Jordan Miller Posted August 9, 2018 Posted August 9, 2018 FORUM: http://www.breatheheavy.com/exhale Hi there. I have spent weeks trying to figure this problem out, but I am going in circles. IPB support recommended I open a thread here because they are convinced the error is theme related. The theme developer says it's not the theme that is causing the issue. The firewall company, Sucuri, says it's not their fault either. I am out of options on where to turn, maybe you guys can help. When some users (Android) click a link from Facebook to my forum, they see this: https://scontent.flas1-1.fna.fbcdn.net/v/t1.0-9/38769188_10157592637040830_4188295052990087168_n.jpg I believe the error started to occur after SSL was enabled and is causing some mixup with Facebook's browser. Again, Sucuri, the company that added the SSL certificate, says it's not their fault but I can't confirm one way or the other. Does anyone have *any* idea what could be causing this error? I would be so, so appreciative if someone could help me fix this.
opentype Posted August 9, 2018 Posted August 9, 2018 How many users? How long ago was the SSL change? Could just be cache problem for those users. Essentially you would need to replicate the error yourself and look at the source code. Looks like the CSS files can’t be accessed for some reason. (or the cached links are outdated) By the way: the console is throwing quite a few errors that need attention:
Jordan Miller Posted August 9, 2018 Author Posted August 9, 2018 36 minutes ago, opentype said: How many users? How long ago was the SSL change? Could just be cache problem for those users. Essentially you would need to replicate the error yourself and look at the source code. Looks like the CSS files can’t be accessed for some reason. (or the cached links are outdated) By the way: the console is throwing quite a few errors that need attention: I have heard this error from at least 40 different people. I can't seem to replicate the error on my end since I have Apple products. It seems to be exclusive to Android. I have cleared the site's cache, asked users to clear their cache and still the same error. I personally think it's related to the theme, but the developer says he can't help right now because he has other projects. A lot of the errors began after SSL was enabled, as well as the recent update to IPB. ZEDO and MONU in the screen capture above are ad networks. Should I post a certain CSS file here? Any help would be greatly appreciated!
Joel R Posted August 9, 2018 Posted August 9, 2018 Are you perhaps passing your theme resources through a CDN? To check this, go to your ACP > Files > Storage Settings. The passthrough of theme files from the CDN might be broken with the SSL (or vice versa). Some other things to test in no particular order: 1. Switch to the default theme. I know the default IPS theme is blue and boring, but that can isolate the problem. 2. Check your server for the error logs.
Jordan Miller Posted August 9, 2018 Author Posted August 9, 2018 Let me message some of the users who are experiencing this issue to message me so I can coordinate with them when to switch the theme to the default to isolate. I tried this before, and it was still giving access errors, but I will try again. Here's the Storage settings:
Mark H Posted August 10, 2018 Posted August 10, 2018 EDIT: I missed that first screenshot. There's a double slash (which is not the correct format) in the second path, and it's a duplicate of the first entry except for that double-slash. ...public_html//exhale/uploads Change to the Storage Settings tab and make sure the resources are all set to use the first one, without the double-slash. Right now, based on the first screenshot, you have a mix of config usage. That may not fix the issue you report, but should be addressed anyway.
Jordan Miller Posted August 10, 2018 Author Posted August 10, 2018 Hey Mark. Does that include the settings that are currently set to "Database?" So, ALL should be the first option (the single slash)?
Joel R Posted August 10, 2018 Posted August 10, 2018 15 minutes ago, breatheheavy said: Hey Mark. Does that include the settings that are currently set to "Database?" So, ALL should be the first option (the single slash)? No In your second screenshot that shows the 3 storage methods, he's pointing out that one of your storage methods (the one with your double slashes) is superfluous. You should switch all storage settings (first screenshot) with the double slash to simply the one with the single slash. The ones assigned to "database" can stay that way. This won't solve your problem, but it's something that should be fixed anyways. For your original problem, I really think you need to contact your server administrator or host support to diagnose what's going on.
Jordan Miller Posted August 10, 2018 Author Posted August 10, 2018 Ok thanks. I switched it. I had to hire a developer to look into this because people still can't access the site. Here's what they said: Quote "Your issue is a result of the newly installed SSL. it's a synchronization issue. in SSL there is a beforeAction and afterAction clause and it looks at the timestamp of the device to verfiy whether or not it can establish a secure connection. this is actually on the device end (android), and it shouldnt be happening to all android devices unless the ssl is a very old version. if its not an unsupported version then its up to the client (the user) to update the devices timestamp. i know that is probably frustrating info, but i figured i would say something before you're hiring crooks claiming to correct the issue. the only thing that can be done is if the timestamp validation is disabled or, potentially, set to automatic might do the trick. however, i believe that would be on your ssl provider's end (not 100% sure on that). I would call them up and ask what options you have. https://security.stackexchange.com/questions/72866/what-role-does-clock-synchronization-play-in-ssl-communcation That's a pretty informative link to a similar issue. The only thing i could think of with it being on the design end, or backend, is a timestamp on the site. If its wordpress then the time of the site is within the settings. Just double check with your ssl company; worse case scenario i would revert back forntedting purposes. You'll want ssl eventually. Google is starting to rank sites with ssl, and you dont want your ranking to go down. Ask your ssl company about tsl, too. Its a slightly newer for of secure socket certification. Then Sucuri responded: Quote We already use TLS 1.2, infact we recently disabled the older versions, I have set "Force passing the hostname via TLS/SSL" but i don't see this is the issue, it still looks like some mixed content issue, this could only be confirmed with access to the logs from the facebook browser. It's possible though but very unlikely the host has it's time wrong, but that would be unlikely here, The firewall servers times are kept perfectly synchronized, if you supply root ssh access we can check and correct.
