make sure that secure content can actually be served.
But here is my problem and my question.
Let’s say I have the web site mydomain.com on cloudflare, and I have a cloudflare certificate set up properly, so https://mydomain.com is valid.
There is a page on my web site- let’s call it the “about us” page — and say that it has 2 images:
http://mydomain.com/image/first.png
and
http://mydomain.com/image/second.png
The problem I am seeing is that the cloudflare plugin will rewrite the http://mydomain.com/image/first.png to https://mydomain.com/image/first.png — but won’t do the same rewrite with http://mydomain.com/image/second.png — same domain, just a different image.
(and possibly a different path — because although I have simplified the example, in reality the image paths look something like this:
http://mydomain.com/wp/wp-content/uploads/2015/4/mypicture.png
Given that the plugin “knows” that https://mydomain.com is valid (obviously, given that it is the cloudflare domain) —
Why doesn’t it recognize ALL files on that domain as being loadable over https?
Your blog post seems to be mostly dealing with the problem of content from outside domains. I get that – but that’s not the problem I am seeing.
So please explain this to me:
Cloudflare has to “KNOW” that mydomain.com can be loaded over https –after all, cloudflare is setup as a DNS proxy for mydomain.com and Cloudflare is caching the images. And clearly it “KNOWS” that most of the images hosted at mydomain.com can be loaded over https — so why can’t it figure out that ALL of the images hosted at mydomain.com are equal?
Again — we are not talking about a random image pulled in from someotherdomain.com — we are talking about assets that are hosted on same domain.
Forum: Plugins
In reply to: [Cloudflare] 3.0.6 Mixed ContentBut that doesn’t explain the problems I described, because the content is images uploaded to wordpress on the same site. (generally with a path that looks like this: http://…../wp-content/uploads/….)
Obviously those images can definitely be loaded over https given that they are on the same site, and I can solve the mixed content issue by manually editing the image source on the pages and posts.
So the question remains: why is the https protocol rewriting selectively identifying some images and not others on the same site?
Forum: Plugins
In reply to: [Cloudflare] 3.0.6 Mixed ContentI am seeing the same mixed content issue on multiple sites. I have set Cloudflare to Strict SSL am implementing slowly to verify that all mixed content issues are cleared before setting site to force SSL in all cases.
The https rewrite was working in the early 1.3.x version of the Cloudflare plugin, and also (I think) with version 3.0.5
When I upgraded on site #1, the mixed content problem was with home page images embedded via site customization.
On site #2, I am finding issues with wordpress media images embedded within the page.
I can manually fix errors as needed, but obviously the rewrite protocol is failing to recognize and convert all local URL’s as needed.
I am looking at page now that has 3 images, and the URL was written for one, but not the others. I have no clue why.
Forum: Plugins
In reply to: [Cloudflare] Problem with 3.0.6 upgradeResolved now after re-clearing all caches (Cloudflare, server, browser)
Forum: Plugins
In reply to: [Cloudflare] Problem with 3.0.6 upgradeI was able to install the 3.0.6 without a problem on a new site without a problem – so I tried deleting the plugin and reinstalling on the site reported in this topic.
Unfortunately that did not solve the problem — so I am guessing that there are entries to the database from the previous version that are not being overwritten with the upgrade. In any case, for now it the problems continue.
Forum: Plugins
In reply to: [Cloudflare] Problem with 3.0.6 upgradeAlso there’s a display problem on analytics page – the graphs show with this text at the top:
container.analyticsPage.tabs.requests.title container.analyticsPage.tabs.requests.total 18122 container.analyticsPage.tabs.requests.cached 5185 container.analyticsPage.tabs.requests.uncachedcontainer.analyticsPage.tabs.bandwidth.title container.analyticsPage.tabs.bandwidth.total 225.8 MB container.analyticsPage.tabs.bandwidth.cached 70.7 MB container.analyticsPage.tabs.bandwidth.uncachedcontainer.analyticsPage.tabs.uniques.title container.analyticsPage.tabs.uniques.total 986 container.analyticsPage.tabs.uniques.maximum 231 container.analyticsPage.tabs.uniques.minimumcontainer.analyticsPage.tabs.threats.title container.analyticsPage.tabs.threats.total 0 container.analyticsPage.tabs.threats.country UA container.analyticsPage.tabs.threats.typeThe problem I reported was resolved for me with the 5.0.14 upgrade. I am now running 5.0.20 on four sites, each with a different theme, with no problems. See changelog here: https://wordpress.org/plugins/google-language-translator/changelog/
5.0.14 – Fixed a file naming error in google-language-translator.php. This caused flags not to display – we apologize for the inconvenience.
