Polyfill ?

This topic contains 8 replies, has 2 voices, and was last updated by  Stephen Harris 3 months ago.

Viewing 9 posts - 1 through 9 (of 9 total)
  • Author
    Posts
  • #44073

    Hi,

    Is Event Organiser effected by this issue (when using google maps)?

    https://developers.google.com/maps/documentation/javascript/overview

    (I some reference to polyfill in the source code)

    Thanks!

    AK
    #44078

    Hi Anders,

    In short, no. As I understand it the issue is not with polyfill itself, but the domain that it is sometimes served from. It appears that polyfill.io has been acquired by a malicious actor, and they have altered the code that is being served. You’ll only be affected if you are using that domain to serve the polyfill library.

    By default WordPress bundles that library with its own source code, so you won’t be impacted. However, some plug-ins might change that to include it from a CDN either for performance reasons or to change the version being used. Event Organiser doesn’t do either of those things, and nor does it directly rely on the library.

    Stephen Harris
    #44156

    Hi Stephen,

    I just updated at my staging environment to latest WordPress + latest Event Organiser.
    When I create a test event and do a booking everything is working fine however I see an error in the browser console:
    GET jquery.min.js?ver3.7.1:2
    “wp-json/eventorg/v1/booking-session” 404 (Not Found)

    “responseJSON:”Booking not found”

    What could cause this?

    Thanks!

    AK
    #44164

    Hi again,

    I updated another site, and I don’t see the console error there at all.

    Do you have any clues as to why it appears on my other site? The functionality doesn’t seem to be affected; the form is submitted fine. However, the console error message appears after submission. Do you think it would be safe to just ignore it?

    …sorry about starting this question inside a different thread; It was not my intention.

    Thanks!

    AK
    #44165

    When a booking is made a session cookie is stored with the booking ID and a signature. This is so that if the page is refreshed you can still see the booking confirmation.

    The error you’re seeing indicates either that the eopBookingSession session cookie has not been set, or that there’s the been an error validating it, or that you don’t have permission to view the booking.

    Can you see that session cookie in your browser’s console after completing the booking? Are you doing this as a logged-in user or a guest user?

    Stephen Harris
    #44168

    I’m submitting the booking as a “not logged in”, public visitor.
    Yes, I can see that eopBookingSession is set after submission.
    If I refresh the browser (with #success in the url), the form is loaded again without the confirmation message, the GET, 404 message, in browser console is still present.

    AK
    #44171

    Hi again,

    I have been testing this from lots of different angles and I’m now pretty sure this is somehow related to the built in platform cache at WP Engine hosting.
    If I turn on “Password protection” for my staging site which completely disables all WP Engine cache, then the console error does not seem to appear.

    You mention “This is so that if the page is refreshed you can still see the booking confirmation.”
    Is there anything else that could risk be effected? (I can live with the fact that booking confirmation message will not persist on page refresh).
    …the form would still not be re-submitted on refresh?

    Thanks!

    AK
    #44199

    Could you please comment on whether, not being able to read the cookie eopBookingSession, risk effecting other functionality, outside the fact that the confirmation message is not displayed on reload?

    I tried excluding eopBookingSession -cookie from WP Engine platform cache and from what I can tell this makes the form work without that console error message. Would you recommend this approach?

    Thanks!

    AK
    #44204

    No, nothing else uses the booking session cookie.

    The booking form won’t resubmit upon refresh.

    If I recall the cookie was introduced to better support payment gateways which redirect you offsite and back again. Rather than encoding the booking ID in the redirect url a signed cookie is used. This had the side-effect that you could refresh the booking page and the confirmation message would persist.

    Stephen Harris
Viewing 9 posts - 1 through 9 (of 9 total)
To enable me to focus on Pro customers, only users who have a valid license for the Pro add-on may post new topics or replies in this forum. If you have a valid license, please log-in or register an account using the e-mail address you purchased the license with. If you don't you can purchase one here. Or there's always the WordPress repository forum.