Forum

Thread tagged as: Error, Ace

Ace Editor - Region save error

I've been building a new template and one of the content fields is using Ace Editor for the nice syntax highlighting.

Using the field to embed a video from Facebook or Youtube etc, is causing an error when the Region is saved. The content does save and appears as expected on the page itself, but the actual save process ends up on a blank page instead of reloading the admin.

Chrome inspector shows this error:

The XSS Auditor blocked access to 'https://mydomain.com/perch/core/apps/content/edit/?id=3726&itm=3616' because the source code of a script was found within the request. The server sent an 'X-XSS-Protection' header requesting this behavior.

I get the same blank page in Safari.

Perch and Apps are all up to date. Are you able to replicate this behaviour on your end?
Jasper Snaith

Jasper Snaith 0 points

  • 5 years ago
Rachel Andrew

Rachel Andrew 394 points
Perch Support

5 years ago

We need to see your Diagnostics Report and template with each forum post - thanks!
Jasper Snaith

Jasper Snaith 0 points

5 years ago

Diagnostics:

Perch Runway: 2.8.29, PHP: 5.5.9-1ubuntu4.14, MySQL: 5.5.47, with PDO
Server OS: Linux, apache2handler
Installed apps: content (2.8.29), assets (2.8.29), categories (2.8.29), jw_activity_log (1.0.0), perch_blog (5.0), perch_events (1.9.2), perch_forms (1.7), perch_gallery (2.8.2), perch_comments (1.0.1), perch_members (1.0.3), perch_backup (1.2)
App runtimes: <?php $apps_list = array( 'content', 'categories', 'perch_blog', 'perch_events', 'perch_forms', 'perch_gallery', 'perch_comments', 'perch_members', );
PERCH_LOGINPATH: /perch
PERCH_PATH: /home/user/www/mydomain.com/public_html/perch
PERCH_CORE: /home/user/www/mydomain.com/public_html/perch/core
PERCH_RESFILEPATH: /home/user/www/mydomain.com/public_html/perch/resources
Image manipulation: GD Imagick
PHP limits: Max upload 32M, Max POST 8M, Memory: 128M, Total max file upload: 8M
F1: 2edba60ed1f613d6dd804feb202456a2
Resource folder writeable: Yes
HTTP_HOST: mydomain.com
DOCUMENT_ROOT: /home/user/www/mydomain.com/public_html/
REQUEST_URI: /perch/core/settings/diagnostics/
SCRIPT_NAME: /perch/core/settings/diagnostics/index.php

Let me know if you want the extended diagnostics.

The actual template is quite large so I've pulled the embed field out to test it on it's own, still getting the same result when it's the only content field in the region:

<perch:content
    id="embed"
    type="textarea"
    label="Embed Script"
    size="m"
    editor="ace"
    html="true"
    suppress="true"
/>

<perch:before>

<div class="container-fluid">
    <div class="row">

</perch:before>

        <div class="bg">
            <div class="row v-align">
                <div class="col-md-10 col-md-offset-1 col-lg-8 col-lg-offset-2">
                    <div class="content marginTop marginBottom">

                    <perch:if exists="embed">
                        <perch:content id="embed" type="textarea" html="true" />
                    </perch:if>

                    </div>
                </div>
            </div>
        </div>

<perch:after>

    </div>
</div>

</perch:after>
Drew McLellan

Drew McLellan 2638 points
Perch Support

5 years ago

In your config/config.php file, add:

define('PERCH_SECURITY_HEADERS', false);
Jasper Snaith

Jasper Snaith 0 points

5 years ago

Thanks Drew.

Still got the same result after adding that line.

I've now resolved the issue - turned out it was caused by debug mode (I'm working on our development server so debug is on). Disabling debug makes the Region save as normal; disabling security headers has no effect regardless of debug.

Thanks for your help!