Micha
Forum Replies Created
-
Thew new version checks for Permissions-Policy correctly, many thanks for the quick fix.
Issue solved, best regards,
Micha
Forum: Fixing WordPress
In reply to: All ?author= pages return 404Issue solved, Wordfence has the brute-force protection setting “Prevent discovery of usernames through ‘/?author=N’ scans, the oEmbed API, the WordPress REST API, and WordPress XML Sitemaps”, which blocks those pages. I thought I tested it with Wordfence disabled, but either some cache still blocked it or I did something wrong.
Many thanks, yep sounds reasonable to expect both headers for a while, if one wants to max out the sites security.
I’ll verify and report back, once the release is available.
The file we use here is a fork of the i18n.js file from WordPress, which also doesn’t include semicolons at the end of those lines.
Ah I see. I opened a pull request on GitHub to address this in the WordPress code: https://github.com/WordPress/WordPress/pull/540
A lot of modern minifiers (i.e. UglifyJS) actually parse JavaScript and output code that is functionally compatible rather than just performing text operations like removing line breaks.
You’re right, it generally makes sense to have such done at the minifier, which also allows more throughout minifying, like changed internal function and variable names, removing truly optional semicolons and such. We use the W3 Total Cache plugin which has the feature to automatically merge and minify JS scripts, obviously without handling line break removal in a smart way. To be true, the checkbox for line break removal even has a warning that it is not safe. I checked the used libs, and there seem to be two JS minifiers/wrappers
JSMin.phpandJSMinPlus.php, where the first seems to be a simpler version and the second states that it is “using a javascript parser”. Without investing more time, I’m not able to see which one is used (in which case). I’ll also raise the issue at W3 Total Cache devs, to probably have a better/safer minifier used.We have discussed minifying our own scripts and including them with Wordfence
Good idea. I personally often try to debug errors via
grep -r '<pattern>' /path/to/plugin/where minified scripts are a nightmare, but browsing the raw source code or using browser dev tools would do as well :).Thanks for the quick response. Let me know if I can help in any way :).