Willkommen Gast. Bitte Einloggen oder Registrieren
 
Sprache wählen:
 
  Last Script Version: 20

  ÜbersichtHilfeSuchenEinloggenRegistrieren  
 
Seitenindex umschalten Seiten: 1
Thema versenden Drucken
Problem tracking code with "nosniff" option (Gelesen: 5086 mal)
Aska29
YaBB Newbies
*
Offline



Beiträge: 5
Geschlecht: female
Problem tracking code with "nosniff" option
27.03.22 um 10:42:58
 
Hello, I bought the paid version of the software because I find it really great. And it corresponds to my expectations.

I used the following tracking code:
Code:
<script type="text/javascript" src="https://www.abri29.com/phpwebstat53/pws.php?mode=js"></script>
<script type="text/javascript" src="https://www.abri29.com/phpwebstat53/plugins/onclick/pws_file.php"></script>
<noscript><img src="https://abri29.com/phpwebstat53/pws.php?mode=img" style="border:0; width:1px; height:1px" alt="noscript-img"></noscript> 



Everything works fine, except when I use "header('X-Content-Type-Options: nosniff');" to reinforce the security of the website.
The problem is that the tracking code is blocked, here is what the debugger displays:
...

It detects "pws" files as text/html, and the tracking code says text/javascript.
the MIME type is not the sames and therefore the files are blocked.

How to adapt the tracking code, or the files concerned so that they are accepted by the X-Content-Type-Options: nosniff security option?

Thank you.  Zwinkernd
Zum Seitenanfang
 
Homepage  
IP gespeichert
 
Reimar
Administrator
*****
Offline



Beiträge: 1988
Geschlecht: male
Re: Problem tracking code with "nosniff" option
Antwort #1 - 28.03.22 um 20:42:47
 
Hi there,

we will analyze this case and come back to you.

Kind regards
Reimar
Zum Seitenanfang
 
 
IP gespeichert
 
Reimar
Administrator
*****
Offline



Beiträge: 1988
Geschlecht: male
Re: Problem tracking code with "nosniff" option
Antwort #2 - 28.03.22 um 21:07:27
 
First idea: is it possible for you to change the webserver configuration so that javascript resources will get the correct mim type in the Content-type header? It should be set to "text/javascript" instead of "text/html".

Let me further investigate this issue. Thanks for your patience.
Zum Seitenanfang
 
 
IP gespeichert
 
Reimar
Administrator
*****
Offline



Beiträge: 1988
Geschlecht: male
Re: Problem tracking code with "nosniff" option
Antwort #3 - 28.03.22 um 21:17:48
 
If you are using an Apache HTTP Webserver, you can use a ".htaccess" file within your root folder to set the correct content type as follows:

Code:
<IfModule mod_headers.c>

  <FilesMatch "\.(js)$">
    Header set Content-Type "text/javascript"
  </FilesMatch>

</IfModule>
 

Zum Seitenanfang
 
 
IP gespeichert
 
Aska29
YaBB Newbies
*
Offline



Beiträge: 5
Geschlecht: female
Re: Problem tracking code with "nosniff" option
Antwort #4 - 28.03.22 um 21:19:54
 
I use a shared hosting, I don't know if I have the possibility to change the webserver configuration. Or at least, I don't know how to change it.

Thank you for your answer, I love your product. This is the only point that blocks me a little. Because it is really a quick and practical solution to have the statistics of visits.

EDIT: I just got your last message, I will try to modify the .htaccess. I'll come back to you soon.
Zum Seitenanfang
 
Homepage  
IP gespeichert
 
Reimar
Administrator
*****
Offline



Beiträge: 1988
Geschlecht: male
Re: Problem tracking code with "nosniff" option
Antwort #5 - 28.03.22 um 21:23:58
 
We are very happy to hear that you like our stat solution !

You can also google for "mod headers set content type javascript".
That was my way to find a solution.
If it is not working, we have to make a deeper diving session Smiley
Just let us know.
Zum Seitenanfang
 
 
IP gespeichert
 
Aska29
YaBB Newbies
*
Offline



Beiträge: 5
Geschlecht: female
Re: Problem tracking code with "nosniff" option
Antwort #6 - 28.03.22 um 21:41:31
 
I have modified my .htaccess with your solution. I have cleared the cache.
here is a txt file that copy my .htaccess if you want to see :
https://abri29.com/pages/htaccess.txt

Edge dev console :
...
Vivaldi dev console :
...
Firefox dev console :
...

I think it doesn't solve the problem. I could remove this security setting, but it is recommended to use, so I hesitate.
Zum Seitenanfang
 
Homepage  
IP gespeichert
 
Reimar
Administrator
*****
Offline



Beiträge: 1988
Geschlecht: male
Re: Problem tracking code with "nosniff" option
Antwort #7 - 30.03.22 um 15:38:01
 
That is a pity to hear ... so we have to make a deep dive.
Let me check this and come back to you.
Please be patient, it takes a few days. Thanks.
Zum Seitenanfang
 
 
IP gespeichert
 
Aska29
YaBB Newbies
*
Offline



Beiträge: 5
Geschlecht: female
Re: Problem tracking code with "nosniff" option
Antwort #8 - 30.03.22 um 16:01:49
 
I have deactivated this security in the meantime, I only have a modest website, so it is not urgent. Zwinkernd
Take your time to see if something is possible in this case.
I think it will interest many people in the future, because the option "nosniff" on the headers is part of the security options that will be more and more common.
Anyway, thanks again for your answer and your help! Smiley
Zum Seitenanfang
 
Homepage  
IP gespeichert
 
Reimar
Administrator
*****
Offline



Beiträge: 1988
Geschlecht: male
Re: Problem tracking code with "nosniff" option
Antwort #9 - 01.04.22 um 22:18:19
 
Many thanks for your patience.

We analyzed the situation and found out the following. If you change your code from

Code (HTML):
<script type="text/javascript" src="https://www.abri29.com/phpwebstat53/pws.php?mode=js"></script>
<script type="text/javascript" src="https://www.abri29.com/phpwebstat53/plugins/onclick/pws_file.php"></script>
<noscript><img src="https://abri29.com/phpwebstat53/pws.php?mode=img" style="border:0; width:1px; height:1px" alt="noscript-img"></noscript>
 



to

Code (HTML):
<script src="https://www.abri29.com/phpwebstat53/pws.php?mode=js"></script>
<script src="https://www.abri29.com/phpwebstat53/plugins/onclick/pws_file.php"></script>
<noscript><img src="https://abri29.com/phpwebstat53/pws.php?mode=img" style="border:0; width:1px; height:1px" alt="noscript-img"></noscript>
 



So the difference is to exclude the parameter "type=text/javascript".

We hope this helps.
Zum Seitenanfang
 
 
IP gespeichert
 
Aska29
YaBB Newbies
*
Offline



Beiträge: 5
Geschlecht: female
Re: Problem tracking code with "nosniff" option
Antwort #10 - 02.04.22 um 00:49:50
 
a big thank you, everything is working now. Thanks for your help and this great software!
Zum Seitenanfang
 
Homepage  
IP gespeichert
 
Seitenindex umschalten Seiten: 1
Thema versenden Drucken