ianatkins

Output below, was run in a private browsing window:

Seems it’s not caching as the basket is empty?!

X Cache_control -> no Cache ( 3rd party woocommerce not cache due to null cart )

`

Also seems abit odd that the CDN replacements are run on an API request for JS, Fonts and CSS? ( guess media makes sense ).

Thanks.

<blockquote>03/08/22 15:46:15.553 [45.235.218.229:62970 1 gYI] ?? ------GET HTTP/1.1 (HTTPS) /wp-json/wc/v2/orders
03/08/22 15:46:15.553 [45.235.218.229:62970 1 gYI] Query String: page=1&per_page=100&status=pending&consumer_key=xxxxxx&consumer_secret=xxxxx
03/08/22 15:46:15.553 [45.235.218.229:62970 1 gYI] User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1 Safari/605.1.15
03/08/22 15:46:15.553 [45.235.218.229:62970 1 gYI] Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
03/08/22 15:46:15.553 [45.235.218.229:62970 1 gYI] Accept Encoding: gzip, deflate, br
03/08/22 15:46:15.553 [45.235.218.229:62970 1 gYI] X-LSCACHE: true
03/08/22 15:46:15.769 [45.235.218.229:62970 1 gYI] [Ctrl] X Cache_control -> private ( logged in user )
03/08/22 15:46:15.769 [45.235.218.229:62970 1 gYI] [Router] get_role: administrator
03/08/22 15:46:15.770 [45.235.218.229:62970 1 gYI] [Media] init
03/08/22 15:46:15.770 [45.235.218.229:62970 1 gYI] [Avatar] init
03/08/22 15:46:15.770 [45.235.218.229:62970 1 gYI] [LQIP] init
03/08/22 15:46:15.770 [45.235.218.229:62970 1 gYI] [CDN] init
03/08/22 15:46:15.770 [45.235.218.229:62970 1 gYI] [CDN] mapping inc_img -> https://cdn.domain.com/
03/08/22 15:46:15.770 [45.235.218.229:62970 1 gYI] [CDN] mapping inc_css -> https://cdn.domain.com/
03/08/22 15:46:15.770 [45.235.218.229:62970 1 gYI] [CDN] mapping inc_js -> https://cdn.domain.com/
03/08/22 15:46:15.770 [45.235.218.229:62970 1 gYI] [CDN] mapping .aac,.css,.eot,.gif,.jpeg,.js,.jpg,.less,.mp3,.mp4,.ogg,.otf,.pdf,.png,.svg,.ttf,.woff -> https://cdn.domain.com/
03/08/22 15:46:15.771 [45.235.218.229:62970 1 gYI] ? Task init
03/08/22 15:46:15.771 [45.235.218.229:62970 1 gYI] [Router] LSCWP_CTRL bypassed empty
03/08/22 15:46:15.771 [45.235.218.229:62970 1 gYI] [GUI] init
03/08/22 15:46:15.837 [45.235.218.229:62970 1 gYI] [Ctrl] X Cache_control init on
03/08/22 15:46:15.911 [45.235.218.229:62970 1 gYI] [REST] ? Internal REST ON [filter] rest_request_before_callbacks
03/08/22 15:46:15.914 [45.235.218.229:62970 1 gYI] [REST] ? Internal REST OFF [filter] rest_request_after_callbacks
03/08/22 15:46:15.926 [45.235.218.229:62970 1 gYI] [Vary] Rest API init disabled vary change
03/08/22 15:46:16.023 [45.235.218.229:62970 1 gYI] [REST] ? Internal REST ON [filter] rest_request_before_callbacks
03/08/22 15:46:17.738 [45.235.218.229:62970 1 gYI] [REST] ? Internal REST OFF [filter] rest_request_after_callbacks
03/08/22 15:46:17.742 [45.235.218.229:62970 1 gYI] ?? [Tag] Add --- HTTP.200
03/08/22 15:46:17.745 [45.235.218.229:62970 1 gYI] [Core] CHK html bypass: miss footer const
03/08/22 15:46:17.746 [45.235.218.229:62970 1 gYI] [Ctrl] X Cache_control -> no Cache ( 3rd party woocommerce not cache due to null cart ) => LiteSpeed\Control::set_nocache(( 3rd party woocommerce not cache due to null cart ))@362 => WP_Hook->apply_filters(,ARRAY)@307 => WP_Hook->do_action(ARRAY)@331 => 
/home/gallinee/public_html/wp-content/plugins/litespeed-cache/thirdparty/woocommerce.cls.php@474 => LiteSpeed\Thirdparty\WooCommerce->set_control()@613 => WP_Hook->apply_filters(,ARRAY)@307
03/08/22 15:46:17.746 [45.235.218.229:62970 1 gYI] [Ctrl] not cacheable after api_control
03/08/22 15:46:17.746 [45.235.218.229:62970 1 gYI] [Vary] role in vary_group [group] 99
03/08/22 15:46:17.746 [45.235.218.229:62970 1 gYI] [Vary] show_admin_bar_front: true
03/08/22 15:46:17.746 [45.235.218.229:62970 1 gYI] [Vary] admin bar : true
03/08/22 15:46:17.747 [45.235.218.229:62970 1 gYI] [Vary] can_change_vary bypassed due to litespeed_can_change_vary hook
03/08/22 15:46:17.747 [45.235.218.229:62970 1 gYI] [Vary] no custimzed vary
03/08/22 15:46:17.747 [45.235.218.229:62970 1 gYI] [Core] Silence Comment due to REST/AJAX
03/08/22 15:46:17.747 [45.235.218.229:62970 1 gYI] ?? X-LiteSpeed-Cache-Control: no-cache
03/08/22 15:46:17.749 [45.235.218.229:62970 1 gYI] [Core] CHK html bypass: miss footer const
03/08/22 15:46:17.749 [45.235.218.229:62970 1 gYI] [Media] bypass: Not frontend HTML type
03/08/22 15:46:17.749 [45.235.218.229:62970 1 gYI] GUI bypassed by no counter
03/08/22 15:46:17.749 [45.235.218.229:62970 1 gYI] CDN _finalize
03/08/22 15:46:17.749 [45.235.218.229:62970 1 gYI] [CDN] _replace_inline_css --- array (
'inc_img' => 'https://cdn.domain.com/',
'inc_css' => 'https://cdn.domain.com/',
'inc_js' => 'https://cdn.domain.com/',
'filetype' => true,
'.aac' => 'https://cdn.domain.com/',
'.css' => 'https://cdn.domain.com/',
'.eot' => 'https://cdn.domain.com/',
'.gif' => 'https://cdn.domain.com/',
'.jpeg' => 'https://cdn.domain.com/',
'.js' => 'https://cdn.domain.com/',
'.jpg' => 'https://cdn.domain.com/',
'.less' => 'https://cdn.domain.com/',
'.mp3' => 'https://cdn.domain.com/',
'.mp4' => 'https://cdn.domain.com/',
'.ogg' => 'https://cdn.domain.com/',
'.otf' => 'https://cdn.domain.com/',
'.pdf' => 'https://cdn.domain.com/',
'.png' => 'https://cdn.domain.com/',
'.svg' => 'https://cdn.domain.com/',
'.ttf' => 'https://cdn.domain.com/',
'.woff' => 'https://cdn.domain.com/',
)
03/08/22 15:46:17.749 [45.235.218.229:62970 1 gYI] [CDN] replace attribute .src
03/08/22 15:46:17.749 [45.235.218.229:62970 1 gYI] [CDN] replace attribute .data-src
03/08/22 15:46:17.749 [45.235.218.229:62970 1 gYI] [CDN] replace attribute .data-srcset
03/08/22 15:46:17.749 [45.235.218.229:62970 1 gYI] [CDN] replace attribute .href
03/08/22 15:46:17.750 [45.235.218.229:62970 1 gYI] [CDN] replace attribute .poster
03/08/22 15:46:17.750 [45.235.218.229:62970 1 gYI] [CDN] replace attribute source.srcset
03/08/22 15:46:17.750 [45.235.218.229:62970 1 gYI] End response</blockquote>

