mstarnes
Forum Replies Created
-
These suggestions from https://givewp.com/documentation/core/frequent-troubleshooting-issues/understanding-troubleshooting-user-access/ did not help:
Native PHP Sessions
define( ‘GIVE_USE_PHP_SESSIONS’ , false);__stripe_mid and _stripe_sid have SameSite set to Lax and neither are Secure.
That was in Safari on Mac.
In Chrome on Windows, just before we get the 403, we see “VM75:1 Uncaught DOMException: Blocked a frame with origin “https://js.stripe.com” from accessing a cross-origin frame. at <anonymous>:1:16″
Chrome Issues explains:
Indicate whether to send a cookie in a cross-site request by specifying its SameSite attribute
Because a cookie’s SameSite attribute was not set or is invalid, it defaults to SameSite=Lax, which prevents the cookie from being sent in a cross-site request. This behavior protects user data from accidentally leaking to third parties and cross-site request forgery.
Resolve this issue by updating the attributes of the cookie:
Specify SameSite=None and Secure if the cookie should be sent in cross-site requests. This enables third-party use.
Specify SameSite=Strict or SameSite=Lax if the cookie should not be sent in cross-site requestsSeems proximate cause is a failure to get Stripe information in this call due to the hash/nonce ‘unsafe-line’ does not appear in the script-src directive of the Content Security Policy:
js.stripe.com/v3/m-outer-….html with parms:
url=…/donation-history?donation_id=8650Error: Refused to execute a script because its hash, its nonce, or ‘unsafe-inline’ does not appear in the script-src directive of the Content Security Policy.
>>> Sounds like GiveWP.com needs to update the Stripe plugin. <<<
What do you say, GiveWP?
BTW, I have disabled caching on the server. There was no caching plugins so I installed WP Super Cache and excluded the donation-confirmation and donation-history pages successfully.
- This reply was modified 5 years, 8 months ago by mstarnes. Reason: Added comments to rule out caching as a cause
In the console, I see a 403 Forbidden on admin-ajax.php:
wp-admin/admin-ajax.php
Error in the console: Failed to load resource: the server responded with a status of 403 (Forbidden)
Forum: Plugins
In reply to: [MailPoet Newsletters (Previous)] Show more or read more linkHTTPS is enforced on our site. All the links in the email are HTTPS except the Read More link. This is causing Eudora to raise a warning. Can you make the Read More link https when the site enforces it?
I noticed this problem still exists in the newly released version 1.0.