View Single Post
Old 05-15-2019, 07:22 PM
Triple A Racing Triple A Racing is offline

Join Date: Jul 2008
Location: Manchester UK
Posts: 996

Default Re: X-Cart 5.4.0 Public Beta is out

Please read other people's related threads / posts first. This post only relates to the public beta release > XC not any other XC release.
Originally Posted by Ruslan
About your question on MariaDB: X-Cart 5.4 is fully compatible with MariaDB 10.2.* and higher. It is just an issue with the requirements checker. We will fix it
That's been fixed and the install ran very smoothly this time (Dev Store in our signature below) Thank you.
Originally Posted by Ruslan
As to Nginx, you can find the "nginx.conf.sample" config in the root of your X-Cart store. It is an example of Nginx config for X-Cart 5.4. (It contains two versions of the config: with and without a web dir).We are unable to remove the .htaccess files from the X-Cart distribution package, but those files are blocked by Nginx config rule
location ~* (\.php$|\.htaccess$|\.git) {
deny all;
We referred to this, in post #5 then commented in post #7 of this thread, where we hopefully made our own thoughts clear.
As is currently provided, yes, there's definite progress, but we still think this is just a stick-on Nginx 'plaster' as opposed to being a pure, well designed Nginx only version of XC5
Originally Posted by Ruslan
As to CSP header, it is disabled by default because we cannot add rules for 3-d party modules. But we will prepare a tutorial with the proper directives for CSP in X-Cart 5.4.
We commented in post #7 of this thread. FWIW the default settings within ~/xcart/etc/config.php obviously do still remain as:
; Content-Security-Policy value ; ~ edit ~ content_security_policy = 'disabled'
The previous answer from @Ruslan shown above, relates to why.
However, we can't find the CSP tutorial yet (but we're assuming that this will be posted very soon?)
This CSP setup for XC5 tutorial IS needed to fully test this XC public beta release and provide useful feedback, especially, when using modules that may/will be effected by using CSP.
If / when needed by anybody, two useful reference links for CSP are these: Security Headers (site-test) and Scott Helme (CSP tagged articles)
Dev Store & Live Store: XC Business
Server; Ubuntu 20.04.2 LTS (HWE 5.8.0-63.71 Kernel) / Plesk Obsidian
Nginx 1.20.1 / Apache 2.4.41 (Ubuntu Backported) / MariaDB 10.5.11 / PHP 7.4.21
Reply With Quote