Posts: 116
Threads: 38
Joined: Sep 2017
I use getsimple for most things (because it's great to work with), however I've had an alert from The 'National Cyber Security Centre' flagging a warning about possible 'Permissive Cross Origin Resource Sharing policy'.
Wanted to pick a few peoples brains.
I was initially thinking that because the secure flag was not seen to be set in google chrome's inspector that it wasn't set at all.
I've tried setting the $cookie_secure variable to true within cookie_function.php (located in admin/inc) but it doesn't work.
Any ideas?
Many thanks
Posts: 515
Threads: 21
Joined: Feb 2019
Give us more information:
First of all:
can you repeat this message popup ?
Second:
Where did this message popup
What windows were open during the message popup
http https ?
What browser are you using
Posts: 116
Threads: 38
Joined: Sep 2017
(2020-10-30, 00:41:11)Felix Wrote: Give us more information:
First of all:
can you repeat this message popup ?
Second:
Where did this message popup
What windows were open during the message popup
http https ?
What browser are you using
Hi Felix, the message isn't on screen it's generated online by an organisation who evaluate the website (which I can't disclose for security reasons) and then I read their notices. The website uses HTTPS
I noticed that the GS cookie
GS_ADMIN_USERNAME already has a setting of http_only but not secure
I need to add secure as I think it may resolve the issue and close the cors problem.
I looked in the configuration.php but changing the setting for $cookie_secure to TRUE, didn't work.
Code:
// cookie config
$cookie_name = lowercase($name_url_clean) .'_cookie_'. $ver_no_clean; // non-hashed name of cookie
$cookie_login = 'index.php'; // login redirect
$cookie_time = '10800'; // in seconds, 3 hours
$cookie_path = '/'; // cookie path
$cookie_domain = null; // cookie domain
$cookie_secure = null; // cookie secure only
$cookie_httponly = true; // cookie http only
Thanks
Posts: 515
Threads: 21
Joined: Feb 2019
What plugins are you using ?
Try to disable all your plugins, one by one,
and each time you disable a plugin,
check that message again
Posts: 515
Threads: 21
Joined: Feb 2019
Posts: 515
Threads: 21
Joined: Feb 2019
Did you develop your site locally and so might have any left over http urls that you forgot to change to https ?
Any MaxCDN on http ? If using Webfonts from Google, Typekit, etc. try to disable them and check again.
Posts: 116
Threads: 38
Joined: Sep 2017
(2020-10-30, 02:00:19)Felix Wrote: Did you develop your site locally and so might have any left over http urls that you forgot to change to https ?
Any MaxCDN on http ? If using Webfonts from Google, Typekit, etc. try to disable them and check again.
Will do. Thanks Felix
Much appreciated
Craig
Download
