Ninja Firewall Blocking Editor From Loading

  • Resolved larsenja

    (@larsenja)


    7 years, 8 months ago

    When Ninja is turned on, it appears to be blocking access to this file:

    domain.com/wp-content/themes/theme_name/bootstrap/editor_plugin_bootstrapicons.js.php?wp-mce-4403-20160901

    When Ninja is turned off, the editor loads fine.

    What rule in Ninja might be causing this? When we check the firewall log, no entry is being displayed for this block…

    Your help is greatly appreciated!

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author nintechnet

    (@nintechnet)

    Hi,

    If there is no error in the log, it could be due to one of the HTTP headers options (“Firewall Policies > HTTP response headers”).
    You can check that from your browser’s console: Turn it on (usually CTRL + Shift + J), then try again to access the file. If the browser blocks the request, it will be displayed in the error console.

    Thread Starter larsenja

    (@larsenja)

    Awesome suggestion. Sure enough strict Mime rules were enabled. By turning them off, the editor loaded.

    Is this a super-dangerous thing to enable from a security perspective?

    Plugin Author nintechnet

    (@nintechnet)

    Not a huge security risk, but a useful feature.
    It is used to prevent a file from serving content that does not match the type of the file.
    For example, if you have a PHP file js.php that is used to output JS code in a tag such as <script src="js.php"></script>, it will be blocked unless your js.php file sends the right header ( header("Content-Type: text/javascript"); ).

    Since your file is called editor_plugin_bootstrapicons.js.php, I assume it is used to output JS code, and may not send the needed Content-Type header.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Ninja Firewall Blocking Editor From Loading’ is closed to new replies.