• This reply was modified 2 years, 8 months ago by ianatkins.
• This reply was modified 2 years, 8 months ago by ianatkins.
• This reply was modified 2 years, 8 months ago by Jan Dembowski.

Sorry missed that originally, my reply has been edited to include it.

Hi Qtkrk,

Request Headers:
https://pasteboard.co/hpxcoK213MaL.png

Response headers:
https://pasteboard.co/ewsBzJmIwJCR.png

Domain and consumer secret / key redacted.

Endpoint is /wp-json/wc/v2/orders

Would it be expected that Litespeed does normally cache WooCommerce API endpoints?

Thanks.

Ian.

• This reply was modified 2 years, 8 months ago by ianatkins.

Great thanks, I missed that filter when reviewing the code.

That’s ideal, thanks.

@cartpauj Don’t doubt there were good intentions, but was still left in the dark this side regardless of your efforts to communicate the change. Hence the idea to flag this – so some notification happens within the eco system. Good luck with the plugin moving forward.

@carike Thanks for the note on meta – have logged a ticket and putting it here for future reference if people stumble across this.
https://meta.trac.www.ads-software.com/ticket/5509

Hi Carike,

Thanks for the reply and the guidelines.

Think the privacy is a side point, think my main pain point was the lack of notification or transparency.

