widgets block editor returns 403 after WP update from 5.8 to 5.8.2

  • I’m not able to edit widgets with block editor after update of WordPress from 5.8 to 5.8.2

    In 5.8 /wp-json/batch/v1?_locale=user used Request Method GET and worked.
    In 5.8.2 is uses Request Method OPTIONS and returns 403 Forbidden

    I found related topics:
    * https://www.ads-software.com/support/topic/403-forbidden-error-on-widgets/
    * https://www.ads-software.com/support/topic/help-please-widgets-stopped-working/

    , both advicing to disable widgets block editor.

    It works. After added to theme functions.php:
    // TMP Disables the block editor from managing widgets. renamed from wp_use_widgets_block_editor
    add_filter( ‘use_widgets_block_editor’, ‘__return_false’ );

    But it is just a hotfix, not a removal of the problem. I’m sorry, I will not be able to futher debug this matter this week.

    Isn’t this a side effect of security fixes in 5.8.1 or 5.8.2 udateds of WordPress?

    I’ve created Widgets in older version as “Custom HTML” widgets. Later I’ve converted these with “Widget block editor” to “Block”s.

    In Widget Block Editor some of these widgets display in wp-block wp-block-legacy-widget: “Request-URI Too Long
    The requested URL’s length exceeds the capacity limit for this server.”

    I’ve tried to disable plugins and switch to Theme twenty-twenty. It didn’t solve the problem.

    The page I need help with: [log in to see the link]

Viewing 2 replies - 1 through 2 (of 2 total)
  • Moderator t-p

    (@t-p)

    This may be a plugin or theme conflict. Please attempt to disable all plugins, and use one of the default (Twenty*) themes. If the problem goes away, enable them one by one to identify the source of your troubles.

    If you can install plugins, install and activate “Health Check”: https://www.ads-software.com/plugins/health-check/
    It will add some additional features under the menu item under Tools > Site Health.
    On its troubleshooting tab, you can Enable Troubleshooting Mode. This will disable all plugins, switch to a standard WordPress theme (if available), allow you to turn your plugins on and off and switch between themes, without affecting normal visitors to your site. This allows you to test for various compatibility issues.
    There’s a more detailed description about how to use the Health Check plugin and its Troubleshooting Mode at https://make.www.ads-software.com/support/handbook/appendix/troubleshooting-using-the-health-check/

    In case you prefer the old Classic Widgets, then Use Classic Widgets Plugin

    Thread Starter jan.mazanek

    (@janmazanek)

    @t-p thank you for your response and advice to use plugin health-check.

    TLTR: Problem persist with Troubleshooting Mode enabled

    I have installed and activated https://www.ads-software.com/plugins/health-check/. It is the only one installed Must-Use plugin.

    I have enabled Troubleshooting Mode. All plugins are disabled, Theme is switched to default “Twenty TwentyVersion: 1.8”

    I have replaced https://…/.htaccess with reduced content:

    # BEGIN WordPress
# Direktivy (?ádky) mezi "BEGIN WordPress" a "END WordPress" jsou
# dynamicky generované a měly by byt upravovány pouze pomocí filtr? WordPressu.
# Ve?keré změny směrnic mezi těmito zna?kami budou p?epsány.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

# END WordPress

    But https://…/wp-admin/widgets.php click on button Update still does not save the changes.

    On click on button “Update”, the requested https://…/wp-json/batch/v1?_locale=user returns:

    HTTP/1.1 403 Forbidden
Date: Mon, 03 Jan 2022 20:25:44 GMT
Server: Apache
Content-Length: 199
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

    Webserver access.log contains:
    M.y.I.P - - [03/Jan/2022:21:25:44 +0100] "OPTIONS /wp-json/batch/v1?_locale=user HTTP/1.1" 403 581 "https://.../wp-admin/widgets.php" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36" ...:443 [subdomain.ww.cz] 839 5231 34757 + "-" "-"

    Webserver error.log doesn’t contain any records related to subdomain of this installation

