Opened 6 years ago
Closed 6 years ago
#45190 closed defect (bug) (fixed)
Blank screen for WP 5.0 beta on a web host with a Mod_Security conflict
Reported by: | designsimply | Owned by: | |
---|---|---|---|
Milestone: | 5.0 | Priority: | normal |
Severity: | normal | Version: | |
Component: | Editor | Keywords: | fixed-5.0 |
Focuses: | Cc: |
Description
I'm posting this here as documentation for an issue that breaks the editor due to a mod_sec
rule triggering for the wp-polyfill-ecmascript.min.js
(on Bluehost in my case but other hosts may be affected) and to see whether anything can be done from the WP side to either help alleviate the problem or show a useful error message such as passing through the error that is seen when you try to load the blocked file directly (this might not be possible in context).
Steps to reproduce:
- Install WP 5.0 beta on any host which has a
Mod_Security
rule blocking the wordecmascript
. - Go to Posts > Add New.
Result: completely white screen.
Console panel contains:
JQMIGRATE: Migrate is installed, version 1.4.1 load-scripts.php:9:542 Loading failed for the <script> with source “https://madefortesting.com/wp-includes/js/dist/vendor/wp-polyfill-ecmascript.min.js?ver=5.0-beta1-43823”. post.php:73 [Show/hide message details.] ReferenceError: regeneratorRuntime is not defined[Learn More] api-fetch.min.js:1:3589 [Show/hide message details.] TypeError: wp.apiFetch is undefined[Learn More] post.php:1607:1 [Show/hide message details.] ReferenceError: regeneratorRuntime is not defined[Learn More] data.min.js:1:14145 [Show/hide message details.] ReferenceError: regeneratorRuntime is not defined[Learn More] core-data.min.js:1:6442 [Show/hide message details.] ReferenceError: regeneratorRuntime is not defined[Learn More] editor.min.js:55:45558 [Show/hide message details.] TypeError: Object(...) is not a function[Learn More] block-library.min.js:12:9498 [Show/hide message details.] TypeError: Object(...)(...) is undefined[Learn More] edit-post.min.js:12:19442 [Show/hide message details.] TypeError: wp.editPost is undefined[Learn More] post.php:1680:4 window._wpLoadBlockEditor</< https://madefortesting.com/wp-admin/post.php:1680:4
Since the console messages say wp-polyfill-ecmascript.min.js
could not be loaded, I tried loading https://madefortesting.com/wp-includes/js/dist/vendor/wp-polyfill-ecmascript.min.js?ver=5.0-beta1-43823 directly and saw this:
Not Acceptable!
An appropriate representation of the requested resource could not be found on this server. This error was generated by Mod_Security.
I have reached out to Bluehost to see if the Mod_Security
rule can be modified to allow the wp-polyfill-ecmascript.min.js
file to load.
Attachments (2)
Change History (14)
This ticket was mentioned in Slack in #hosting-community by ataylorme. View the logs.
6 years ago
#4
@
6 years ago
Ace. ❤️ for renaming the file. I will circle back and close this once the file is renamed and the update has been tested after that.
The question about whether or not it's possible to add a notice instead of a blank screen still stands (in case there's anything that can be done!).
#5
@
6 years ago
Hi, I observe similar blank screen when trying to edit (normal) a post edited previously with gutenberg. Please find error and line in javascript log (post.php) of my Safari (test with WP beta3-43876 on a clean install on MAMP)
TypeError: undefined is not an object (evaluating 'window._wpLoadBlockEditor.then')
<script type='text/javascript'>
window._wpLoadBlockEditor.then( function() {
wp.data.dispatch( 'core/edit-post' ).setAvailableMetaBoxesPerLocation( {"side":[],"normal":[],"advanced":[]} );
} );
</script>
Cheers,
#7
@
6 years ago
The GitHub issue referenced above, https://github.com/WordPress/gutenberg/issues/10075, has more information and the current progress on parts of this, in particular relating to the ecmascript
rulesets.
#8
@
6 years ago
Well, I figured out that I could disable one rule in the mod_security in Plesk. With the firewall switched on, using Gutenberg results in the following error (xxx for IP address)
[client xxx.xxx.xxx.xxx] ModSecurity: [file “/etc/httpd/conf/modsecurity.d/rules/tortix/modsec/50_plesk_basic_asl_rules.conf”] [line “253”] [id “33340149”] ..............
The ID of the rule is 33340149. If you set that as the ID to be ignored, then Gutenberg will work fine.
Just wanted to let you know. It seems that ‘they’ are working on a final solutions to avoid individual rule settings per site. But for now this is ok as a workaround.
There is an existing issue logged for this at https://github.com/WordPress/gutenberg/issues/10075
I'll just fill out with some other mod_sec rules we've observed for maximum coverage:
Those were the three I could recall the topics for, I don't know specific hosts, but I'm seeing one default plesk rule at least.