WooCommerce – wc-ajax=get_refreshed_fragments 403 error

Home Forums BulletProof Security Pro WooCommerce – wc-ajax=get_refreshed_fragments 403 error

Viewing 3 posts - 1 through 3 (of 3 total)
  • Author
  • #28773
    AITpro Admin

    Email Question:
    Hi, I am creating a new site and have done this many times with BPS PRO but this time using 11.6.1 I keep getting this security error below. This happens when I access my site from any device. I have added everything else to the plugin firewall but this one doesnt look like I can add it. Please help me to resolve this.

    HTTP_REFERER: http://designyourownthings.uk/
    REQUEST_URI: /?wc-ajax=get_refreshed_fragments
    HTTP_USER_AGENT: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_1 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B435 Safari/600.1.4

    Many Thanks

    AITpro Admin

    When I check your website using Google Chrome Developer Tools I see this 403 error:

    Failed to load resource: the server responded with a status of 403 (Forbidden)

    When I click the URI|URL above I see this String loaded in the Browser Window:

    {"fragments":{"div.widget_shopping_cart_content":"<div class=\"widget_shopping_cart_content\">\n\n<ul class=\"cart_list product_list_widget \">\n\n\t\n\t\t<li class=\"empty\">No products in the basket.<\/li>\n\n\t\n<\/ul><!-- end product list -->\n\n\n<\/div>"},"cart_hash":""}

    The first thing that looks like a problem is this:  new lines \n and tabs \t are in the String.  So the question is should php trim() http://php.net/manual/en/function.trim.php be used to strip these characters out of the String?  The other question is the script is not being processed and is instead being outputted directly to the Browser Window as raw code, which appears to be an encoding issue/problem.

    Doing a Google search for this issue/problem I found this WooCommerce support forum topic:  https://wordpress.org/support/topic/wc-ajaxget_refreshed_fragments-1

    So what I think is happening is a security rule in BPS is blocking the new line characters in the String and there is another pre-existing problem with a WooCommerce script.  WooCommerce files involved:  /woocommerce/assets/js/frontend/cart-fragments.min.js and /woocommerce/includes/class-wc-ajax.php.  I have replied to your email and requested an Administrator login to this website to investigate this further.

    AITpro Admin

    The solution to prevent BPS from logging a 403 error for this WooCommerce issue is to whitelist the WooCommerce: wc-ajax=get_refreshed_fragments Query String.  See this forum topic for the solution:  http://forum.ait-pro.com/forums/topic/woocommerce-read-me-first/  This solution does not address the other WooCommerce issue of whether or not an Output Buffer or JSON encoding issue exists in WooCommerce and only takes BPS out of the equation so that BPS is not logging a 403 error for this WooCommerce issue.

    A possible solution to the other WooCommerce issues was posted here:  https://wordpress.org/support/topic/wc-ajaxget_refreshed_fragments-1?replies=31#post-8206445  The problem may or may not be related to the \n and \t characters in the String and may be another issue with Output Buffering or JSON encoding.

Viewing 3 posts - 1 through 3 (of 3 total)
  • You must be logged in to reply to this topic.