View Single Post
  #7  
Old 04-19-2019, 07:24 AM
 
Triple A Racing Triple A Racing is offline
 

X-Wizard
  
Join Date: Jul 2008
Location: Manchester UK
Posts: 1,028
 

Default Re: X-Cart 5.4.0 Public Beta is out

Quote:
Originally Posted by Ruslan
....About your question on MariaDB: X-Cart 5.4 is fully compatible with MariaDB 10.2.* and higher. It is just an issue with the requirements checker. We will fix it
That's great. Thank you. We're assuming that a slightly revised public beta will be available soon
Quote:
Originally Posted by Ruslan
As to Nginx, you can find the "nginx.conf.sample" config in the root of your X-Cart store. It is an example of Nginx config for X-Cart 5.4. (It contains two versions of the config: with and without a web dir).
We are unable to remove the .htaccess files from the X-Cart distribution package, but those files are blocked by Nginx config rule
-----
location ~* (\.php$|\.htaccess$|\.git) {
deny all;
}
-----
We did see that file, but to be fair and rightly or wrongly we'd earmarked it as an configurable option, as opposed to a pure Nginx version of XC 5.4.*.* being made available for download (as per the previous forum link we'd posted). Not sure why there's any restriction in simply removing ALL the Apache .htaccess files and making a separate, pure Nginx only version available? As you know, all the .htaccess files won't work anyway, if the server setup is Nginx only, but they can still work perfectly well, with a couple of the available Nginx proxy / Apache setups, which is why we're assuming that XC have included the config rule.

The conventional approach to making different OS options being made available, is to provide separate, 'clean' downloads, which makes life easier for everybody (in our humble opinion anyway). As we're currently only at Public Beta stage, nobody would / could unintentionally, cause any XC 5 live store issues at this point in time, if the two different 'clean' downloads were made available could they? It is what it is currently however, so once the slightly revised public beta is made available, we'll run our own script to remove all the .htaccess files and create two clean versions. Meanwhile, thanks for clarifying the current Nginx position. Much appreciated.
Quote:
Originally Posted by Ruslan
As to CSP header, it is disabled by default because we cannot add rules for 3-d party modules. But we will prepare a tutorial with the proper directives for CSP in X-Cart 5.4
That's good news too, as this will slowly become a more important factor albeit people may still be unaware of that. A more encompassing option, might be... to include all the CSP data, as commented out text within the ~/etc/config.php file and/or the ~/etc/default.config.php file (as is the case with other items) But, with a link to the tutorial itself plus, a note advising users not to uncomment this data or, apply it via their own http header until a) they have read said tutorial and b) they have themselves verified, that any / all Non-XC provided XC5 modules will function as intended, when using this specific setup for CSP. Just a suggestion
__________________
Dev Store & Live Store XC Business 5.4.1.35
Server; Ubuntu 22.04.2 LTS (HWE 6.2.0.26.26 Kernel)) / Plesk Obsidian
Nginx 1.20.4 / Apache 2.4.52 (Ubuntu Backported) / MariaDB 10.11.4 / PHP 7.4.33
Reply With Quote