Personally puts me at ease that you are indeed reviewing the change of ownership – although I note there’s nothing specific in your guidelines about that. Just think it would be great that users are notified. Then they can review how that impacts them in terms of security, privacy or other concerns they may have.

Think for me – two things would address this easily.

1. A notification on the www.ads-software.com plugin page that the plugin has indeed changed ownership. I found it hard to even identify that – and with 100s of plugins over 100s of websites it’s a bit of an ask for developers to maintain a database of plugin ownership and track changes.

2. A notification on the plugin upgrade screen, and/or an admin notification.

Would imagine both of those would need to be a policy change and be issued in a the next new release of the plugin, under the new ownership.

Ultimately then – users are informed and can make informed decisions before it’s too late.

Also, lastly, not that my gripe is with this plugin specifically – but not sure how the new developer is not violating your guidelines, with an feedback nag that keeps popping back, a ‘Payments’ and ‘Addons’ screen that just push for the premium version and a addition to the Gutenberg editor that’s an non dismissible upgrade prompt. ( Some of those links also have UTM tracking tags ).

Guess moderation is nuanced, so perhaps still falls under the guidelines, don’t envy you guys having to draw the line somewhere!

Thanks.

Ian.

Good to hear there is some review process in place. Are there guidelines as for what you look for? Just think that as an end user the process just isn’t very transparent / obvious.

Re the privacy implications – not sure that relying on retrospectively noticing a change in ownership is really sufficient when it comes to GDPR. Think this is made more complex if the transfer of ownership changes from an EU entity to a non EU entity.

Also my clients tend to communicate who are data processors in their privacy statements – so when this changes ( via plugin ownership change ) – this would also need to be updated.

Or are you saying a change in plugin ownership trigger a requirement to revalidate consent for processing?

Whilst the members plugin doesn’t look to be doing anything malicious – think in the future another developer could chose to do – or change the privacy scope of the plugin.

Reviewing their privacy policy – I have noticed something that makes me uncomfortable – so will look for an alternative. Namely:
“If, however, we are going to use visitors’ personally identifiable information in a manner different from that stated at the time of collection we will notify users by posting a notice on our web site for 30 days.” – Given how little i’d be checking the developers website that’s a fairly broad caveat.

Thanks.

Ian

• This reply was modified 4 years ago by ianatkins.

Thanks Simon – thought as much but couldn’t find it mentioned anywhere. Kind of leaves a concerning dirty feeling that code we run can swap hands without any kind of notification, hope the WordPress ecosystem works something out for that.

Will switch to this fork that is free of the bloatware:
https://github.com/freshsystems/wp-permission-manager

@lumpysimon Also posted a bit of general post on this in the feedback forum – if it’s something that also concerns / bugs you:
https://www.ads-software.com/support/topic/plugins-changing-ownership-without-process-warning/

Thanks.

• This reply was modified 4 years ago by ianatkins.

+1 Will be removing / replacing the plugin soon if the feedback nag keeps appearing.

Hi Qtwrk,

No change unfortunately.

Perhaps not related the caching system after all.

Will try and put together a reduced test case and see if I can see what’s going on.

Thanks.

Ian.

Hi Qtwrk.

Ah found it, thanks – we’re running multisite so was in the multisite settings page. Sadly disabling all features doesn’t seem to resolve it. But is odd as fairly sure we didn’t have an issue before enabling the caching.

Link to where the images don’t load on iPhone:
https://kintzing.com/licensing/

And screenshot:
https://addedlovely.com/temp/screenshot.png

It’s like the image stops loading midway through, but in console I don’t see any network errors.

Thanks.

Ian.

• This reply was modified 4 years, 1 month ago by ianatkins.

Same here, rolling back to the previous version of the plugin resolves the issue in the meantime.

Our logo is in a custom template linked with an absolute URL.

Hi Florian,

Great thanks for confirming. Will feedback if we end up customising and using the plugin.

Best.

Ian.

@gabjam Haven’t started to delve into the project yet – but have run some test cases and successfully imported about 120k images into the media library without issue. Actioned first on localhost and then on our preferred host, SiteGround.

I used WordPress CLI to import quickly and without issue, so is going to be my route forward for importing:
https://developer.www.ads-software.com/cli/commands/media/import/

For testing purposes ended up importing the wp-content/uploads folder in on itself so the generated thumbnails increased the import file count with each run.

Happy to report back here once I get started on the projects and have a few GB’s imported.

@wfgerald Any thoughts on my queries, still getting these false positives.

Would be useful to know how to bulk ignore issues, if possible?

And to be able to see what your issue codes actually relate to, e.g. where I can look up the issue type code ‘Spam:HTML/No-JS-Class.rambling.7819’.

Thanks.

Ian