jQuery not defined on Windows server

  • Resolved Sara Die Webmacherin

    (@larvafashion)


    2 months, 1 week ago

    Hello UpdraftPlus team,

    We have successfully used your plugin for backups for serveral years. Now on one of the pages I get a “jQuery not defined” error only on the UpraftPlus page. It worked fine just last month.

    I tried disabling all other plugins and switching to the TwentyTwentyFour theme. The error is still there.

    The only difference to our other websites is that this one website is running on a Windows server (I have no idea why).

    When I check the network tab I get an error 403 for load-scripts.php which should also load jQuery.

    Do you have any idea what the problem could be?

    Here are screenshots of the errors:
    https://ibb.co/HH3KYcr
    https://ibb.co/YWDhPmP

    The page I need help with: [log in to see the link]

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Support pbevanudp

    (@pbevanudp)

    Hello,

    In your screenshot it appears the 403 forbidden error is triggered by ModSecurity. You may wish to look at the ModSecurity logs to find the rule that is blocking load-scripts.php which in turn is causing jQuery to be undefined.

    Thread Starter Sara Die Webmacherin

    (@larvafashion)

    As far as I can see load-scripts.php is only blocked on the UpdraftPlus page. All other admin pages load normally.

    Can ModSecurity block only one page?

    Plugin Support vupdraft

    (@vupdraft)

    There are a lot of mod_security rules. The issue you are having is certainly down to mod_security. You will either need to disable it entirely or disable the rule that is being triggered, please see here for a guide: https://www.inmotionhosting.com/support/security/find-and-disable-specific-modsecurity-rules/

    My advice would be to talk to your hosting as they should be able to help.

    Having had this problem myself, I tracked down the Plesk security logs for this error and it most likely related to ModSecurity Rule 94230 which is a rule limiting the number of special characters (meta characters including the hyphen and ampersand characters) you can pass in a set of parameters to a PHP script thereby limiting the possibility of a SQL Injection attack. In the image submitted by @larvafashion you can see that the load-scripts.php call is passing in a long string composed of many of the jQuery libraries names (most of which seem to include one or more hyphens). While I agree with @vupdraft that you will likely need to work with your host to either disable this rule or modify config to accept this string, it also seems to me that UpDraftPlus, should do its part by limiting the number of libraries it has to call in order to function, and that some of these libraries should be collapsed into a single file/ repository. Furthermore, I wonder of there’s a way people responsible for developing these libraries might be convinced to remove the redundant hyphens in their filenames?

Viewing 4 replies - 1 through 4 (of 4 total)
  • You must be logged in to reply to this topic.