morris373

Hi
I just added the code below to header.php and it works especially in Facebook’s Sharing Debugger.

<meta property="og:image" content="https://friendsofllandyfeisantchurch.org/dinefwrpark/wp-content/uploads/2019/11/llandyfeisant-church-logofacebook.png" />
    <meta name="twitter:image" content="https://friendsofllandyfeisantchurch.org/dinefwrpark/wp-content/uploads/2019/11/llandyfeisant-church-logofacebook.png">

Colin

Hi
Is this a live website? If so why not post a link to that page you’re having problems with and you might stand a better chance of getting some help if we can see what is happening.

Kind regards

Morris

Hi Michael
Thanks for the link as that will come in handy.

I tried your suggestion and it worked.

Again thanks

Morris

Hi Vladimir
Thank you that worked, I worked from the su_box example.

Cheers for your prompt help.

Colin

Hi
What part of the plugin outputs this Inline CSS code?

Can anyone help please? Still can’t get Edge to work, it works however with the CSS change above but only InPrivate mode.

I have cleared the cookies and files but it still won’t accept the CSS changes. That will be a different issue with Edge but if the generated Inline CSS was fixed then it will work.

Thanks

Colin

I got it to work at last but only in a page but it doesn’t work in a template file.

<?php echo do_shortcode("[cmb_dropdown]"); ?>

Any ideas why it doesn’t work in a template file?

Morris

Hi Dimitar
You can also add samesite=lax or strict like below:

Header always edit Set-Cookie (.*) "$1;HttpOnly;Secure;samesite=lax"

Morris

Hi Dimitar
I found this piece of code on this website (https://www.tunetheweb.com/security/http-security-headers/secure-cookies/) that I added to the .htaccess file:

Header always edit Set-Cookie (.*) "$1;HttpOnly;Secure"

And it worked, the Observatory Results now gives me a Tick. When I check the Cookies section of the report both HttpOnly and Secure is ticked.

Test Scores now read: All cookies use the Secure flag, session cookies use the HttpOnly flag, and cross-origin restrictions are in place via the SameSite flag.

Maybe you could add that line into your plugin….

Morris

Hi Dimitar
Thank you for your quick reply.

I needed the 2nd one as I am using the .htaccess file.

I have added it in and saved the file.

The website results I need help with: https://observatory.mozilla.org/analyze/friendsofllandyfeisantchurch.org

When I run Observatory by Mozilla and under Test Scores, it says ‘Session cookie set without using the HttpOnly flag’. I thought by adding the lines above would have set it up correctly using HttpOnly.

Looking at the Cookies further down, PHPSESSID is not Secure or HttpOnly, also cf7mm_check is not Secure or HttpOnly either.

So I don’t understand with what’s going on or even if it has gone wrong somewhere. I did manage to add `Header set set-cookie path=/;secure;HttpOnly;samesite=lax and that shows up in the results.

How can we fix PHPSESSID and cf7mm_check to be secure and HttpOnly?

Morris

Hi
I missed out the number of pages to post so it took the required setting from Settings => Reading which was set to 2. So that’s why it only showed 2 items in the dropdown box.

So I have now added this line to the query:

'posts_per_page' => 18,

It now works.

I now need to know how to pass the value, which is a link to that particular page when I click ‘Submit’.

Thanks

Morris