digiscrap

Thank you @grigaswp ! I’ll install and see what happens…

Hello,

My customer claims the same. No admin “New Order” emails. So this should be probably a bug? Or there is a new setting?

I hope this will be fixed soon.

Regards, Vincent

Hello and thank you. It does not show the notification. It shows duplicate RAW header lines. Please see the report: https://securityheaders.com/?q=digiscrap.plus&followRedirects=on

You see that the lines below are in the report, but the lines are the same:

access-control-allow-origin null
access-control-allow-methods GET,PUT,POST,DELETE
access-control-allow-headers Content-Type, Authorization
x-content-security-policy default-src ‘self’; img-src *; media-src * data:;

access-control-allow-origin null
access-control-allow-methods GET,PUT,POST,DELETE
access-control-allow-headers Content-Type, Authorization
x-content-security-policy img-src *; media-src * data:;

I can’t upload images here, so please create a report and look at the RAW headers section

thanks Vincent

• This reply was modified 1 year, 7 months ago by digiscrap.

Issue was caused by the server settings. Fixed.

I found the information here: https://forum.directadmin.com/threads/allowmethods-ah01623-client-method-denied-by-server-configuration-options.56310/#post-288513

Its not an issue caused by the Headers Security Advanced & HSTS WP !

I see the lines below two times in the securityheaders.com output. I tried to add OPTIONS in .htaccess and it appears only in the second part. Looks like it is adding twice? When I disable your plugin all is gone. So the plugin adds it 2 times with some different values (4th / last line). Maybe it is normal behavior, I don’t know.

access-control-allow-origin null
access-control-allow-methods GET,PUT,POST,DELETE
access-control-allow-headers Content-Type, Authorization
x-content-security-policy default-src ‘self’; img-src *; media-src * data:;

access-control-allow-origin null
access-control-allow-methods GET,PUT,POST,DELETE
access-control-allow-headers Content-Type, Authorization
x-content-security-policy img-src *; media-src * data:;

Thanks again for your help!
Regards, Vincent

• This reply was modified 1 year, 8 months ago by digiscrap.

Thank you so much!!

On 1), when WPSC is disabled the header is fine / normal.

Hello,
Thank you for your answer. Yeah… probably my customer changed this…. put it back and now it is working correct. Need to finetune some settings but looks good for now.

Sorry for blaming your plugin…

Regards,
Vincent

Additional info”
1. WordPress: 5.9.3, WooCommerce: 7.0, Weight Based Shipping: 5.3.24, PHP: 7.4

2.
It should not give any options here because it is outside Europe:
https://www.loom.com/i/b07658a564434e7093e3ce769ef1a259
WooCommerce settings
https://www.loom.com/i/09b5a74da30c45369b4d47914087fec8
WBS Settings
https://www.loom.com/i/eac36c818f4745b787b239a175f32762
Shipping unavailable messages
https://loom.com/i/7a872dc80226446bbdda43ceeeecb2cb

3. I’m testing it with the order:
Any order

Ok, never mind. What I did to get it to work:

script-src https://www.facebook.com/, https://connect.facebook.net/
frame-src https://www.facebook.com/

It looks like it is working correct now.

Thanks, Vincent

Ok, thanks!

Thanks! @themifyme … I was looking for this too!

Thanks @sebtlee ! I installed “Post Expirator” too

Same issue here….

Thank you for the great support! The issue is solved!! Thanks!