Since a few weeks I’ve been noticing an issue when saving new or editing posts and stuff in CP.
I’m not sure what’s going wrong, or what causes it. But it seems to have something to do with Cookie (or their policies) or CORS. I don’t really understand the problem yet and my hosting provider is a twat in explaining anything blaming everything but themselves - Not very helpful in even understanding what’s going wrong…
Expected behavior
When I click ‘Save as Draft’ or ‘Publish’ that the posts savespublishes
Current behavior
It starts loading/saving, stalls and eventually times out on a white screen.
If you look in console it gives a non descript error:
XMLHTTPRequest cannot load URL_HERE due to access control checks
As described, save a page/post/product (in CC) and eventually it starts stalling and giving that error.
Sometimes this happens after a few times saving (say 3-5) other times after 15+ times.
Akin to a stupid firewall blocking repeated requests. Though I’m assured it’s not a firewall.
I’ve tried and seen the issue in Safari 15.x and Firefox 102 (macOS).
–
I have several sites on CP and most work fine.
So far I’ve only noticed this only on ONE of the sites, but that’s also the one I edit and post on the most currently, so perhaps all of them have it but I don’t do enough to it to cause the issue.
It’s super frustrating though.
Anyone else has this problem? What do I do about it? Where is the issue? CP? Server? Browser?
This shouldn’t be an issue in ClassicPress. Especially if nothing has changed when this issue showed up. Sometimes a change to server configuration can cause unintended consequences.
Let’s try enabling CORS and see if that helps. Add the following to the top of your .htaccess file:
I haven’t seen this before. But are you sure that everything on your site is set to https (and not http) and also that you are consistent about whether you have a www. or not at the beginning of your website URL?
You should have your host remove what they did, because that’s opening a security issue. What they could try instead is replacing it with this: Access-Control-Allow-Headers: Origin
Yes, I use the force https thing in wp-config.php and also have a forced redirect in .htaccess that works pretty good.
So that’s not the issue.
I’m not sure if it’s a new thing or that it always was happening but i just didn’t notice it before.
I rent this VPS and have done so for 2 years now. Several sites on it. And all seems well - Except for this issue.
Can you test the default .htaccess configuration, please? If the issue persists with default htaccess, we will at least eliminate any custom rules added to htaccess. So we can focus on other areas to troubleshoot.
The easiest way to do this. Rename current .htaccess file to htaccess.txt. Then create a new .htaccess and add the following:
Then added your suggested line from before above it.
Both failed on the first save attempt.
Keep in mind that all that .htaccess stuff worked fine for months. I use a almost identical version of it on another site and don’t see this issue there (yet/or at all).
In my ticket to the hosting company I at first suspected the firewall - As that’s a thing they messed with a few months ago. Partly because it works on my other site (on a different vps) but also because both sites aside from a bunch of plugins are set up the same, same htaccess, same php/modules/whatever as far as i can control that.
I’m not sure how to test admin-ajax.php in the front-end I’m not overly familiar with it - I don’t think my site/theme does much admin-ajax-y there.
There are a few references to it in the source, for adding things to the shopping cart for example (Classic commerce), but that works fine as far as I can tell.
Check it out - The site is fairly straightforward without much gimmicks really: https://mototravel.net
I don’t know - I guess that’s what I’m asking you guys.
If I google the error I find all kinds of stuff for iOS apps and http/post requests, but nothing useful that applies to WordPress/ClassicPress and some talk about ‘symfony’ being outdated. Whatever that means.
If you have cPanel access, you should be able to turn off ModSecurity in order to try your update again. If it works with ModSec off, you should first turn it back on, then contact your webhost to see if they can tweak it so you can still have ModSec protection while also being able to save edits.
In any case, this seems to me to be a hosting environment issue, rather than a CP issue.
Found it, disabled it for all domains, waited a few seconds and tried to save my post a few times.
Still not working.
Can it be a firewall thing? And if so, how do I check that?
As far as I know, aside from regular updates to cPanel, that’s the only thing that got messed with in the past 6 months.
If it was ModSec issue, it would have made an immediate difference.
Could be a firewall issue; it definitely has to do with security.
Sorry I don’t have the expertise to be more helpful.