    PHP error.log contains:
    #1) Older errors before Widgets Block Editor was disabled by me:
    [03-Jan-2022 12:16:03 UTC] PHP Notice: wp_enqueue_script() was called <strong>incorrectly</strong>. "wp-editor" script should not be enqueued together with the new widgets editor (wp-edit-widgets or wp-customize-widgets). Please see <a href="https://www.ads-software.com/support/article/debugging-in-wordpress/">Debugging in WordPress</a> for more information. (This message was added in version 5.8.0.) in /.../wp-includes/functions.php on line 5663

    #2) immediately after it is a new error:
    [03-Jan-2022 20:13:07 UTC] PHP Notice: is_trackback was called <strong>incorrectly</strong>. Conditional query tags do not work before the query is run. Before then, they always return false. Please see <a href="https://www.ads-software.com/support/article/debugging-in-wordpress/">Debugging in WordPress</a> for more information. (This message was added in version 3.1.0.) in /.../wp-includes/functions.php on line 5663

    I searched “REQUEST_METHOD” through .htaccess and it contains REQUEST_METHOD in W3TC rules:

    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    RewriteRule ^ - [E=W3TC_QUERY_STRING:%{QUERY_STRING}]
    RewriteCond %{ENV:W3TC_QUERY_STRING} ^(.*?&|)file(=[^&]*)?(&.*|)$ [NC]
    RewriteRule ^ - [E=W3TC_QUERY_STRING:%1%3]
    RewriteCond %{ENV:W3TC_QUERY_STRING} ^&+$
    RewriteRule ^ - [E=W3TC_QUERY_STRING]
    RewriteCond %{HTTPS} =on
    RewriteRule .* - [E=W3TC_SSL:_ssl]
    RewriteCond %{SERVER_PORT} =443
    RewriteRule .* - [E=W3TC_SSL:_ssl]
    RewriteCond %{HTTP:X-Forwarded-Proto} =https [NC]
    RewriteRule .* - [E=W3TC_SSL:_ssl]
    RewriteCond %{HTTP:Accept-Encoding} gzip
    RewriteRule .* - [E=W3TC_ENC:_gzip]
    RewriteCond %{HTTP_COOKIE} w3tc_preview [NC]
    RewriteRule .* - [E=W3TC_PREVIEW:_preview]
    RewriteCond %{REQUEST_METHOD} !=POST
    RewriteCond %{ENV:W3TC_QUERY_STRING} =""
    RewriteCond %{HTTP_COOKIE} !(comment_author|wp\-postpass|w3tc_logged_out|wordpress_logged_in|wptouch_switch_toggle) [NC]
    RewriteCond %{REQUEST_URI} \/$
    RewriteCond "%{DOCUMENT_ROOT}/wp-content/.../%{HTTP_HOST}/%{REQUEST_URI}/_index%{ENV:W3TC_SSL}%{ENV:W3TC_PREVIEW}.html%{ENV:W3TC_ENC}" -f
    RewriteRule .* "/wp-content/.../%{HTTP_HOST}/%{REQUEST_URI}/_index%{ENV:W3TC_SSL}%{ENV:W3TC_PREVIEW}.html%{ENV:W3TC_ENC}" [L]
<strong>    RewriteCond %{REQUEST_METHOD} !=POST</strong>
    RewriteCond %{ENV:W3TC_QUERY_STRING} =""
    RewriteCond %{HTTP_COOKIE} !(comment_author|wp\-postpass|w3tc_logged_out|wordpress_logged_in|wptouch_switch_toggle) [NC]
    RewriteCond "%{DOCUMENT_ROOT}/wp-content/.../%{HTTP_HOST}/%{REQUEST_URI}/_index%{ENV:W3TC_SSL}%{ENV:W3TC_PREVIEW}.xml%{ENV:W3TC_ENC}" -f
    RewriteRule .* "/wp-content/.../%{HTTP_HOST}/%{REQUEST_URI}/_index%{ENV:W3TC_SSL}%{ENV:W3TC_PREVIEW}.xml%{ENV:W3TC_ENC}" [L]
</IfModule>