However, if you are still having difficulties, you can download earlier versions from the developers page here:
https://wordpress.org/plugins/google-language-translator/developers/
Forum: Plugins
In reply to: [Cloudflare] Question: Why the changed features in 3.)Thank you.
From the code, it looks like it might also miss clearing the cache on changes to a child theme when the parent theme is updated. (I use child themes on all my sites, so that would be important for me to know)
Forum: Plugins
In reply to: [Cloudflare] v3 is inherently insecureJust curious — do you think the same security concern applies to the v.1.3.x plugin?
Forum: Plugins
In reply to: [Cloudflare] Domain not populating on one siteI administer each site from the wp-login on the same domain.
I don’t know how to display the server_name variable to verify, but I can’t think of any reason why there would be a different.
I would note that this domain has a very similar name to a different Cloudflare domain I manage.
Essentially:
I have a Pro Cloudflare account for mydomain.com that also has several subdomains pointing to different sites (www.mydomain.com, blog.mydomain.com, shop.mydomain.com). I have not installed the Cloudflare upgrade to that account and do not plan to.
The domain giving me the problem has a title like: othermydomain.com
It is managed as a separate Cloudflare domain on the free plan.
All these domains are housed on a single server with the same shared IP.
It is a separate domain — but it shares the same ending “mydomain.com” string. So I don’t know if that could be a source of the problem or not. I assume that the plugin must have some code that searches for the correct account and domain name, and I know that a simple error in the regex could create a problem there. (I certainly have made my share of search-and-replace errors by coding an overly broad regex)
Forum: Plugins
In reply to: [Cloudflare] Upgrade to 3.0 prevents site editingThank you, but I have decided not to upgrade the Cloudflare plugin on the sites that were causing that problem because of the loss of the https protocol rewrite feature and the development mode toggle, so I won’t be testing further for now.
Forum: Plugins
In reply to: [Cloudflare] Question: Why the changed features in 3.)John, thank you for your detailed answer.
Because I want to have items #3 and #4 on my list (development toggle & https protocol rewrite) I will stick with the older version for now.
Given that there seems to be very little overlap in version 1.3 and 3.0 capabilities – have you given any thought to maintaining them both as separate plugins? I don’t really want the features in 3.0 because the “Apply Default Settings” option makes it too easy to undo settings tweaks that I made after hours of testing with different sites & themes. (Some of Cloudflare features like Rocket Loader work beautifully with some site but wreak havoc on others).
At least for me that creates a much higher potential for causing problems than accidentally leaving the development mode toggled to on. So I’m wondering if Cloudflare might repurpose/redesignate the 1.3 functions as a separate plugin, perhaps with a different name (such as a “Basic” and “Enhanced” plugin, or something along those lines).
If the two plugins would be incompatible they could be set up to detect the presence of the other and throw off some sort of notice to prevent activation of both at the same time.
I appreciate your providing the code to enable the development mode toggle, but if I modify code in a plugin that would get overridden in any update — and obviously you are still in the process of working out tweaks and possible bugs in version 3. I would suggest that you consider restoring development mode but adding a function that creates a prominent alert that displays on the dashboard: “Cloudflare Development Mode is ON” — there are several maintenance-mode plugins that have that sort of function, so I know it can be done.
Forum: Plugins
In reply to: [Cloudflare] Question: Why the changed features in 3.)Phil, on some of my sites I don’t want to force https right now. I’m taking a go slow approach with converting, in part because I am using the cloudflare SNI based Universal SSL on those sites, and there are potential compatibility issues with older browsers. See: https://support.cloudflare.com/hc/en-us/articles/204144518-SSL-FAQ.
So I am taking a more gradual approach and definitely need the https protocol rewriting for now. Maybe down the line I will be able to abandon it, but for now it is a feature that I want to have.
