⚠️ Urgent! Active Attacks on MODX Revolution Sites Below Revolution 2.6.5
Subscribe: RSS
  • Hello, my site move seems almost done, except for this error. It may be a paths issue, I am not sure. I checked in the likely areas, but didn't notice anything wrong. But, I don't have a keen eye for that. I've had a number of problems already.

    Its possible more is wrong, but everything else is running nicely. I have forced https and this solved a problem when the style wasn't loading.

    So here is the full error from my browser, the problem may be that the requesting site is listed as http only? therefore the (https) data won't transfer? Or paths, somewhere.

    Failed to load https://domain.com/connectors/index.php: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. **Origin 'http://domain.com'** is therefore not allowed access. The response had HTTP status code 401.


    2/connectors/index.php:1 OPTIONS https://domain.com/connectors/index.php 401 (Not Authorized)

    So it seems to me, either the problem is the lack of authentication info, or the origin of the request is unsecured, and therefore the data is not allowed to be transferred?

    Thanks in advance!!

    This question has been answered by BobRay. See the first response.

    • Modx comes up with an error as well:

      Code: 0 communication failure
      undefined
      • Now, after a little tinkering with the htaccess file, its a little better but I can't edit templates for some reason, but resources are ok. Still with the 401 errors

        I am thinking now this is a server-side issue, they are using http://domain.com as base_url

        Hopefully they can fix it, I haven't been too happy recently with this hoster.

        I have found that although I force https in my htaccess file (in public_html), I can open the manager url with no https. If i use https the manager is...better, but still no save of templates, can't do much of anything now [ed. note: nuan88 last edited this post 5 months, 2 weeks ago.]
          • Get my Book: MODX:The Official Guide
            MODX info for everyone: http://bobsguides.com/MODx.html
            My MODX Extras
            Bob's Guides is now hosted at A2 MODX Hosting
          • I think your solution to disable mod_security on the manager only sounds like a compromise, you say it isn't really needed? [ed. note: nuan88 last edited this post 5 months, 2 weeks ago.]
            • discuss.answer
              mod_security mainly prevents data with suspicious content from being saved to the database, and suspicious content often includes things like script tags and PHP code, which would cripple MODX. It also chokes on whatever the host considers suspicious words and phrases. At one host, you couldn't save anything containing the word 'casino' so it can be pretty arbitrary. It's almost impossible to save malicious code in the Manager by accident, so unless your Manager users intend to hack your site, I don't consider it necessary.

              If a malicious user gains access to the MODX Manager, they can cause tremendous damage even with mod_security active, so it's really no help there either.
                Get my Book: MODX:The Official Guide
                MODX info for everyone: http://bobsguides.com/MODx.html
                My MODX Extras
                Bob's Guides is now hosted at A2 MODX Hosting
              • Ok my situation is narrowed down nicely, it is limited to editing templates only, and the length of the template doesn't matter. Every other function works well, it seems, but I cant edit templates. We've forced https on everything.

                So we are drilling down from here, will report back, fix is on the way.

                Thanks for the feedback BobRay, I knew it was paths or hoster but can't distinguish between them! My hoster is learning at least, and I have too as I mentioned.

                Good point on the security, yes it seems acceptable if that's what can work. There are a very limited number of managers and mod_security doesn't protect against them anyway.

                I think almost definitely these keywords are the issue, I don't know how fine grain the hoster can be about it, and at this point I just want a solution.

                I have MIGX up and running for the first time, with considerable amounts of text in front-end descriptions, all effectively on one page. So this may be a useful thread later for other MIGX users, if any were to run into this sort of problem. But, in our discussions that seems not important, the issue is the amount and trigger keywords of text. MIGX itself doesn't seem to play a role as far as I can tell. So...

                I believe I can say that the problem first came up as I was building up that text, it was a slow process and the problem popped up somewhere in the middle of it. [ed. note: nuan88 last edited this post 5 months, 2 weeks ago.]