jwineman
Forum Replies Created
-
Forum: Plugins
In reply to: [Cloudflare] No settings page in 3.0.4Hi guys,
The root cause of this bug is fixed here. We’ll be releasing 3.0.5 later today and this will be the only change in this release.
Thanks,
JohnForum: Plugins
In reply to: [Cloudflare] Can’t login with my email and API numberHey,
Just to clarify – you don’t need to run composer on your server for our plugin to work. Running
composer installorcomposer updatewill generate a vendor/ folder which we keep under source control so you don’t have to run those commands.If you’re not seeing errors in the PHP error log then I don’t think the dependencies are the root cause of this error. The exception would be is if your WordPress file structure is non-standard causing
require_once 'vendor/autoload.php';to fail.Forum: Plugins
In reply to: [Cloudflare] Apply button: CSRF Token not valid.Forum: Plugins
In reply to: [Cloudflare] Can’t login with my email and API numberAre there any errors in the PHP error log?
Forum: Plugins
In reply to: [Cloudflare] Can’t login with my email and API numberAnd to confirm again – this issue DOESN’T occur in 3.0.2 correct?
Forum: Plugins
In reply to: [Cloudflare] Announcement about Protocol RewriteHi Guys,
Sorry for the confusion – what you’re describing is how protocol rewrite works now. Let me clarify:
In version 1.x we had code IN the plugin that rewrote https:// and http:// to //.
In version 3.x of the plugin we allow you to toggle the Automatic HTTPS Rewrites setting on CloudFlare.com. This setting will only rewrite http urls we know can be loaded over https.
Finally, we settled upon doing something smart: upgrade a URI from http:// to https:// if we know that the resource can be served using HTTPS. To figure out which links are upgradable we turned to the EFF’s excellent HTTPS Everywhere extension and Google Chrome HSTS preload list to augment our knowledge of CloudFlare sites that have SSL enabled.
We are very grateful that the EFF graciously accepted to help us with this project.
The HTTPS Everywhere ruleset goes far beyond just switching http:// to https://: it contains rules (and exclusions) that allow it (and us) to target very specific URIs.
We continued calling the feature “Protocol Rewrite” in our WordPress plugin to try to avoid confusion with our less technical users but we actually no longer rewrite to relative URLs.
Thanks,
JohnForum: Plugins
In reply to: [Cloudflare] Invalid CSRF Token on 3.0.1Hi Guys,
Just wanted to update you – I’ve contacted @infinitewp on twitter to see if they’ll push a fix. With infinitewp specifically the problem code is line 97.
global $HTTP_RAW_POST_DATA, $iwp_mmb_activities_log; $HTTP_RAW_POST_DATA_LOCAL = NULL; $HTTP_RAW_POST_DATA_LOCAL = file_get_contents('php://input'); if(empty($HTTP_RAW_POST_DATA_LOCAL)){ if (isset($HTTP_RAW_POST_DATA)) { $HTTP_RAW_POST_DATA_LOCAL = $HTTP_RAW_POST_DATA; } }To ensure php://input can be read more than once an approach like this can be used:
$stream = fopen('php://temp', 'w+'); stream_copy_to_stream(fopen('php://input', 'r'), $stream); rewind($stream); echo("first: ". stream_get_contents($stream) . "\n"); echo("second: ". file_get_contents('php://input') . "\n");Forum: Plugins
In reply to: [Cloudflare] Issue with last CloudFlare 3.X plug in and mixed contentHi,
We plan on reintroducing protocol rewrite into the plugin in the next update to the pluign.
In the mean time you can go CloudFlare.com > Login > Crypto > Toggle Automatic HTTPS Rewrites “on”
Thanks,
JohnForum: Plugins
In reply to: [Cloudflare] Please select a domain that is provisioned with CloudFlare.Are there any errors in the php error log? What about in the browsers development console?
Forum: Plugins
In reply to: [Cloudflare] Invalid CSRF Token on 3.0.1I’m more than willing to work with them to come up with a fix. I believe @furkan811 has already reached out as well.
Forum: Plugins
In reply to: [Cloudflare] WHY 3.0 update has removed “toggle Development Mode On/Off” ??If we exposed a global in wp-config.php that let you toggle development mode would that solve your use case?
Forum: Plugins
In reply to: [Cloudflare] Invalid CSRF Token on 3.0.1Hey Guys,
So yeah @furkan811 figured out the root cause to this yesterday. Here is what happens:
For non GET requests we get the body of the request like this:
$body = file_get_contents('php://input');Unfortunately
php://inputcan only be read once, so if another plugin reads it before us then our request body won’t exist when our code goes to look for it. The requests with CSRF tokens are sent from our plugin and intended to be consumed by our plugin so any 3rd party WordPress plugins that modify these requests will have to be updated to limit the scope of requests they modify or put the input stream back after they use it. There is nothing we can do to fix this issue.Thanks,
JohnForum: Plugins
In reply to: [Cloudflare] blank settings page. 3.0.3Hi Guys,
Can you please give me some more information about your system?
Does the “active zone” in the top left hand corner show your WordPress domain?
Are there any errors in the browser console?
Are there any errors in the PHP error log?Thanks,
JohnForum: Plugins
In reply to: [Cloudflare] Please select a domain that is provisioned with CloudFlare.Hi,
Just to confirm – the domain showing up as the “active domain” is the CloudFlare domain you’ve provisioned right? Is it a sub domain?
Thanks,
JohnHi @dmchale,
Thanks! Just as an FYI we’re adding functionality to 3.0.4 so that it fails gracefully if you’re running too low of a PHP version.
Thanks,
John