Unable to ‘Continue to Next Step [Recipients]’

  • Resolved Dragonfly-CA

    (@dragonfly-ca)


    2 months, 2 weeks ago

    We’re stuck trying to send an Email Campaign. From the ‘Subject & Settings’ tab, the ‘Continue to Next Step [Recipients]’ button does not move us to the next step ‘Recipients’ it just spins, stops, then does nothing. We’re unable to send an Email Campaign.

    We’ve deactivated all other plugins, switched themes, cleared caches (local and on the host server), all to no avail.

    Just updated to 2.9.24 today, and can’t go back.

Viewing 6 replies - 1 through 6 (of 6 total)
  • Plugin Support Md. Ashikur Rahman

    (@ashiik)

    Hello @dragonfly-ca,

    Thanks for reaching out. It seems like you’re experiencing a similar issue that has been discussed in this support thread: Error: No route was found matching the URL and request method.

    We recommend checking that thread for more details. Additionally, please contact your hosting provider to ensure that the server is not blocking the required requests FluentCRM uses for campaign creation. This is a server-related issue, and your hosting provider will assist you on this matter.

    Best Regards,

    Thread Starter Dragonfly-CA

    (@dragonfly-ca)

    I saw that post and reached out to Flywheel (before posting here) and they confirmed they DO NOT block PUT requests.

    What changed in this last update? FluentCRM worked perfectly fine before then and has been hosted on Flywheel since its inception.

    Thread Starter Dragonfly-CA

    (@dragonfly-ca)

    After restoring my site to a previous version, the issue still remains, so it WAS NOT the latest FluentCRM update. I have once again contacted Flywheel and they said they are escalating a ticket.

    Thread Starter Dragonfly-CA

    (@dragonfly-ca)

    Hello,

    Here is the response I received from Flywheel.?

    Knowing of this security vulnerability in your code gives me pause to use it. If this is something that you will be fixing in the very near future, I will be more than happy to continue using FluentCRM PRO, otherwise I will use an alternate CRM.

    I’ve shared your plugin with quite a few clients and we all love it! I sure hope you find a way to address this critical issue.

    Thank you,

    Sep 13, 2024, 3:02?AM CDT?

    Dillan here with Flywheel support, happy to help.

    I’ve spent some time digging into this with our infrastructure team, and it looks like this may be related to the?X-Http-Method-Override?header.

    This header is used to allow POST requests to override the method type.?This header is disabled across our platform as it opens up potential vulnerabilities.

    I would recommend reaching out to Fluent Form’s development team to confirm if they use this header – if they do, they may need to implement an alternative method of achieving this, so the plugin remains compatible with our platform.

    If they need any further information from our end, feel free to pass along the email?[email protected]?so they can liaise with us directly ?? It’d be best if they mention this ticket number?15237500?for reference.

    Do let us know if there’s anything further at all we can do on our end to assist in the meantime.

    Plugin Support Md. Ashikur Rahman

    (@ashiik)

    Hello @dragonfly-ca,

    Thank you for your detailed response and for bringing this to our attention.

    We would like to clarify that there is no security vulnerability in our code. The usage of the X-HTTP-Method-Override header is quite common and widely accepted in web applications and WordPress plugins that work with REST APIs. This issue appears to be specific to Flywheel, as none of our users on other servers are encountering it.

    We recommend enabling the X-HTTP-Method-Override header specifically for your website at the server level and configuring a Web Application Firewall (WAF) to restrict access to the FluentCRM API endpoints. This approach will help maintain security while addressing Flywheel’s concerns.

    Additionally, if possible, we suggest excluding the FluentCRM REST API routes from Flywheel’s caching layer to prevent any potential issues. The routes to consider are:

    /wp-json/fluent-crm/v2/subscribers/ , /wp-json/fluent-crm/v2/lists/, /wp-json/fluent-crm/v2/tags/,/wp-json/fluent-crm/v2/campaigns/, /wp-json/fluent-crm/v2/custom-fields/contacts

    We appreciate you sharing Flywheel’s response and their contact information. We will reach out to discuss this further.

    In the meantime, please consider opening a support ticket with us so we can continue the conversation and address this matter more directly.

    Thank you again for your cooperation and understanding.

    Plugin Support Md. Ashikur Rahman

    (@ashiik)

    Hello @dragonfly-ca,

    Could you please confirm if this has resolved the problem on your end? If the issue persists, we recommend contacting Flywheel to clear the server-side cache again and see if that helps. Once you’ve done that, please let us know if the problem is resolved or further assistance is needed.

    Best Regards,

Viewing 6 replies - 1 through 6 (of 6 total)
  • You must be logged in to reply to this topic.