v3.2.2: Cart Module 403 Error Using sh404SEF

  • Posts: 284
  • Thank you received: 6
6 years 2 months ago #286716

-- url of the page with the problem -- : www.stacecosmetics.com/shop-online-now/p.../category_pathway-15
-- HikaShop version -- : 3.2.2
-- Joomla version -- : 3.8.3
-- Error-message(debug-mod must be tuned on) -- : 403 Access forbidden

sh404SEF version: 4.13.2.3783

After the last update the Hikashop Cart module has been throwing 403 Access forbidden errors when items are added to the cart or when items are deleted from the cart.

The only way to stop this is to change in the sh404SEF 'By Component' in configuration Hikashop to: 'Simple Encoding' or 'Leave as non-sef'.
This, of course, produces highly unwanted URLs.

I have left this site using 'Use default handler' and 'Use sh404sef plugin if available'.
You can see the error if you add or remove an item from the cart.
If you then hit refresh, the error clears and the cart is fine again.

This is affecting all the sites I have that are using Hikashop.

www.stacecosmetics.com/shop-online-now/p.../category_pathway-15

The browser Console is showing:

Uncaught SyntaxError: Unexpected token :
    at Object.updateElem (hikashop.js?v=322:302)
    at XMLHttpRequest.xhr.onreadystatechange (hikashop.js?v=322:208)
updateElem @ hikashop.js?v=322:302
xhr.onreadystatechange @ hikashop.js?v=322:208
XMLHttpRequest.send (async)
(anonymous) @ VM241:1
xRequest @ hikashop.js?v=322:217
(anonymous) @ category_pathway-15:3213
fireAjax @ hikashop.js?v=322:120
(anonymous) @ hikashop.js?v=322:1043
xhr.onreadystatechange @ hikashop.js?v=322:206
XMLHttpRequest.send (async)
(anonymous) @ VM241:1
xRequest @ hikashop.js?v=322:217
deleteFromCart @ hikashop.js?v=322:1034
onclick @ category_pathway-15:3250

Last edit: 6 years 2 months ago by MSTACE.

Please Log in or Create an account to join the conversation.

  • Posts: 25994
  • Thank you received: 4004
  • MODERATOR
6 years 2 months ago #286762

Hello,

403: Access Forbidden
Your location (FR) has been blacklisted.


Regards,


Jerome - Obsidev.com
HikaMarket & HikaSerial developer / HikaShop core dev team.

Also helping the HikaShop support team when having some time or couldn't sleep.
By the way, do not send me private message, use the "contact us" form instead.

Please Log in or Create an account to join the conversation.

  • Posts: 284
  • Thank you received: 6
6 years 2 months ago #286768

Sorry, the firewall blocked France. We get hit particularly hard from hackers in France.

It should be open now.

Please Log in or Create an account to join the conversation.

  • Posts: 81361
  • Thank you received: 13037
  • MODERATOR
6 years 1 month ago #286804

Hi,

I'm not able to reproduce the problem on your website.
I can add products to the cart, change their quantity there, remove them from the cart in the checkout.
In all the scenarii I've tested, it worked.
I used Chrome browser.
Do you have the same issue with different browsers ?
Did you change the sh404SEF setting you were talking about in your first message ?

Please Log in or Create an account to join the conversation.

  • Posts: 284
  • Thank you received: 6
6 years 1 month ago #286841

On Mac OS X 10.13.2, these browsers fail:

  • Chrome
  • Chrome Developer Edition
  • Firefox
  • Safari

It also fails on Safari and Chrome for iPhone on iPhone X.

It also fails on multiple Macs, not just one machine.

Also, noticed something about the URL:

If this is removed from the end of the URL, then the cart works without the error, however, you cannot delete items:
/category_pathway-15

www.stacecosmetics.com/shop-online-now/p.../category_pathway-15

Last edit: 6 years 1 month ago by MSTACE.

Please Log in or Create an account to join the conversation.

  • Posts: 81361
  • Thank you received: 13037
  • MODERATOR
6 years 1 month ago #286879

Hi,

I tried with both Firefox and Chrome on both mac and windows and I never got a 403 error on your website. And yes, I'm using the link you gave with the category_pathway.

I now do see a problme with your template not handling the tmpl-component parameter properly.
With the URL www.stacecosmetics.com/shop-online-now/p...5LTE1/tmpl-component I'm getting that page:
monosnap.com/file/VgJLupiWgOSiZhBObox14TwDBQzWmS
while it is supposed to look like that:
monosnap.com/file/RBpfzri4Ul5zdLc6Qg4nZ569qvA0bS
Because of that, when the cart module refreshes, it doesn't display properly:
monosnap.com/file/5zwC2Szm3wgegvUXtEvQKa6xTOQZiQ

Please Log in or Create an account to join the conversation.

  • Posts: 284
  • Thank you received: 6
6 years 1 month ago #286881

The problem is that this is happening with a myriad of templates.

All of my clients using Hikashop and sh404SEF are seeing this exact same issue.

Please Log in or Create an account to join the conversation.

  • Posts: 81361
  • Thank you received: 13037
  • MODERATOR
6 years 1 month ago #286884

Hi,

What problem ?
The 403 errors ? I don't see any ?
Or maybe you don't have that problem anymore and you're talking about the module refreshing issue I was talking in my last message ?
Also, rather than "a myriad of templates", could you try with the default template of Joomla ? It's the only way to be sure. Because if you test with tens of templates but they are all built on the same template framework, it doesn't mean that it's not coming from the template (or the template framework in that case).

Please Log in or Create an account to join the conversation.

  • Posts: 284
  • Thank you received: 6
6 years 1 month ago #286963

I updated the template to version 1.9 -- in which RocketTheme had fixed the head.php error.

However, the problem of the screen inside the cart window still exists (when product is added to the cart).
This time, though, there isn't any error of head.php (since it was fixed).

When I turn sh404SEF off completely, then the cart works perfectly, no issues.
There are also no console errors.

The console error and screen update issue only occurs when sh404SEF is enabled.

Last edit: 6 years 1 month ago by MSTACE.

Please Log in or Create an account to join the conversation.

  • Posts: 284
  • Thank you received: 6
6 years 1 month ago #286995

sh404SEF found the issue. Their patch worked too.
The generated URL length was longer than sh404SEF could handle.
But their new test worked.

"I have looked some more at it though debugging is hard as I can't basically reproduce the problem but I did notice something: Hikashop creates plenty of very long URLs for the add to cart operation (such as index.php?option=com_hikashop&ctrl=product&lang=en&module_id=238&module_type=cart&return_url=aHR0cHM6Ly93d3cuc3RhY2Vjb3NtZXRpY3MuY29tL3Nob3Atb25saW5lLW5vdy9wcm9kdWN0LzE0LW1pbmVyYWwtaC1kLXBvd2Rlci9jYXRlZ29yeV9wYXRod2F5LTI2&task=cart&tmpl=component) and some of them were truncated, ie the last part was for instance ...&task=cart&tmpl=co

Surely that would cause some issue somewhere, so I have deleted all those URLs. I think HIkashop is hitting the limit for URLs length in sh404SEF."

Please Log in or Create an account to join the conversation.

Time to create page: 0.078 seconds
Powered by Kunena Forum