Thanatermesis

Yes it touches the JS for optimization.

The example on the other thread is a single example of errors, on this case was about Youtube, but it affected many other things (matomo, youtube, google fonts, google analytics, etc…). This issue only happens when I use “default tracking mode” on matomo but not when I use “enter manually”

Yes I have tried to exclude it from autoptimize but the bug stills present, which is quite strange

In “Enable Tracking” options, seems like the bug happens using all the options except “Disabled” and “Enter manually”. Now, “Enter manually” -actually- inserts the tracking code just like the other options, but with this one, the bug doesn’t happen, what changes using this one instead of the other ones?

How to reproduce the issue:
* set wp-piwik to use “PHP API” and “Default Tracking” mode
* install “autoptimize” plugin (use any options on it)
* Bug: you will see many “content-security-policy” errors in the console, features not working on the website, and statistics not working at all
* switch to “enter manually” tracking code to compare that with this option there’s no bug

After backuping & restore the website many times in order to found “what changed” (so it worked before), I finally found what was the difference from when it worked before

Seems like only happens when I enable the option “PHP API” mode (instead of “HTTP API”) in the wp-piwik (matomo integration) plugin, note that the option of the plugin itself doesn’t cause the bug, the bug appears only when I enable autoptimize using this option, making many content-security-policy options to appear and blocking website features, so I think something happens with autoptimize parsing (with any options used) that is modified causing the issue

NOTE: if you want to try this plugin, you will be not able to reproduce it unless the configuration includes a valid connection to a matomo website, which requires to be installed locally on the same machine

I also reported the issue to wp-piwik on: https://www.ads-software.com/support/topic/php-api-mode-autoptimize-enabled-breaks-many-website-functionalities/

sorry, I cannot leave the plugin activated because of the many errors that appears in the js console, leaving many features of the website not working

note that these errors (content-security-policy restrictions) only appears when I activate the plugin, when is not activated everything works fine, very strange…

Mmh.. seems like i have many more errors, something about security (using nginx here), but the strange thing is that I have these errors only when activating autoptimize:
?

autoptimize_48700956…f25c5f8f25f.js:8397 Refused to load the script 'https://www.youtube.com/iframe_api' because it violates the following Content Security Policy directive: "default-src 'self' 'unsafe-inline' 'unsafe-eval'". Note that 'script-src-elem' was not explicitly set, so 'default-src' is used as a fallback.
videojs.Youtube.updateIframeSrc	@	autoptimize_48700956…f25c5f8f25f.js:8397
autoptimize_48700956…f25c5f8f25f.js:8393 VIDEOJS: ERROR: (CODE:0 MEDIA_ERR_CUSTOM)  
t.J
isTrusted: true
message: ""
Prototype: Object
autoptimize_48700956…f25c5f8f25f.js:8397 Refused to frame 'https://www.youtube.com/' because it violates the following Content Security Policy directive: "default-src 'self'". Note that 'frame-src' was not explicitly set, so 'default-src' is used as a fallback.
?

?
or:

Refused to load the stylesheet 'https://fonts.googleapis.com/css?family=Roboto%3A100%2C400%7CLato%3A400%2C700&display=swap' because it violates the following Content Security Policy directive: "default-src 'self' 'unsafe-inline' 'unsafe-eval'". Note that 'style-src-elem' was not explicitly set, so 'default-src' is used as a fallback.

Seems like ithemes cannot allow “execptions” since is a generic conf for this one, by other side seems like it works if in my nginx.conf file I add a previous rule before it. Let me post it here so it can be useful to others:

# allow wp-security to have the plugins directory disabled, but we need at least this one:
location ~ ^/wp-content/plugins/wp-youtube-lyte/lyteCache.php {
    include fastcgi_params;
    fastcgi_pass unix:/run/php/php7.4-fpm.sock;
    fastcgi_index  index.php;
    fastcgi_param  SCRIPT_FILENAME $document_root$fastcgi_script_name;
    fastcgi_param PATH_INFO $fastcgi_script_name;
}

_note the fastcgi_pass line, it needs to match your system configuration_

solved on the other plugin side

solved, thank you ??

Hi @jaysupport , thanks for your answer, I have verified everything and seems like the problem is with uFAQs somewhat:

* confirmed that there’s only one shortcode and has no relation with the other plugins, also note that the issue is on the individual pages, not in the main one
* tried to modify the individual FAQ pages to see what can trigger the issue (deleted all the contents, put them in a single category only, etc.. nothing changed)
* disabling microdata removes them entirely (it doesn’t turns to be “one” instead of 2 as duplicated)
* disabling Yoast plugin makes microdata to show correctly (so, only one instead of duplicated), the problem is that there’s no option in yoast to disable microdata
* the issue happened ONLY with the last update, nothing was modified in my uFAQs before that

So basically, uFAQs is creating a duplicated entry of microdata when yoast is enabled, because when the option of microdata in uFAQs is disabled there’s no microdata at all, so I think the plugin should detect the yoast plugin and on such case don’t include its own html output (because yoast will do it) ?

• This reply was modified 3 years, 11 months ago by Thanatermesis.
• This reply was modified 3 years, 11 months ago by Thanatermesis.

> Google Search Console error – Duplicate field “FAQPage”

Same problem here

Looking at the source code of the individual FAQ posts seems like there’s a (probably json) FAQPage entry duplicated in them, so google complains with errors

Note @djzen that “microdata” is needed for a correct seo / website ??

Can I disable local thumbnails from the plugin? mmh

My server is suffering some attacks recently and I need to strenght the security, the problem is that if I use youtube-lyte, the users are banned (ip blocked, no website showing up) when they load a page that contains youtube-lyte

I wonder if is not more simple to: “the shortcode returns the direct url to the image to show the thumbnail, instead of calling the php that calls the image”

Thank you

And the problem is that if someone enables this option, directly got banned from the website by iThemes because it detected that somebody tried to load a .php script in the plugin’s folder

Unfortunately not possible for this option: https://ibb.co/3zK2kzZ

Thanks a lot! I just updated the plugin and added the extra parameters and it works like a charm! ??

Result: https://www.elivecd.org

About the rel=0 parameter, humm… it looks like it correctly works? in my example it doesn’t show related videos, but it actually shows MORE videos of the same youtube account, which is much better than random-picking-other-videos ??

Thanks again!

Same problem, seems like there’s multiple issues with the options of the plugin

Like, the [ultimate-faqs] shortocde seems to include and excerpt or contents of the individual faq’s when you say to not show them (no accordion, no toggle, etc), these contents also looks like to be a cache’d version that I don’t know from where it comes, including old / broken content

This is also very bad for SEO since it includes duplicated contents if you want to have your FAQs in individual pages

No way to consider to upgrade to the Premium version since the plugin not works correctly, nobody wants to pay for something broken or bad quality