Meteotemplate Forum

Posted: **Mon Jan 14, 2019 10:46 pm**

I think I figured it out, I disabled Mime Sniffing Protection in PHP on the subdomain. Does that look right now?

Posted: **Mon Jan 14, 2019 10:48 pm**

Yeah, I'm scratching my head why. Looking at all my blocks and plugins I cant recreate what's happening on his block and plugn.

Posted: **Mon Jan 14, 2019 10:48 pm**

i got it!!

He did not have solar sensor!!

The plugin was waiting for the solar information.

Posted: **Mon Jan 14, 2019 10:49 pm**

YES!!! Look like ssGauges is working.

Posted: **Mon Jan 14, 2019 10:50 pm**

Damn, your right. Why didnt I think of that.

Posted: **Mon Jan 14, 2019 10:51 pm**

It has cached results so it was working.

Posted: **Mon Jan 14, 2019 10:53 pm**

No I'm pretty sure it was the Mime Sniffing Protection setting in PHP, if I toggle that back on it breaks. I did also disable the solar sensor as my station does not currently support that sensor type just in case.

Posted: **Mon Jan 14, 2019 10:54 pm**

Gatewayy wrote: ↑Mon Jan 14, 2019 10:46 pm I think I figured it out, I disabled Mime Sniffing Protection in PHP on the subdomain. Does that look right now?

Thats a new one for me. What are you using to feed you api.php?

Posted: **Mon Jan 14, 2019 10:55 pm**

Gatewayy wrote: ↑Mon Jan 14, 2019 10:53 pm No I'm pretty sure it was the Mime Sniffing Protection setting in PHP, if I toggle that back on it breaks. I did also disable the solar sensor as my station does not currently support that sensor type just in case.

Where is the"Mime Sniffing Protection setting in PHP" located at Sir?

Posted: **Mon Jan 14, 2019 10:58 pm**

I've never run across that issue. Good to know anyway.

Posted: **Mon Jan 14, 2019 11:07 pm**

I mis-typed, it isn't a PHP setting but rather its part of cross site/cross script vulnerabilities in Apache/Nginx. It is a pretty deep rabbit hole but I use a control panel called Runcloud that manages my web server, etc hosted on a VM with Digitalocean. and it has several security settings enabled by default for every site that you create.

: Greenshot 2019-01-14 17.06.38.png (40.25 KiB) Viewed 24140 times

Some very basic info on it can be purused here: https://geekflare.com/secure-mime-types ... e-options/

Posted: **Mon Jan 14, 2019 11:10 pm**

Thank you sir!

May I ask who your host is and Linux based or?

Posted: **Mon Jan 14, 2019 11:18 pm**

I looked at it quickly but can't find where the “nosniff” is inserted? In the index.html? or htaccess or is at your hosts control panel settings?

Posted: **Mon Jan 14, 2019 11:22 pm**

My host is Digitalocean: https://www.digitalocean.com/. I have multiple VMs running their but for my web server I am using their slightly above rock bottom Droplet plan:

1 vCPUs
2GB / 25GB Disk
Ubuntu 18.04 LTS

If you want to see all their pricing it is listed here: https://www.digitalocean.com/pricing/. If your interested in them I have a referral code that I can give out that gives you credits on your bill for the first few months their lower end plans.

The control panel is Rucloud: https://runcloud.io/. Basically it sets everything up so you have a secure and esy to maintain web server for PHP applications (but you can run anything else on their if you want). I am a Systems Admin/Engineer in my day job for Bass Pro and its noce to not have to get down into the weeds configuring things from the CLI for my hobby projects.

Posted: **Mon Jan 14, 2019 11:23 pm**

andyk1 wrote: ↑Mon Jan 14, 2019 11:18 pm I looked at it quickly but can't find where the “nosniff” is inserted? In the index.html? or htaccess or is at your hosts control panel settings?

I will look a little further when I get home to see where it is behind the scenes.

Posted: **Mon Jan 14, 2019 11:55 pm**

Dang.....I thought it was me....lol.

Knew i could not be that good!

lol

Posted: **Tue Jan 15, 2019 12:19 am**

Well I certainly learned something from this. Pretty much did the same troubleshooting you did but a new one on me. The lowering the PHP version was a good call. Beat me to it hahaha. Anyway I learned something new.

Posted: **Tue Jan 15, 2019 1:06 am**

In the end MIME sniffing has no threat to us as we do not accept data from users of any kind. We call data from specific sources, but users can't upload to us.

Posted: **Tue Jan 15, 2019 1:50 am**

Correct, Runcloud errs on the side of caution and is probably more paranoid than it needs to be.

Posted: **Tue Jan 15, 2019 4:44 am**

Ok I was able to locate it eventually. For my setup you see the following listed in /etc/nginx-rc/conf.d/WX.d/headers.conf the file contains the following if nosniff is enabled within Runcloud.

# Do not edit this file
# Editing this file manually might break RunCloud System
# If you think there is a bug, contact us at bug@runcloud.io

# Header option for security purpose
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff";

# HSTS
# HSTS DISABLED"

include /etc/nginx-rc/extra.d/WX.headers.*.conf;

Meteotemplate Forum

Steelseries Gauges don't work ?

Re: Steelseries Gauges don't work ?

Re: Steelseries Gauges don't work ?

Re: Steelseries Gauges don't work ?

Re: Steelseries Gauges don't work ?

Re: Steelseries Gauges don't work ?

Re: Steelseries Gauges don't work ?

Re: Steelseries Gauges don't work ?

Re: Steelseries Gauges don't work ?

Re: Steelseries Gauges don't work ?

Re: Steelseries Gauges don't work ?

Re: Steelseries Gauges don't work ?

Re: Steelseries Gauges don't work ?

Re: Steelseries Gauges don't work ?

Re: Steelseries Gauges don't work ?

Re: Steelseries Gauges don't work ?

Re: Steelseries Gauges don't work ?

Re: Steelseries Gauges don't work ?

Re: Steelseries Gauges don't work ?

Re: Steelseries Gauges don't work ?

Re: Steelseries Gauges don't work ?