What would cause this plugin to stop working, code is showing up on my website headers?

[dialanerd]

What would cause this plugin to stop working? None of the code is showing up on my website headers?

Everything is enabled and it's the latest version https://github.com/zero-24/plg_system_httpheader I've uninstalled and reinstalled the plugin, but still no luck

Using Joomla 3.10 (to be upgraded), PHP8

[zero-24]

What happens when you do a downgrade to php7.x? and what exact version of php8.x is installed? Do you get any issues logged within your error log?

[dialanerd]

Using php 8.0.28, can't downgrade to php7 I'm not sure how to debug the site, I only use the Joomla frontend

From: Tobias Zulauf @.> Sent: Wednesday, April 12, 2023 12:27 PM To: zero-24/plg_system_httpheader @.> Cc: dialanerd @.>; Author @.> Subject: Re: [zero-24/plg_system_httpheader] What would cause this plugin to stop working, code is showing up on my website headers? (Issue #45)

What happens when you do a downgrade to php7.x? and what exact version of php8.x is installed? Do you get any issues logged within your error log?

- Reply to this email directly, view it on GitHubhttps://github.com/zero-24/plg_system_httpheader/issues/45#issuecomment-1505106792, or unsubscribehttps://github.com/notifications/unsubscribe-auth/A6YTKUXOIIM5AB5W2IWTW6DXA2GRRANCNFSM6AAAAAAW3PS56M. You are receiving this because you authored the thread.Message ID: @.**@.>>

[zero-24]

OK will try to setup an php 8.0 site on my end to make sure the plugin works there I was sure I have tested that before but will give it a try again.

[dialanerd]

Hi, for now I've added the follow code to my htaccess file. Can you recommend any additional changes to better the code while we try and figure out why the plugin isn't working?

Header set Content-Security-Policy "upgrade-insecure-requests" Header set Strict-Transport-Security "max-age=31536000; includeSubDomains" Header set X-Xss-Protection "1; mode=block" Header set X-Frame-Options "SAMEORIGIN" Header set X-Content-Type-Options "nosniff" Header set Referrer-Policy "strict-origin-when-cross-origin" Header set Permissions-Policy "geolocation=self"

From: Tobias Zulauf @.> Sent: Wednesday, April 12, 2023 1:31 PM To: zero-24/plg_system_httpheader @.> Cc: dialanerd @.>; Author @.> Subject: Re: [zero-24/plg_system_httpheader] What would cause this plugin to stop working, code is showing up on my website headers? (Issue #45)

OK will try to setup an php 8.0 site on my end to make sure the plugin works there I was sure I have tested that before but will give it a try again.

- Reply to this email directly, view it on GitHubhttps://github.com/zero-24/plg_system_httpheader/issues/45#issuecomment-1505193676, or unsubscribehttps://github.com/notifications/unsubscribe-auth/A6YTKUXZNSYDHCPLIKU2MSTXA2OBRANCNFSM6AAAAAAW3PS56M. You are receiving this because you authored the thread.Message ID: @.**@.>>

[zero-24]

Hmm to me it looks like the plugin is working on PHP 8.0 too:

Can you verify its not working using a page with the core template or would you be able to send me a backup so I can try to debug the issue on the site? redacted

[dialanerd]

Problem found = JCH Optimize Pro Page Cache conflict

When I disable JCH Optimize Pro Page Cache, the HTTP Headers plugin works fine. But when you enable the JCH Optimize Pro Page Cache, the plugin only works straight after you click on "clean cache" in JCH Optimize Pro and also delete everything within System "clear cache".

If you run https://securityheaders.com/ directly after clearing both Cache, the headers show up, but shortly afterwards, they disappear again once the cache starts to build up.

Here is a link to the plugin for testing: https://www.dropbox.com/sh/vckju3u278fn9vc/AADbWtj7rfOyMGSt12WuaI10a?dl=0 Let me know when you've downloaded the link so that I can delete it.

Is there a way of getting around this?

@.***

From: Tobias Zulauf @.> Sent: Wednesday, April 12, 2023 10:22 PM To: zero-24/plg_system_httpheader @.> Cc: dialanerd @.>; Author @.> Subject: Re: [zero-24/plg_system_httpheader] What would cause this plugin to stop working, code is showing up on my website headers? (Issue #45)

Hmm to me it looks like the plugin is working on PHP 8.0 too: [image]https://user-images.githubusercontent.com/2596554/231587546-2857406e-798a-4fb2-8442-c80177668c91.png

Can you verify its not working using a page with the core template or would you be able to send me a backup so I can try to debug the issue on the site? tobias.zulauf[at]community.joomla.org

- Reply to this email directly, view it on GitHubhttps://github.com/zero-24/plg_system_httpheader/issues/45#issuecomment-1505966303, or unsubscribehttps://github.com/notifications/unsubscribe-auth/A6YTKUWHKXENL5QLC565DQLXA4MIFANCNFSM6AAAAAAW3PS56M. You are receiving this because you authored the thread.Message ID: @.**@.>>

[zero-24]

When I disable JCH Optimize Pro Page Cache, the HTTP Headers plugin works fine.

Hmm best would here to reach out to the JCH People as I dont have any expirience with that plugin. It sounds like they do a full page cache and therefor ignore what we have set via the plugin. But this should not be the first extension expiriencing a similiar problem.

[zero-24]

Closing as the issue looks to be an issue with JCH and not this plugin. Thanks.