Recent Posts

Pages: [1] 2 3 ... 10
1
I bet it's caused by some Javascript.

Did you check scripts being active at the very time?
2
Your Live Sites / Re: Online bookstore
« Last post by artonweb on Today at 07:06:21 »
Thank you for your review.
I will fix it soon ;)
3
Your Live Sites / Re: Online bookstore
« Last post by jjk on Yesterday at 22:27:06 »
Well done. The only small error I can see is:
GEThttps://kyklosbookstore.gr/templates/horme_3/js/custom.js
[HTTP/2 404 Not Found 74ms]
5
or pass $this->keyword to your sublayout

echo shopFunctionsF::renderVmSubLayout($this->productsLayout,array('products'=>$products,'currency'=>$this->currency,'products_per_row'=>$this->perRow,'showRating'=>$this->showRating,'keyword'=>$this->keyword));


and at the other end

$keyword = $viewData['keyword'];

might work
6
Ok, jenkinhill

So I will do another bunch of tests to figure out where's the hiccup.

Thanks anyway  ;)
7
I am on testing/development version VM 3.8.7 10378  and find that subcats with spaces in their name work OK as a product filter.

Now found a VirtueMart 3.8.6 10373 site and checked - sub-categories work OK here, using the drop-down category selector.

I see there is a language string issue with the selector, the text on 3.8.6 10373 is "Unselect any product category" whereas on 3.8.7 10378 it is the correct "Select product category".

Not much help to you, though.
8
You know CSP is another security layer.
CSP is a good point to protect distant script, because if DNS poisoning occur or MITM at the source of your file (any distant libraries for example) it could replace the script loaded on your site.
It's always better to reach maximum security but if your inline script get hacked it would mean that your entire site or whole server is compromised.

And put inline scripts into a file, well I don't know, it's at the dev's discretion. But for some, if they are inline that's in most case for a good reason.

regards
9
Sorry at this time of wtiting, github is down.

Anyway, I suppose this plugin just help to put some csp code in the header.
But this is not the only thing to do, you must provide the hash of the file and put it next to the file that should be included in your code.

Just look here for reference : https://content-security-policy.com/hash/
Here for hash of your files : https://zinoui.com/tools/csp-hash
You can also try some "assistant" to help to implement, just this one for example: https://addons.mozilla.org/fr/firefox/addon/csp-generator/

I understand, but I presume this would go automatically.

But after doing some more extensive research I think removing all the inline scripts is the best thing to do here. Is that even a possibility? Certain inline scripts can easily be moved to a javascript file. Is this something the Virtuemart team is considering?

I now have a working CSP header myself, only the inline scripts are now a problem. I can use the unsafe-inline but that defeats the purpose of the CSP. I want to clean it all up.
10
Gentlemen developers, any news about this? apparently it is a bug, because I have also done tests on localhost and it has the same problem.

Regards
Pages: [1] 2 3 ... 10