Alex

Thanks for the kind words! It stopped about 5 miles away thankfully, actually planning on heading back today – just the air quality is awful!

Let me know if anything else comes up with Content Mask, or if that most recent update doesn’t work, and I’ll take a look as soon as I can.

Take care!

I apologize for the delay, I had to temporarily evacuate relocate due to the wildfires where I’m at.

I was finally able to sit down and get some work done on this – I added an option “Return Link” option in version 1.8.1.5 that adds a floating “< Go Back” link when turned on (this works on both the iframe *and* download methods!)

Do note that it only works if the option is turned on AND there is an HTTP Referer set. Some browsers may not set one, and if your links to the pages include rel="noreferer", the Go Back link will not show up, otherwise, it will show up in the bottom left of the masked page when the option is on!

Update 1.8.1.5 should be live in a moment, so feel free to update and test it out!

Oh wow, thank you so much for the kind words! I’m glad Content Mask was able to do what you needed it to – don’t hesitate to reach out if anything is acting up with it, I’m always happy to take a look as quickly as I can!

Ah, wonderful! I’ve added it in 1.8.1.3 as a new set of permissions. Underneath “Role Permissions” is a new section called “Conditions”. Just toggle the one that you want to hide it from, (if “User Logged In” is checked, it will hide it from logged in users and show to logged out users. If “User Logged Out” is checked, it will hide it from logged out users, but show to logged in users)

Let me know if that was what you were after, and let me know if you notice anything wonky about the update.

Thanks!

I was able to push out a fix for this in version 1.8.1.3, which should be live now. Let me know if anything still seems off!

Hi Razvan,

I’m a little confused on what exactly you’re asking for on this one. Are you just asking for another checkbox for just “is user logged-in”? If so, I can add that no problem

Hi Funky, I was able to recreate that issue – I’ll get an update pushed out today that fixes it. Thanks for pointing that out!

Hi Juanteng,

Unfortunately I’m a bit confused on what exactly the issue is and where it lies. Are you using the most recent version, 1.8.1.1?

If so, could you try downgrading to 1.8.0.6 and seeing if the issue still persists? https://downloads.www.ads-software.com/plugin/content-mask.1.8.0.6.zip

Thanks for pointing that out. I’ve put out a patch, 1.8.1.1 that should take care of the problem. Let me know if it doesn’t, and I’ll take another look!

Hey there!

I don’t have access to the UserPro plugin, but I’ve built in a way to hide Masked Content from different user roles.

In the metabox on each page/post, you can now check the box next to the user role you want to hide the masked content from. This can also be done from the quick menu (the “…”) in the admin page. Just click on “Role Permissions”, check the roles you want to <b>hide</b> the content from, and click finish!

If that UserPro plugin uses standard WordPress roles, it should work. If not, let me know and we can collaborate a bit more.

Thanks for the suggestion!

Oooh, that’s an issue I haven’t come across yet!

The Iframe method basically replaces the entire page markup with a full page iframe, which would bypass restrictions like that. The only restrictions it does follow is the native “password restricted post” one.

There are a ton of plugins/themes that integrate roles differently – would it be a workable solution to add a “restrict this content to these roles” on a per-page basis? Basically when you edit the mask, have a list of checkboxes/toggles that would allow it to show or not based on certain roles?

If so, I think I could make that happen and push it out in an update this week?

Unfortunately, there really isn’t a way to do what you’re asking. When the user visits yoursite.com/masked-page, your website is making a request to masked-page.com, so those headers will be the ones that are sent along.

There isn’t a way to pass the user’s request headers straight through to the masked-page.com because there’s no way to validate the User’s headers as a traditional request because TCP relies on a 3-way handshake. (this would require yoursite.com to pass the User’s headers (IP address, User-Agent, etc) along, but this could all be spoofed.

So really, the way I see it, is there are 3 ways to do what you’re asking.

1 – If you edit the page and go down to the “Content Mask Settings” meta box, you can place a small invisible iframe in the “Footer Scripts” section: <iframe style="width:1px;height:1px;opacity:0;visibility:hidden;pointer-events:none;position:absolute;z-index:-2;" src="https://url-to-mask.com"></iframe>. This would introduce a small, invisible iframe into the code. The source code displayed to the user would still be from the download method, but that hidden iframe would complete a traditional HTTP request for the user, including their current IP Address, user agent, cookies, etc.

2 – Use the Iframe method. The Iframe method is designed to be a full screen, scrolling iframe matched to the size of the window, so it acts like the website that’s being masked. The only way to tell that the content is being iframed is to inspect the source code – but when used properly and with content you have license to mask, this shouldn’t be an issue. It doesn’t look like an iframe to the end-user.

3 – I could look at building in another option that would pass the Headers and Server variables in a simple cURL POST request. This would require custom programming on my end in the plugin, as well as on your end (assuming you control the website that’s being masked, not just the one that has Content Mask installed) so you could parse the POST request and do what you wish with those variables.

It looks like you’re using the Download method. Unfortunately that’s part of how the download method works:

– Somebody visits your Masked page.
– Your website checks to see if it has a valid cache.
– If not, your website makes a request to the Mask URL, reads the content, and caches it
– Your website then displays the cached page to the visitor.

That’s why the user’s IP address isn’t showing. You’ll need to change from the Download method to the Iframe method in order to have the user’s request headers sent to the website.

Thanks for pointing that out! I’ve pushed out an update to version 1.8.0.6 that should take care of that. Let me know if it doesn’t work for you or if you notice anything else!

Hi Joe,

Can you send me a link to the URL with the iframe on it (also, can you change it to the iframe instead of redirect, so I can see what it’s doing)? You can send it to me here if you don’t want it public. I’d be happy to take a look for you!