frontend issue on multisite

You must be using different domains for each site? Please make sure your server is allowed to make CORS requests from different domains. The requests are being blocked, because one domain is not allowed to take resources from the other.

However, I do need to improved Multisite compatibility for OMGF. For more info on this discussion, please refer to: https://www.ads-software.com/support/topic/database-error-duplicate-column-name/

Dear Bergh,

Thanks for your reply, here are our service environment:

1# We are using subsites but not subdirectory on our multisites, so our root domain is lovcour.com, and subsites domain is like following:
forums.lovcour.com
work.lovcour.com
XXX.lovcour.com
….

2# Server end setting:

We are using redis cache with this plugin:
https://www.ads-software.com/plugins/redis-cache/

We already set SAMEORIGIN on nginx configuration:

For security configuration, all of setting will be set as below BY DEFAULT to avoid the Clickjacking attack:

##Common headers for security
more_set_headers “X-Frame-Options : SAMEORIGIN”;
more_set_headers “X-Xss-Protection : 1; mode=block”;
more_set_headers “X-Content-Type-Options : nosniff”;
more_set_headers “Referrer-Policy : strict-origin-when-cross-origin”;

https://geekflare.com/wordpress-x-frame-options-httponly-cookie/
https://geekflare.com/add-x-frame-options-nginx/#comment-65189

3# I already tested it on another one test subsite, and activated it with this setting too:
https://prntscr.com/p80h5r

but the issue is same:
https://prntscr.com/p80m2s

and the fonts are loaded still from google:
https://prntscr.com/p80mgu

It would be great if you would like to have a check.

By the way, I can send you subsite admin account for your test, please write to me alexlii at yahoo dot com if needed.

Looking forward to your reply.

Have a nice day.

Alex

• This reply was modified 5 years, 2 months ago by alexlii.

Hi Alex,

I tried to take a look at work.lovcour.com, but the site seems broken? I’m not seeing any of the warnings, but this is probably, because most stylesheets aren’t loaded. Or perhaps you switched to a different theme for testing.

Anyway, I’m thinking to improve the MultiSite behaviour, cause this brings more flexibility to the plugin and it tackles your issue. At this point, one setting (one source, one generated stylesheet) is used for all sites, forcing you (the user) to adjust CORS headers (in Apache it’s: Access-Control-Allow-Origin), when instead, I think it would be better to offer seperate configuration options (and generated stylesheets) for each seperate site.

Be patient. ?? I’ll keep you posted.

Hi Bergh,

It is not broken, please check this screenshot:https://prntscr.com/p9nyiy

if it is not accessible to you, please share me a screenshot.

Ok, thanks, glad you will improve it.

Hi Bergh,

I understand now why there is issue.

On our server, we set forced SSl, so I just suppose there is SSL compatibility issue,

Please check this:

(index):1 Mixed Content: The page at ‘https://work.lovcour.com/’ was loaded over HTTPS, but requested an insecure font ‘https://undefined/’. This request has been blocked; the content must be served over HTTPS.

Screenshot:
https://prntscr.com/p9tsf2

Anyway, just for your reference.

Have a nice day.

@daanvandenbergh I’ve deleted your offer to login to your user’s site. I’m am 100% sure you mean well but please never ask for credentials on these forums.

https://www.ads-software.com/support/guidelines/#the-bad-stuff

Now for the why: The internet is a wonderful place full of very nice people and a few very bad ones. I’m sure everyone here is very nice however, by giving some ones keys to your house you are trusting they wont steal anything. Likewise the person who takes the keys is now responsible for the house FOREVER.

If something was to go wrong, then you the author may well legally become liable for damages, which they would not normally have been as their software is provided without warranty.

Please be aware that repeatedly asking for credentials will result in us escalating this to the plugins team.

It’s never necessary to do that. Here’s why.

There are many ways to get information you need and accessing the user’s site is not one of them. That’s going too far.

• Ask for a link to the https://pastebin.com/ log of the user’s web server error log.
• Ask the user to create and post a link to their phpinfo(); output.
• Ask the user to install the Health Check plugin and get the data that way.
• Walk the user through enabling WP_DEBUG and how to log that output to a file and how to share that file.
• Walk the user through basic troubleshooting steps such and disabling all other plugins, clear their cache and cookies and try again.
• Ask the user for the step-by-step on how they can reproduce the problem.

You get the idea.

Volunteer support is not easy. But these forums need to a safe place for all users, experienced or new. Accessing their system that way is a short cut that will get you into real trouble in these forums.

Al right, thanks @sterndata.

@alexlii,

It’s strange that there’s a request to ‘undefined’. Are you sure you configured OMGF according to the manual?

@alexlii,

Thanks for notifying me of the SSL issue. Non-secure files are indeed blocked by browsers, when loaded in a secure site.

So, I guess it wasn’t due to OMGF, however, to force loading the fonts using the URL of another subdomain, you can do the following:

– Go to the site you wish to configure,
– Change OMGF’s cache directory to something else, e.g. /cache/site1/omgf,
– Save changes,
– Download fonts,
– Generate stylesheet.

A new stylesheet, using the corresponding site’s URL, is now generated in its own folder, bypassing any CORS issues you might run into.

Repeat these steps for every site, changing the cache directory to /cache/site2/omgf, /cache/site3/omgf, etc.

Hi Daan,

I do not know “bypassing any CORS issues”
Would you please let me know how to do it? Or, any online tutorial for reference please?

Thanks and have a nice day.

• This reply was modified 5 years, 1 month ago by alexsina.

Hi Daan,

I just had a try as per your instruction, but I found the issue is same, and there is a file named:undefined under the font cache directory, please check the screenshot:

https://prntscr.com/ppz80n

Further suggestion would be appreciated, have a nice day.

@alexsina,

Thanks!

Ok, so there must be a bug somewhere in the downloading of the fonts.

Could you take a look in the wp_caos_webfonts table in your database, to see if the ‘undefined’ file is mentioned there as well?

Hello @daanvandenbergh,

Sorry for later response since there are some difficulties to access the forum.

Anyway, the following screenshots might be much helpful for your debug, we have custom prex data base name, so I searched “caos_webfonts”:

https://prntscr.com/py1894

https://prntscr.com/py18dl

https://prntscr.com/py18gu

Should you need more information for debug, please feel free to let me know.

Have a nice day.

Hello @daanvandenbergh,

Have you received my last screenshots?

Thanks

Hi @alexsina,

This bug has been fixed since v2.2.0.