Please read other people's related threads / posts first. This post only relates to the public beta release > XC 5.4.0.3
not any other XC release.
Quote:
Originally Posted by Ruslan
About your question on MariaDB: X-Cart 5.4 is fully compatible with MariaDB 10.2.* and higher. It is just an issue with the requirements checker. We will fix it
|
That's been fixed and the install ran very smoothly this time (Dev Store in our signature below) Thank you.
Quote:
Originally Posted by Ruslan
As to Nginx, you can find the "nginx.conf.sample" config in the root of your X-Cart store. It is an example of Nginx config for X-Cart 5.4. (It contains two versions of the config: with and without a web dir).We are unable to remove the .htaccess files from the X-Cart distribution package, but those files are blocked by Nginx config rule
-----
location ~* (\.php$|\.htaccess$|\.git) {
deny all;
}
-----
|
We referred to this, in
post #5 then commented in
post #7 of this thread, where we hopefully made our own thoughts clear.
As is currently provided, yes, there's definite progress, but we still think this is just a stick-on Nginx 'plaster' as opposed to being a pure, well designed Nginx only version of XC5
Quote:
Originally Posted by Ruslan
As to CSP header, it is disabled by default because we cannot add rules for 3-d party modules. But we will prepare a tutorial with the proper directives for CSP in X-Cart 5.4.
|
We commented in
post #7 of this thread. FWIW the default settings within ~/xcart/etc/config.php obviously do still remain as:
Code:
; Content-Security-Policy value
; ~ edit ~
content_security_policy = 'disabled'
The previous answer from @Ruslan shown above, relates to why.
However, we can't find the CSP tutorial yet (but we're assuming that this will be posted very soon?)
![Dancing](images/smilies/eusa_dance.gif)
This CSP setup for XC5 tutorial
IS needed to
fully test this XC 5.4.0.3 public beta release and provide useful feedback, especially, when using modules that may/will be effected by using CSP.
If / when needed by anybody, two useful reference links for CSP are these:
Security Headers (site-test) and
Scott Helme (CSP tagged articles)