Jordan Miller Posted August 10, 2018 Author Posted August 10, 2018 I don't know what else to do. I had someone who is experiencing the issue work with me. I changed the IPB theme to default, it still did not work. They clicked the setting on Facebook: "Links open externally" the site worked. It's something with Facebook's browser and the SSL? http://prntscr.com/kh7gkw I also disabled the ads, and the site did not load when "Links open externally" was disabled. So it doesn't appear to be related to the ads. This all started once we enabled SSL. https://charlesr.co.uk/why-doesnt-my-site-display-properly-in-the-facebook-in-app-browser/
Jordan Miller Posted August 10, 2018 Author Posted August 10, 2018 Here's what my host manager said: Quote I ready the article you sent, and it talks about mixed content causing a problem. I know you used to have a mixed content problem, but you are getting a full lock, BUT that said, some threads are still loading content with not https connections. example:https://www.breatheheavy.com/exhale/index.php?/topic/762036-new-candid-britney-out-in-oslo-norway/https://cl.ly/472c2p3x3M3DYour page loads are also very odd in that it first starts to load looking like its missing CSS but then corrects itself.Again, not my area of expertise though. You would need to engage with a web dev to sort that out. So if a user posts an image that has "http" and not "https" it can cause the layout to break and not load in Facebook?
Optic14 Posted August 10, 2018 Posted August 10, 2018 @breatheheavy try disabling AJAX in your theme, looks like the Facebook in-app browser has issues with it. Also, can you also test with a HTTPS link vs a HTTP link in Facebook? Maybe something wrong during the redirect.
Jordan Miller Posted August 10, 2018 Author Posted August 10, 2018 9 minutes ago, Optic14 said: @breatheheavy try disabling AJAX in your theme, looks like the Facebook in-app browser has issues with it. Also, can you also test with a HTTPS link vs a HTTP link in Facebook? Maybe something wrong during the redirect. I disabled AJAX but a user still couldn't access the forums. I'm not sure. I don't have any http links? They all get converted to https right?
Optic14 Posted August 10, 2018 Posted August 10, 2018 Thanks for confirming. In your opening post your gave a HTTP link so just wanted to rule out whether Facebook in-app browser was having issues following the redirect: On 8/10/2018 at 3:59 AM, breatheheavy said: FORUM: http://www.breatheheavy.com/exhale Was just confirming how your users are accessing your links from Facebook.
Jordan Miller Posted August 12, 2018 Author Posted August 12, 2018 On 8/10/2018 at 4:36 PM, Optic14 said: Thanks for confirming. In your opening post your gave a HTTP link so just wanted to rule out whether Facebook in-app browser was having issues following the redirect: Was just confirming how your users are accessing your links from Facebook. They are having problems exclusively through Facebook. When they open the links on FB externally, the site loads. It's through FB's browser. We think it has to do with FB seeing the site is SSL, but seeing images or tweets that users post that include "http" and not "https" Is there ANY way to fix this? IPB suggests I contact Facebook, which I have, but they are notorious for never responding. I don't know what to do.
opentype Posted August 12, 2018 Posted August 12, 2018 5 minutes ago, breatheheavy said: We think it has to do with FB seeing the site is SSL, but seeing images or tweets that users post that include "http" and not "https". Is there ANY way to fix this? As I said before, it needs replication that needs to be inspected when it happens. Http resources IS a valid possibility. But we cannot just guess which resources those are. You need to check the specific URLs that are causing problems and find the specific files, which aren‘t loaded. Then, and only then could you identify the CAUSE of the problem. Everything else is guesswork and wild speculation. And as mentioned before, address your console errors! They clearly point to problems with specific services you added. Even ones specifically mentioned protocol problems. With 18 problems on a single page you can be happy the site is even showing for most users.
Jordan Miller Posted August 12, 2018 Author Posted August 12, 2018 1 hour ago, opentype said: As I said before, it needs replication that needs to be inspected when it happens. Http resources IS a valid possibility. But we cannot just guess which resources those are. You need to check the specific URLs that are causing problems and find the specific files, which aren‘t loaded. Then, and only then could you identify the CAUSE of the problem. Everything else is guesswork and wild speculation. And as mentioned before, address your console errors! They clearly point to problems with specific services you added. Even ones specifically mentioned protocol problems. With 18 problems on a single page you can be happy the site is even showing for most users. Most of those URLs appear to be ads on the site, but all of those links include https. But I also tried disabling all the ads and people still couldn't see the site. I'm not sure what I need to be replicating. It happens on any post I link to on FB to Android users. Is ANYONE available for me to hire and get this fixed? PLEASE!
Jordan Miller Posted August 13, 2018 Author Posted August 13, 2018 What if I just changed the setting in the config back to "http"? I'd rather have people at least see my forum then it be "secure" I guess.
Jordan Miller Posted August 13, 2018 Author Posted August 13, 2018 It appears any time I save a setting in the theme, it breaks for Android users viewing via Facebook's browser. I have to clear the forum's cache and it starts to work for some Android users again. Any idea why this could be? Doesn't matter what theme I am using btw - it breaks using the default theme, too.
Recommended Posts
Archived
This topic is now archived and is closed to further replies.