    In Chrome DevTools there are these 4xx errors:
    1) 414 Error (Which IMHO is not related to this issue): The Requested URL s length exceeds the capacity limit for this server (this is for “Custom HTML” block with URL long 16kB(!!!). Anonymized URL:
    https://.../wp-admin/widgets.php?legacy-widget-preview[idBase]=custom_html&legacy-widget-preview[instance][encoded]=...&legacy-widget-preview[instance][hash]=...&legacy-widget-preview[instance][raw][title]=&legacy-widget-preview[instance][raw][content]=[fusion_builder_row_inner][fusion_builder_column_inner type="1_1" layout="1_1" background_position="left top" background_color="" border_color="" border_style="solid" spacing="0px" background_image="" background_repeat="no-repeat" padding_top="0" padding_bottom="0" padding_left="0" padding_right="0" margin_top="0" margin_bottom="0" class="" id="" animation_type="" animation_speed="0.3" animation_direction="left" hide_on_mobile="large-visibility" center_content="no" last="true" min_height="" hover_type="none" link="" border_sizes_undefined="0" element_content="" first="true" border_position="all" type="1_1"][/fusion_builder_column_inner][fusion_builder_column_inner type="1_1" layout="1_1" background_position="left top" background_color="#f0f0f0" border_color="" border_style="solid" spacing="0px" background_image="" background_repeat="no-repeat" padding_top="40px" padding_bottom="30px" padding_left="5%" padding_right="5%" margin_top="" margin_bottom="" class="" id="" animation_type="" animation_speed="0.3" animation_direction="left" hide_on_mobile="small-visibility,medium-visibility,large-visibility" center_content="no" last="true" min_height="" hover_type="none" link="" border_sizes_undefined="0" first="true" border_position="all" type="1_1"][fusion_title title_type="text" rotation_effect="bounceIn" display_time="1200" highlight_effect="circle" loop_animation="off" highlight_width="9" highlight_top_margin="0" before_text="" rotation_text="" highlight_text="" after_text="" hide_on_mobile="small-visibility,medium-visibility,large-visibility" sticky_display="normal,sticky" class="" id="" content_align_medium="" content_align_small="" content_align="left" size="2" font_size="27px" animated_font_size="" fusion_font_family_title_font="" fusion_font_variant_title_font="" line_height="" letter_spacing="" margin_top_medium="" margin_bottom_medium="" margin_top_small="" margin_bottom_small="" margin_top="" margin_bottom="" margin_top_mobile="" margin_bottom_mobile="" text_color="" animated_text_color="" highlight_color="" style_type="default" sep_color="" animation_type="" animation_direction="left" animation_speed="0.3" animation_offset=""]<p>Zpravodaj LLENTAB 2021/01</p>[/fusion_title][fusion_recent_posts layout="thumbnails-on-side" picture_size="fixed" hover_type="liftup" columns="1" number_posts="6" post_status="" offset="0" pull_by="category" cat_slug="ocelove-haly-01-2021" exclude_cats="" tag_slug="" exclude_tags="" thumbnail="yes" title="yes" meta="no" meta_author="no" meta_categories="no" meta_date="no" meta_comments="no" meta_tags="no" content_alignment="" excerpt="no" excerpt_length="13" strip_html="yes" scrolling="pagination" hide_on_mobile="small-visibility,medium-visibility,large-visibility" class="MarginBottom0" id="" animation_type="" animation_direction="left" animation_speed="0.3" animation_offset="" /][/fusion_builder_column_inner][fusion_builder_column_inner type="1_1" layout="1_1" background_position="left