Forum Replies Created

Viewing 15 replies - 61 through 75 (of 129 total)
  • Plugin Author yoav.aner

    (@yoavaner)

    Nope, ajaxize shouldn’t call admin-ajax.php. It only makes a call to the same page you’re on. You can take a look on my blog where it’s used, and you’ll notice there are no calls to admin-ajax.php

    Plugin Author yoav.aner

    (@yoavaner)

    I don’t see any connection between the expires headers and ajaxize, so there’s nothing to ‘turn off’. As far as I see it works just fine with W3TC with it turned both on or off.

    Plugin Author yoav.aner

    (@yoavaner)

    I have tested it with “Set expires header” and it works fine for me. Ajaxize fetches the data from the server without a problem.

    I still see lots of jQuery errors on your page, so I would still suspect the problem is with the way you configured your CDN or minify settings.

    Plugin Author yoav.aner

    (@yoavaner)

    Use the browser console (In chrome, press F12, and go to Console).

    Plugin Author yoav.aner

    (@yoavaner)

    I updated my comment above. Might be your Minify settings.

    Sorry, but this is not an Ajaxize problem per se.

    As I said, try to remove things and then add one by one, to at least know what breaks it. Then you can better troubleshoot. You can also ask around on W3TC forums etc.

    Good luck.

    Plugin Author yoav.aner

    (@yoavaner)

    I see quite a few jQuery errors on the console for your website. Perhaps something isn’t loaded properly with W3TC / your CDN. Looks like CDN related or check your W3TC Minify settings (especially javascript).

    My suggestion is to try to get wordpress working without caching/CDN first and then add each layer to check what it might break.

    Plugin Author yoav.aner

    (@yoavaner)

    I don’t think the browser caches js calls. One of the reasons using AJAX is to let the js code run even when the page is cached. I can’t help much without more specific info I’m afraid.

    Plugin Author yoav.aner

    (@yoavaner)

    It’s hard for me to tell without further info about your setup. I’m using it with W3TC without any issues. Not familiar with WooCommerce though.

    Can you send a link to the page/s that are affected? Are you using Apache or Nginx?

    Plugin Author yoav.aner

    (@yoavaner)

    you can probably write a function inside your functions.php file

    something like:

    function ajax_show_loop_thumbnails() {
    if ( get_option('cp_ad_images') == 'yes' ) return cp_ad_loop_thumbnail();
    }

    Then use

    ajax_show_loop_thumbnails

    as the function name to use with ajaxize.

    Thread Starter yoav.aner

    (@yoavaner)

    Thanks planetzuda,

    Sounds like you’re doing a great job. I’m trying to understand the *specifics* of the attack vector that you guys discovered. Is there any blog post or further detailed info about what you discovered?

    Cheers
    Yoav

    Plugin Author yoav.aner

    (@yoavaner)

    Hi Erlend,

    This is not possible, not directly anyway.

    What you described is a much more elaborate mechanism. If you know some javascript, you can probably do something similar however. Take a look at the FAQ for an example of a javascript snippet to refresh data.

    You should be able to write something similar that on click would fetch something using ajaxize.

    Cheers
    Yoav

    Forum: Plugins
    In reply to: [Ajaxize] Strange Bug
    Plugin Author yoav.aner

    (@yoavaner)

    Hey Ed,

    Yeah, I’m thinking of removing the nonce, since in 99.9% of the cases ajaxize is used to retrieve some data and does not make any changes (and since it does not allow passing a parameter, even when there’s a change, like a visit counter, it’s pretty safe). Since I can’t tell for sure what people are using it, I’m not 100% comfortable to simply remove it. Maybe make it a configurable option in the settings… Hope to get round to it sooner or later.

    As far as Varnish however – you should be able to set the cache lifetime to less than 24 hours. Anecdotally, whilst I don’t have much experience with Varnish, I did a little performance benchmark comparing it with other options. I found that whilst it was slightly better, it didn’t justify the complexity involved compared to simpler caching solutions for me. You might be interested reading this benchmark on my blog: how much (cache) is too much?

    Cheers
    Yoav

    Thread Starter yoav.aner

    (@yoavaner)

    Thanks Will,

    I didn’t notice the ‘Content’ checkbox. The problem however is that I do send both text and HTML email, so it might solve the plain-text email problem, but then introduce problem with my HTML emails…

    Being able to control whether an email goes via mandrill or wp_mail would be very nice. I’m not sure I fully understand the proposed change via the filter, but as long as there’s a way to do it, I’d be happy. Currently I monkey-patch your plugin to do so, pun intended 😉

    Cheers
    Yoav

    Forum: Plugins
    In reply to: [Ajaxize] Strange Bug
    Plugin Author yoav.aner

    (@yoavaner)

    Hi Ed,

    Good to hear. I might change this behaviour in future, but for now that’s the probably best workaround (and for most sites makes sense anyway… 24 hours is pretty long time for most use-cases to keep pages cached).

    If you’re still having issues, please let me know and I’ll do my best to help.

    Cheers
    Yoav

    Forum: Plugins
    In reply to: [Ajaxize] Strange Bug
    Plugin Author yoav.aner

    (@yoavaner)

    Hi Ed,

    Ajaxize returns -1 in the (rare) case where the nonce does not match. The nonce is there to protect against unauthorized requests normally. When caching is involved, if it caches the nonce, it might create a situation in which the nonce is expired and this might produce this result.

    I believe nonces are usually valid for 24 hours. After that they expire.

    A workaround is to make sure the cache is refreshed at least every 24 hours. So for every page which include ajaxize, you should try to set the cache time to less than 24 hours.

    I might consider changing the plugin in future to (optionally) remove the nonce check, but not sure when I’ll get round to it. Hope the workaround I suggested helps somehow though.

    Cheers
    Yoav

Viewing 15 replies - 61 through 75 (of 129 total)