Unable to ‘Continue to Next Step [Recipients]’

Hello @dragonfly-ca,

Thanks for reaching out. It seems like you’re experiencing a similar issue that has been discussed in this support thread: Error: No route was found matching the URL and request method.

We recommend checking that thread for more details. Additionally, please contact your hosting provider to ensure that the server is not blocking the required requests FluentCRM uses for campaign creation. This is a server-related issue, and your hosting provider will assist you on this matter.

Best Regards,

I saw that post and reached out to Flywheel (before posting here) and they confirmed they DO NOT block PUT requests.

What changed in this last update? FluentCRM worked perfectly fine before then and has been hosted on Flywheel since its inception.

After restoring my site to a previous version, the issue still remains, so it WAS NOT the latest FluentCRM update. I have once again contacted Flywheel and they said they are escalating a ticket.

Hello,

Here is the response I received from Flywheel.?

Knowing of this security vulnerability in your code gives me pause to use it. If this is something that you will be fixing in the very near future, I will be more than happy to continue using FluentCRM PRO, otherwise I will use an alternate CRM.

I’ve shared your plugin with quite a few clients and we all love it! I sure hope you find a way to address this critical issue.

Thank you,

Sep 13, 2024, 3:02?AM CDT?

Dillan here with Flywheel support, happy to help.

I’ve spent some time digging into this with our infrastructure team, and it looks like this may be related to the?X-Http-Method-Override?header.

This header is used to allow POST requests to override the method type.?This header is disabled across our platform as it opens up potential vulnerabilities.

I would recommend reaching out to Fluent Form’s development team to confirm if they use this header – if they do, they may need to implement an alternative method of achieving this, so the plugin remains compatible with our platform.

If they need any further information from our end, feel free to pass along the email?[email protected]?so they can liaise with us directly ?? It’d be best if they mention this ticket number?15237500?for reference.

Do let us know if there’s anything further at all we can do on our end to assist in the meantime.

Hello @dragonfly-ca,

Thank you for your detailed response and for bringing this to our attention.

We would like to clarify that there is no security vulnerability in our code. The usage of the X-HTTP-Method-Override header is quite common and widely accepted in web applications and WordPress plugins that work with REST APIs. This issue appears to be specific to Flywheel, as none of our users on other servers are encountering it.

We recommend enabling the X-HTTP-Method-Override header specifically for your website at the server level and configuring a Web Application Firewall (WAF) to restrict access to the FluentCRM API endpoints. This approach will help maintain security while addressing Flywheel’s concerns.

Additionally, if possible, we suggest excluding the FluentCRM REST API routes from Flywheel’s caching layer to prevent any potential issues. The routes to consider are:

/wp-json/fluent-crm/v2/subscribers/ , /wp-json/fluent-crm/v2/lists/, /wp-json/fluent-crm/v2/tags/,/wp-json/fluent-crm/v2/campaigns/, /wp-json/fluent-crm/v2/custom-fields/contacts

We appreciate you sharing Flywheel’s response and their contact information. We will reach out to discuss this further.

In the meantime, please consider opening a support ticket with us so we can continue the conversation and address this matter more directly.

Thank you again for your cooperation and understanding.

• This reply was modified 2 months, 1 week ago by Md. Ashikur Rahman.
• This reply was modified 2 months, 1 week ago by Md. Ashikur Rahman.

Hello @dragonfly-ca,

Could you please confirm if this has resolved the problem on your end? If the issue persists, we recommend contacting Flywheel to clear the server-side cache again and see if that helps. Once you’ve done that, please let us know if the problem is resolved or further assistance is needed.

Best Regards,