URGENT: Security Error for Royal Theme / plugins.js

This topic has 19 replies, 3 voices, and was last updated 6 years, 6 months ago ago by Rose Tyler

  • Avatar: Royalty
    Royalty
    Participant
    July 23, 2017 at 10:25

    Hello,
    I just noticed that there is a SecurityError in Firebug and Chrome Console, that says that the operation (wp-content/themes/royal/js/plugins.js line 477) is insecure (Royal Version 3.0.2.1)
    Here are screentshots of the error messages:

    Firefox/Firebug:
    http://www.bilder-upload.eu/show.php?file=ff3b06-1500801869.jpg

    Chrome:
    http://www.bilder-upload.eu/show.php?file=49a781-1500801934.jpg

    Please find my page in private content as I dont want screenshots of my page or links to my page to be public.

    I tested it with a fresh install of Royal Theme 3.0.2.1. and the error is still there, so it is not caused by any customizations.
    I have a testpage with Royal theme version 2.8 where I dont get this error, so it seems to be related to version 3.0.2.1. or a version between 2.8. and 3.0.2.1.

    Any help on how to fix this would be really appreciated. Many thanks in advance.

    Please, contact administrator
    for this information.
    18 Answers
    Avatar: laranz
    Laranz
    Participant
    July 24, 2017 at 05:23

    Hi,

    This kind of security error you will get when favicon image is on different domain then the script is running (for example its on CDN). If the image doesn’t not have proper response header Access-Control-Allow-Origin: * browsers will block access to that image.

    You can read more about CORS here: https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS

    Let me know if you have more questions.

    Avatar: Royalty
    Royalty
    Participant
    July 24, 2017 at 09:44

    Ok thank you very much. My favicon is on a subdomain, so this seems to be the reason. In my htaccess there is this part of code:

    <FilesMatch ".(eot|ttf|otf|woff)">
    Header set Access-Control-Allow-Origin "*"
    </FilesMatch>

    Do I have to add png (my favicon is png) to the FilesMatch list? Or what do I have to do now to fix this? I am not a developer, so any help would be really appreciated. Thank you.

    Avatar: laranz
    Laranz
    Participant
    July 24, 2017 at 09:58

    Hi,

    Yes in that case, add the png in to that list. 🙂

    Let us know,

    Thanks,
    laranz.

    Avatar: Royalty
    Royalty
    Participant
    July 24, 2017 at 10:23

    Hm i did so, but the error is still there. Also added jpg just to see if this helps but unfortunately not. Cleared all caches…:/

    Avatar: laranz
    Laranz
    Participant
    July 24, 2017 at 12:11

    Hi,

    Can you try upload the favicon in the same domain and see that error goes away? If the error goes away, then you need to tweak the server’s .htaccess correctly. Ask your server hosting guys about this in case of doubt, and you’re using CDN or something.

    Let us know,

    Thanks,
    laranz.

    Avatar: Royalty
    Royalty
    Participant
    July 24, 2017 at 12:17

    I uploaded the favicon and the logo in the same domain – the error is gone – thank you! Cant you tell me how to edit htaccess? Not sure if my hosting providers can help me with this…

    Avatar: laranz
    Laranz
    Participant
    July 25, 2017 at 05:50

    Hi,

    Hosting provider can help you, probably they already have a kb article about changing the .htaccess file, if not give it a try with their support guys.

    Try this solution, https://stackoverflow.com/a/13871027 just in case.

    Let us know,

    Thanks,
    laranz.

    Avatar: Royalty
    Royalty
    Participant
    July 25, 2017 at 06:10

    Thanks, but the mentioned code is the same that I posted above and already tried without success. Asked my provider yesterday but they couldnt help me yet :/

    Avatar: laranz
    Laranz
    Participant
    July 25, 2017 at 07:08

    Hi,

    They will reply, because it is a server side setting. 🙂

    Let us now,

    Thanks,
    laranz.

