Topic Resolution: Resolved
  • Closed
  • Digicon
    Spectator
    May 9, 2019 at 7:45 pm #43545

    Hello, just as title say – Customizer not showing previews on live site and can’t be loaded on staging one

    After updating from free Evolve theme 4.0.2 to Evolve plus 2.9.6 live customizer stopped working properly. It does not show clickable buttons used to edit element and also does not show live preview change after changing at least some options (for example disabling search does not initiate live preview update, changing the header style also does not initiate preview to show new choice). However, choosing some other color style of the site it does load preview and shows site in update colors. Switching back to 4.0.2 version customizer works correctly.

    Another issue is that customizer does not load on staging site (cloned original, developing version).

    Running WP 5.1.1, theme Evolve plus 2.9.6
    screenshots : https://imgur.com/a/esRaFQl

    Roman
    Participant
    Posts: 3147
    May 10, 2019 at 9:11 am #43547

    Hi Digicon, can you please provide WP login to the website in Private reply? I will have a look. Thanks

    Digicon
    Spectator
    Posts: 31
    May 10, 2019 at 10:44 am #43550
    This reply has been set as private.
    Roman
    Participant
    Posts: 3147
    May 11, 2019 at 11:28 am #43554
    This reply has been set as private.
    Digicon
    Spectator
    Posts: 31
    May 11, 2019 at 12:44 pm #43555
    This reply has been set as private.
    Roman
    Participant
    Posts: 3147
    May 12, 2019 at 10:38 am #43557

    Checked the website. In the console I see 403 error http://prntscr.com/nnh1qb which makes the issue in the customizer. First I would recommend to disable plugins – one by one to see if there is no conflict. Then can continue to test it.

    Digicon
    Spectator
    Posts: 31
    May 12, 2019 at 2:43 pm #43559

    Disabling plugins did not correct things. Furthermore I have used console trying to discover the issue (by the way, for the first time doing this as most of the scripting/coding things are like Chinese to me). As mentioned above changing color style preview work and what’s even more strange is that it also activates preview for the elements which I did change previously but it did not activated preview. As a result when preview was loaded I have different color style plus I now see removed search box and also see edit buttons of each element that can be edited. Console showed me some interesting data (screenshot link at the bottom of the message).

    I have done googling a bit about the marked lines and come to some explanation. I believe issue is in there but I don’t have any idea how or where or what to do/edit in order to make any change /fix the issue. I believe that you are far more familiar with the content.

    https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
    https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors

    Also, I have noticed that first thing you have tried was disabling security plugin which could block some requests, scripts or whatever which was my only idea 🙁

    screenshot: https://www.mediafire.com/view/jr9frh2cj5q9omh/6._CLS_Evolve_plus_issue_-_2.9.6_previews_not_working_vs_previews_working.png/file

    p.s. Sorry for bothering you over the weekend (shy).

    Roman
    Participant
    Posts: 3147
    May 13, 2019 at 10:06 am #43562

    Can you please confirm this issue is on other website/server? Do you have a chance to test it?

    Digicon
    Spectator
    Posts: 31
    May 13, 2019 at 3:01 pm #43565

    No, I do not own/have have any other website/server so I can’t try that.

    By the way, I don’t want to play smart as it’s not my “home field” but yours so, by having in mind the errors code shown in console (from the screenshot above) I would like to ask a thing.

    How it is possible that customizer some options loads following the “x-frame-options” not having that “frame-ancestors” directive while for some other options it does ignores “x-frame-options” because “frame-ancestors” directive is present and those ones (preview) works even activating previous changes ? Is it possible that those “frame-ancestors” directive is missed at some options/parts/elements when codding as it is obviously from the screenshot when the customizer (preview) works and what is causing it to not work (by my guess – missing the frame-ancestors directive).

    Is there any chance that the issue is somewhere there ?

    Roman
    Participant
    Posts: 3147
    May 14, 2019 at 1:01 pm #43567

    It’s hard to determine the issue as I don’t see this issue on all of my environments. Tested on localhost with PHP 5.2, live server with PHP 7.

    Digicon
    Spectator
    Posts: 31
    May 14, 2019 at 5:04 pm #43569

    I don’t see how else I can be of help. I have tried to use customizer in Chrome but it acts the same.

    Furthermore, I have searched for “frame-ancestor” and anything similar in the code/files but without much luck (as said coding is not my skill so that was expected to end up like that).

    Not sure if you have seen that my website is running on Apache server with PHP version 5.6.40. I don’t have any idea if PHP version can be related with the issue in any way.

    As far as I understand looks like missing of the “frame-ancestors” directive for some elements is causing the issue. I was doing some google search believing I am going into right direction. Unfortunately I don’t have any idea how can I try anything of that neither I am sure if I am able to do that at all…

    Some useful links that you should be able to understand way more better than I can:

    https://www.netsparker.com/web-vulnerability-scanner/vulnerabilities/invalid-content-security-policy-csp-directive-identified-in-meta-elements/
    https://dev.to/mattferderer/what-is-csp-why–how-to-add-it-to-your-website-28df
    https://stackoverflow.com/questions/52505525/content-security-policy-directive-frame-ancestors-missing-but-there