top" background_color="#f0f0f0" border_color="" border_style="solid" spacing="0px" background_image="" background_repeat="no-repeat" padding_top="20px" padding_bottom="30px" padding_left="5%" padding_right="5%" margin_top="" margin_bottom="" class="" id="" animation_type="" animation_speed="0.3" animation_direction="left" hide_on_mobile="small-visibility,medium-visibility,large-visibility" center_content="no" last="true" min_height="" hover_type="none" link="" border_sizes_undefined="0" first="true" border_position="all" type="1_1"][fusion_title title_type="text" rotation_effect="bounceIn" display_time="1200" highlight_effect="circle" loop_animation="off" highlight_width="9" highlight_top_margin="0" before_text="" rotation_text="" highlight_text="" after_text="" hide_on_mobile="small-visibility,medium-visibility,large-visibility" sticky_display="normal,sticky" class="" id="" content_align_medium="" content_align_small="" content_align="left" size="2" font_size="20px" animated_font_size="" fusion_font_family_title_font="" fusion_font_variant_title_font="" line_height="" letter_spacing="" margin_top_medium="" margin_bottom_medium="" margin_top_small="" margin_bottom_small="" margin_top="" margin_bottom="" margin_top_mobile="" margin_bottom_mobile="" text_color="" animated_text_color="" highlight_color="" style_type="default" sep_color="" animation_type="" animation_direction="left" animation_speed="0.3" animation_offset=""]LLENTAB news do emailu[/fusion_title][fusion_text columns="" column_min_width="" column_spacing="" rule_style="default" rule_size="" rule_color="" content_alignment_medium="" content_alignment_small="" content_alignment="" hide_on_mobile="small-visibility,medium-visibility,large-visibility" sticky_display="normal,sticky" class="" id="" font_size="" fusion_font_family_text_font="" fusion_font_variant_text_font="" line_height="" letter_spacing="" text_color="" animation_type="" animation_direction="left" animation_speed="0.3" animation_offset=""]P?ihlaste se k zasílání ob?asníku LLENTAB do emailu:[/fusion_text][fusion_code]...==[/fusion_code][/fusion_builder_column_inner][fusion_builder_column_inner type="1_1" layout="1_1" background_position="left top" background_color="" border_color="" border_style="solid" spacing="0px" background_image="" background_repeat="no-repeat" padding_top="" padding_bottom="" padding_left="" padding_right="" margin_top="-30px" margin_bottom="" class="" id="" animation_type="" animation_speed="0.3" animation_direction="left" hide_on_mobile="small-visibility,medium-visibility,large-visibility" center_content="no" last="true" min_height="" hover_type="none" link="" border_sizes_undefined="0" first="true" border_position="all" type="1_1"][fusion_sharing tagline="Sdílejte: " tagline_color="" backgroundcolor="#f0f0f0" title="Sdílejte: " link="" description="" icons_boxed="" icons_boxed_radius="" color_type="" icon_colors="" box_colors="" tooltip_placement="top" pinterest_image="" pinterest_image_id="" hide_on_mobile="small-visibility,medium-visibility,large-visibility" sticky_display="normal,sticky" class="" id="" dynamic_params="..." /][/fusion_builder_column_inner][/fusion_builder_row_inner]x&legacy-widget-preview[instance][raw][fusion_display_title]=yes&legacy-widget-preview[instance][raw][fusion_padding_color]=&legacy-widget-preview[instance][raw][fusion_margin]=&legacy-widget-preview[instance][raw][fusion_bg_color]=&legacy-widget-preview[instance][raw][fusion_bg_radius_size]=&legacy-widget-preview[instance][raw][fusion_border_size]=&legacy-widget-preview[instance][raw][fusion_border_style]=solid&legacy-widget-preview[instance][raw][fusion_border_color]=&legacy-widget-preview[instance][raw][fusion_divider_color]=&legacy-widget-preview[instance][raw][fusion_align]=&legacy-widget-preview[instance][raw][fusion_align_mobile]=

