#wordpress 2019-05-27
2019-05-27 UTC
gRegorLove, [tantek], gRegorLove_, [tonz] and jeremych_ joined the channel
# [tonz] Maybe one of you here has a suggestion of where to look for a diagnosis/answer: https://meso.tzyl.nl is a fresh WP install with IndieAuth / MicroPub / Yarns / Webmentions enabled. IndieAuth plugin reports “Authorization Header Found. You should be able to use all clients.” Yet when I try Monocle I get a 403 forbidden unauthorized. I had that before in my real blog, but then IndieAuth also reported issues, and I solved it with adding a r
[jgmac1106] and [tonz] joined the channel
# [tonz] no. just https://meso.tzyl.nl
[Rose] joined the channel
# [tonz] [Mon May 27 14:18:33.673269 2019] [:error] [pid 1311067] [client 2001:1690:22:200::41:56480] [client 2001:1690:22:200::41] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_HEADERS. [file “/etc/httpd/modsecurity.d/modsecurity_crs_21_protocol_anomalies.conf”] [line “48"] [id “960009”] [msg “Request Missing a User Agent Header”] [severity “WARNING”] [tag “PROTOCOL_VIOLATION/MISSING_HEADER”] [hostname “meso.tzyl.nl
[grantcodes] joined the channel
[frank], [grantcodes] and jackjamieson joined the channel
# jackjamieson Hi GWG, how's it going?
cambridgeport90 joined the channel
# jackjamieson Oh right, I forgot it's a holiday in the States
# cambridgeport90 Has anyone else been experiencing the issue with the ActivityPub plugin where follow requests seem to need approval? I've got that issue right now, and haven't quite figured out how to fix it. I've seen that it's sort of one of those random things.
# jackjamieson GWG, what's the fatwigoo problem?
# Loqi Fatwigoo is an embedded SVG image that depends on (external) CSS for its width https://indieweb.org/Fatwigoo
# jackjamieson Ah, interesting
# jackjamieson Yeah, I'm not sure how to balance it. I can think of plenty of cases in which preserving style attributes is useful, and just as many where it can cause problems
# cambridgeport90 I've seen some weird things with styles in feeds, too.
# jackjamieson Yep, there's bound to be a compromise. Overall improving the sanitization isn't a top priority for me right now because I've got plenty of lower hanging fruit to take care of first
# jackjamieson GWG, I wonder if there are also cases where Yarns' needs diverge from those of Post Kinds (or other potential users of Parse-This). i.e. if Yarns should perform additional sanitization after Parse-This is done (or if Parse-This should have accept arguments to customize its sanitization). Do you think this is the case?
# cambridgeport90 What sorts of plugins are you creating?
# jackjamieson cambridgepost90, I'm working on a Microsub Server called Yarns. It uses a library called Parse-This, which GWG built. Parse-This originates from GWG's IndieWeb Post Kinds plugin, and he turned it into a library since my plugin has similar parsing needs
# jackjamieson cambridgeport90, Oops, sorry I had a typo in your name in my last message
# jackjamieson Sorry I can't be much help with your ActivityPub plugin question, I haven't used it yet (I keep meaning to check out ActivityPub more closely but get distracted by other things)
# jackjamieson GWG, I'm going to disappear into a distraction-free writing bubble (hopefully for the rest of the day). I've got some time earmarked for development tomorrow - I think I'll see about improving search speed, so I'll let you know if I figure anything out that could be pulled back into Parse-This
[tonz], dougbeal|mb1 and cambridgeport90 joined the channel
# cambridgeport90 I'm not creating anything as of yet, though my language goals right now are PHP and C#; want to see if I can add some Indieweb stuff to one of the C# blogging platforms. But until then, I'm using wordpress. The thing also that I'm having with activityPub is that posts are not getting visible. If you key into a mastodon/Pleroma/Friendica search field, cambridgeport90@cambridgeport90.net, you should find me, though not sure whether or
# cambridgeport90 find any posts there.
# cambridgeport90 I was wondering the reasons for parse-this.
[jgmac1106] joined the channel
# [jgmac1106] Something always happened with my shared host that caused a timeout with Bridgy Fed or the OStatus WP plugins
[cleverdevil], [schmarty] and [frank] joined the channel
# doubleloop cambridgeport90: have you posted any notes since you added the ActivityPub plugin?
# doubleloop Only new posts will appear in your ActivityPub feed (I think)
[tantek], [eddie] and [tonz] joined the channel
# [tonz] ok, looked a bit more at the error logs of my WP sandbox https://meso.tzyl.nl I tried to login from Quill. Quill reports successful autorisation, but gets no token it seems. The error log shows [Mon May 27 21:28:19.612420 2019] [:error] [pid 1427562] [client 173.230.155.197:41916] [client 173.230.155.197] ModSecurity: Warning. Match of “beginsWith %
{request_headers.host}
” against “TX:1" required. [file# [tonz] “/etc/httpd/modsecurity.d/modsecurity_crs_40_generic_attacks.confâ€�] [line “163"] [id “950120â€�] [rev “3"] [msg “Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Linkâ€�] [data “Matched Data: https://quill.p3k.io/ found within TX:1: quill.p3k.io/“] [severity “CRITICALâ€�] [ver “OWASP_CRS/2.2.9"] [maturity “9â€�] [accuracy “9"] [tag “OWASP_CRS/WEB_ATTACK/RFIâ€�] [hostname “meso.tzyl.nlâ€�] [uri â€
# [tonz] [Mon May 27 21:28:21.794309 2019] [:error] [pid 1461351] [client 173.230.155.197:41930] [client 173.230.155.197] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_HEADERS. [file “/etc/httpd/modsecurity.d/modsecurity_crs_21_protocol_anomalies.conf”] [line “48"] [id “960009”] [msg “Request Missing a User Agent Header”] [severity “WARNING”] [tag “PROTOCOL_VIOLATION/MISSING_HEADER”] [hostname “meso.tzyl.nl”] [uri
voxpelli and [grantcodes] joined the channel
[Rose], [manton], gRegorLove_ and [tantek] joined the channel