    Avatar: Royalty
    Royalty
    Participant
    July 25, 2017 at 09:49

    They just told me that this is beyond their support and they cannot help me with this. They said I should leave the favicon on the main domain, but this it not what I want :/ I tried the following code, but without succes:

    <FilesMatch "\.(gif|png|jpe?g|svg|svgz|ico|webp)$">
    SetEnvIf Origin ":" IS_CORS
    Header set Access-Control-Allow-Origin "*" env=IS_CORS
    </FilesMatch>
    
    <FilesMatch "\.(ttf|ttc|otf|eot|woff|font.css|css)$">
    Header set Access-Control-Allow-Origin "*"
    </FilesMatch>

    Really dont know what to do now 🙁

    Avatar: Royalty
    Royalty
    Participant
    July 25, 2017 at 14:08

    I wrote the whole time with a guy from my hosting provider. In the end, he had no idea how to fix it because he says its theme related. Everything is configured correctly.

    So I tried to delete the favicon from the etheme options panel and uploaded it via the wordpress customizer (Design > Customizer), but the error was still there. Then I switched to Storefont theme and the error was gone. So it really has something to do with your theme, especially with the file plugins.js, that the error links to (line 477).
    For now, I’ve uploaded the image to the main domain (not the subdomain) to eliminate the error but I would prefer to leave it at the subdomain. So if you could have a look at this file, this would be great…thank you 🙂

    Avatar: laranz
    Laranz
    Participant
    July 25, 2017 at 19:24

    Hi,

    It is because that we’re using a script that will add the number of cart items to the favicon, if you don’t want that feature then go to Theme Options -> General -> Show products in cart count on the favicon and turn it off, and then you can have the fav icon in your subdomain.

    If you want this neat little feature, then you should keep your fav icon in your current domain. Hope this helps.

    Let us know,

    Thanks,
    laranz.

    Avatar: Royalty
    Royalty
    Participant
    July 25, 2017 at 19:30

    I dont want this feature and its turned off all the time. So this is not the reason :/

    Avatar: laranz
    Laranz
    Participant
    July 25, 2017 at 20:40

    Hi,

    I got it, can you try this little fix, /wp-content/themes/royal/js/etheme.js and around line #610 you will find this function. ( Use WPIDE plugin for editing the theme file in the Dashboard area, it is easy than FTP. )

        function et_update_favicon() {
            var itemsCount = $('.cart-summ').data('items-count');
            var enableBadge = $('.shopping-container').data('fav-badge');
            var favicon = new Favico({
                animation : 'popFade',
                fontStyle : 'normal',
            });
            
            if (enableBadge == 'enable') {
                favicon.badge(itemsCount);
            }
        }

    change that to,

        function et_update_favicon() {
            var itemsCount = $('.cart-summ').data('items-count');
            var enableBadge = $('.shopping-container').data('fav-badge');
            
            
            if (enableBadge == 'enable') {
                var favicon = new Favico({
                    animation : 'popFade',
                    fontStyle : 'normal',
                });
                favicon.badge(itemsCount);
            }
        }

    clear the cache after this change, if that still show the error then, comment the code at line #624, it looks like this,

    et_update_favicon();

    Let us know,

    Thanks,
    laranz.

    Avatar: Royalty
    Royalty
    Participant
    July 25, 2017 at 20:59

    Laranz, YOU ARE MY HERO OF THE DAY!!! Thank you soo much! That did the trick, even without comment the code at line 624. So great! Can you forward it so that it will be fixed in the next update?
    And would you mind to have a look at another big problem I am facing since using Royal theme, I have posted it here: https://www.8theme.com/topic/sometimes-product-images-are-not-loaded-completely/
    Again, thank you!!

    Avatar: laranz
    Laranz
    Participant
    July 25, 2017 at 21:01

    Hi,

    Glad it get fixed 😉 Yes, I already forward that to the developers, so that can be fixed in the upcoming update. ( No, ETA yet. )

    Sure, I will check that ticket too. 🙂

    Let us know if you have any other questions,

    If you’re happy with our service, don’t forget to rate us 5 stars in themeforest. 🙂

    Thanks,
    laranz.

    Avatar: Royalty
    Royalty
    Participant
    September 21, 2017 at 19:45

    Just checked version 3.1 but the provided fix was not taken into the update. So I have to do it manually again. Could you please make sure that it is fixed in the next update? Thank you!

    Avatar: Rose Tyler
    Rose Tyler
    Support staff
    September 25, 2017 at 07:45

    Hello,

    Thank you for the notice. I have passed this topic to our developers.

    Regards

  • Viewing 19 results - 1 through 19 (of 19 total)

You must be logged in to reply to this topic.Log in/Sign up

We're using our own and third-party cookies to improve your experience and our website. Keep on browsing to accept our cookie policy.