    2) 403 Error: Forbidden for OPTIONS request of URL: https://…/wp-json/batch/v1?_locale=user

    Request headers are:

    OPTIONS /wp-json/batch/v1?_locale=user HTTP/1.1
Host: ...
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="96", "Google Chrome";v="96"
Accept: application/json, */*;q=0.1
sec-ch-ua-mobile: ?0
X-WP-Nonce: de22c26b73
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
sec-ch-ua-platform: "Linux"
Origin: https://...
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://.../wp-admin/widgets.php
Accept-Encoding: gzip, deflate, br
Accept-Language: cs-CZ,cs;q=0.9,en;q=0.8
Cookie: wordpress_test_cookie=WP+Cookie+check; wordpress_apbct_antibot=...; apbct_site_landing_ts=1635945569; ct_timezone=1; ct_checkjs=...; PHPSESSID=...; xxx-user=...; ct_checked_emails=0; _ga=...; _ga_xxx=...; wp-settings-1=editor%3Dtinymce%26libraryContent%3Dbrowse%26imgsize%3Dfull%26post_dfw%3Doff%26posts_list_mode%3Dlist%26align%3Dright%26urlbutton%3Dcustom; wp-settings-time-1=1640104050; privacy_embeds=consent; apbct_site_referer=UNKNOWN; wordpress_logged_in_xxx=...; apbct_visible_fields=0; fusionredux_current_tab=1; ct_check_users__amount=100; ct_paused_users_check=0; ct_has_scrolled=false; apbct_prev_referer=https%3A%2F%2F...%2F; ct_ps_timestamp=1641240755; ct_screen_info=%7B%22fullWidth%22%3A1790%2C%22fullHeight%22%3A18814%2C%22visibleWidth%22%3A1790%2C%22visibleHeight%22%3A2025%7D; apbct_timestamp=1641240755; apbct_page_hits=266; apbct_cookies_test=...; apbct_urls=%7B%22...%5C%2Fxxx-50-years-w126%5C%2F%22%3A%5B1641201328%5D%2C%22...%5C%2F%3Fcustomize_changeset_uuid%3Df3db50cd-6c37-4c1f-b882-911790a78f1e%26customize_theme%3Dtwentytwentyone%26customize_messenger%22%3A%5B1641212069%5D%2C%22...%5C%2Fwp-json%5C%2Fcontact-form-7%5C%2Fv1%5C%2Fcontact-forms%5C%2F9205%5C%2Frefill%22%3A%5B1641212071%2C1641212091%5D%2C%22...%5C%2F%22%3A%5B1641213919%2C1641229979%2C1641240359%2C1641240707%2C1641240753%5D%2C%22...%5C%2Fwp-json%5C%2Fcontact-form-7%5C%2Fv1%5C%2Fcontact-forms%5C%2F10863%5C%2Frefill%22%3A%5B1641213920%2C1641229980%2C1641240362%2C1641240708%2C1641240755%5D%7D; apbct_visible_fields_0=%7B%22visible_fields%22%3A%22s%22%2C%22visible_fields_count%22%3A1%2C%22invisible_fields%22%3A%22%22%2C%22invisible_fields_count%22%3A0%7D; apbct_visible_fields_3=%7B%22visible_fields%22%3A%22location%22%2C%22visible_fields_count%22%3A1%2C%22invisible_fields%22%3A%22category%20order%20process%22%2C%22invisible_fields_count%22%3A3%7D; apbct_visible_fields_4=%7B%22visible_fields%22%3A%22your-name%20your-message%20your-email%20your-phone%22%2C%22visible_fields_count%22%3A4%2C%22invisible_fields%22%3A%22_wpcf7%20_wpcf7_version%20_wpcf7_locale%20_wpcf7_unit_tag%20_wpcf7_container_post%20_wpcf7_posted_data_hash%20ct_checkjs_cf7%22%2C%22invisible_fields_count%22%3A7%7D; ct_mouse_moved=true; wp-health-check-disable-plugins=3ede73e51707105e223651143db1d7f4; ct_fkp_timestamp=1641240761; ct_pointer_data=...

    Please, do you have any suggestion, how to continue, to solve this issue?

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘widgets block editor returns 403 after WP update from 5.8 to 5.8.2’ is closed to new replies.