( Latest versions: 2.9.3 Stable, compatible with Joomla 3.9.0+   &   0.9.3 Stable, compatible with WordPress 4+ )

Security of a solidres powered website

7 months 3 weeks ago #14330 by abosaleh
Security of a solidres powered website was created by abosaleh
I have been checking security of the website powered by solidres (hub) version and noticed that some browsers (e.g. Opera) will show a mixed content error and thus blocking some content.
Our website is SSL enabled (using Let's Encrypt).
To further check the website I used this tool: www.whynopadlock.com
This site returned a (Hard Failure) due to CSS missing file.
Page: templates/luxuria/theme.config.php (luxuria may be replaced with some other Solidres template)
in line No. 113, reading:
$this->addFile('css', 'css:custom.css');
This call is causing the (Hard Failure) reported above. I noticed that this file is missing from the system.
Thus I copied the file: custom.css.dist (at CSS folder) and renamed it to custom.css (although blank file)
And the problem was resolved.
To further inspect for more possible http content, I searched all website files and noticed the following:
No. 1: there are few external links to outside content using http. Example is using http_://twitter.com instead of "https_://twitter.com".
Also using http_://www.w3.org instead of https_://www.w3.org.
I am not very sure that such referrals could cause and vulnerability, but I think to fully secure the platform one shall make it as perfect as possible.
No. 2: In page: components/com_solidres_views/reservationasset/view.html.php
Line no.: 366 reading:
$this->document->addCustomTag('<meta property="og:url" content="' . JRoute::_('index.php?option=com_solidres&view=reservationasset&id=' . $this->item->id, true, true) . '"/>');
For some reason, the returned output URL from that statement is not https (it is http). When hard coding the url however; the issue is fixed.
I hope some solution to this case exists and that Solidres team may take care of the issue.

Have a great time

Please Log in or Create an account to join the conversation.

7 months 3 weeks ago #14334 by solidres
Replied by solidres on topic Security of a solidres powered website

This is actually very simple to solve, you can just rename the file custom.css.dist to custom.css and done.

The following user(s) said Thank You: abosaleh

Please Log in or Create an account to join the conversation.

Moderators: solidres
Powered by Kunena Forum

All the things you need to make your work easier. Did you like Solidres?