Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Contact Form 7 not working with the plugin #15

Closed
mikoskinen opened this issue Aug 24, 2016 · 11 comments
Closed

Contact Form 7 not working with the plugin #15

mikoskinen opened this issue Aug 24, 2016 · 11 comments

Comments

@mikoskinen
Copy link

Thank you for the good plugin. Unfortunately we have encountered an issue with the plugin, namely that it doesn't seem to work with Contact Form 7.

Our contact forms work correctly when the user is logged in and as such bypasses the cache. When the user is anonymous, the contact form doesn't send anything (the icon just spins).

The contact form tries to send a POST request to the current page with data type json. I wonder if it's possible to adjust the cache plugin so that these kind of requests work?
@patrickebates
Copy link
Member

Are there only a few pages you use with this form? If so, have you tried placing the URLs in the Exclusions box of the plugin settings?

@mikoskinen
Copy link
Author

Thanks for the reply. Unfortunately the contact form is included in every page.

I wonder if the cache could be modified so that POST-actions always go through to the server.

@patrickebates
Copy link
Member

Certainly worth looking at. Such a change would need to be made within the IIS module, as it serves as the gatekeeper. Might also need to be made in this plugin as well, so the page is never written to cache.

I'll look into this. Also want to be certain we don't open up an attack vector by having a way to easily always bypass the cache.

@adamvanvliet adamvanvliet mentioned this issue Oct 9, 2016
Open
@adamvanvliet
Copy link

I needed a fix for this, see ProjectNami/ProjectNamiBlobCache#5

@patrickebates
Copy link
Member

Any thoughts on the question of security? I've held off making a change such as this for that reason. Yes, it needs to be done, but I haven't worked out a viable idea for preventing a tailored attack from killing the server.

@adamvanvliet
Copy link

Is it the responsibility of the cache to protect against that? I would imagine not returning from the cache for a post would be more desirable. What about some configuration options?

@awaycott
Copy link

Has this been fixed or a workaround figured out? I just found this issue after launching my site!

@awaycott
Copy link

I applied the patch that @adamvanvliet proposed and my site is now working. Is this going to make it into an official release?

@patrickebates
Copy link
Member

We need to revisit that commit. We hesitated due to a use case we considered, but now I don't recall what it was right off.

@awaycott
Copy link

I agree with @adamvanvliet that security in this respect is not your problem. If we didn't have the cache installed, the same vulnerability would exist. It makes total sense that a POST wouldn't be served from cache...

@patrickebates
Copy link
Member

Closing item as POST is now ignored in both plugin and IIS module

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@mikoskinen @patrickebates @adamvanvliet @awaycott