kdmonk1

H @bnadauld, Yes I got this resolved and it is showing a grade of "A". By making the change on your server, your headers will never change because you control them through your server. If you have a virtual or dedicated server, you should be able to access your .htaccess through root. If you have a shared server, you may need to contact your hosting company. If you have cPanel, you can fill out a ticket and they will assist as well.

Team, When I originally created this post everything was working well and I had a grade "A" from securityheaders.com. Months past by and I go to check my headers and I am at a grade of "F" on securityheaders.com. I have not updated my Prestashop website nor have I changed my .htaccess file. I reached out to cPanel and they stated the following: "I am able to see that these headers have been added to the .htaccess, however, they do not appear to be applying to the main website response provided by Prestashop. The headers still only contained: # curl -I https://mywebsite.com HTTP/1.1 200 OK Date: Fri, 09 Sep 2022 19:58:37 GMT Server: “ServerName” Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Set-Cookie: ...; domain=mywebsite.com; secure; HttpOnly; SameSite=Lax Set-Cookie: ...; expires=Thu, 29-Sep-2022 19:58:37 GMT; Max-Age=1727999; path=/; domain=mywebsite.com; secure; HttpOnly; SameSite=Lax Strict-Transport-Security: max-age=300; includeSubDomains; preload Content-Type: text/html; charset=utf-8 It appears that Prestashop may be stripping these headers from the main response, as a request made to any of the assets that is not processed by Prestashop directly has the headers being applied. For example, accessing the main CSS file (the theme) of your domain shows the correct headers: # curl -I https://mywebsite.com/themes/default/assets/cache/theme-7f31aa57.css HTTP/1.1 200 OK Date: Fri, 09 Sep 2022 20:01:35 GMT Server: “MyServer” Strict-Transport-Security: max-age=63072000; includeSubDomains X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-Xss-Protection: 1; mode=block Referrer-Policy: strict-origin-when-cross-origin Permissions-Policy: accelerometer=(self); ambient-light-sensor=(self); autoplay=(self); camera=(self); encrypted-media=(self); fullscreen=(self); geolocation=(self); gyroscope=(self); magnetometer=(self); microphone=(self); midi=(self); payment=(self); picture-in-picture=(*); speaker=(self); sync-xhr=(*); usb=(self); vr=(self); Last-Modified: Tue, 01 Feb 2022 12:41:23 GMT Accept-Ranges: bytes Content-Length: 696610 Cache-Control: max-age=63072000, public Expires: Fri, 16 Sep 2022 20:01:35 GMT Vary: Accept-Encoding Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET X-XSS-Protection: 1; mode=block Content-Type: text/css The logo image in your top header also has these headers being applied: # curl -I https://mywebsite.com/img/logo-1637629287.jpg HTTP/1.1 200 OK Date: Fri, 09 Sep 2022 20:03:38 GMT Server: “MyServer” Strict-Transport-Security: max-age=63072000; includeSubDomains X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-Xss-Protection: 1; mode=block Referrer-Policy: strict-origin-when-cross-origin Permissions-Policy: accelerometer=(self); ambient-light-sensor=(self); autoplay=(self); camera=(self); encrypted-media=(self); fullscreen=(self); geolocation=(self); gyroscope=(self); magnetometer=(self); microphone=(self); midi=(self); payment=(self); picture-in-picture=(*); speaker=(self); sync-xhr=(*); usb=(self); vr=(self); Last-Modified: Tue, 23 Nov 2021 01:01:27 GMT Accept-Ranges: bytes Content-Length: 3504 Cache-Control: max-age=63072000, public Expires: Sun, 09 Oct 2022 20:03:38 GMT Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET X-XSS-Protection: 1; mode=block Content-Type: image/jpeg Only responses returned from Prestashop directly appear to have these headers missing, which indicates that Prestashop may or may not be removing these headers to only return its own. We highly recommend placing these security headers in your Apache configuration instead of this website's .htaccess as well. Your .htaccess is regenerated by Prestashop when it needs to be, and these headers will likely be removed from this file when this occurs. Please see the following for information on this: How to add nosniif, CORS, HSTS, Clickjack, and X-Xss-Protection headers on a per domain basis. If you have cPanel you can access it to make the changes using this url: https://docs.cpanel.net/whm/service-configuration/include-editor/ If you have any additional questions or concerns, please let us know." Once I made the changes on my server, my security headers showed a grade of "A".

Forum Team, I am interested in obtaining a module that showcases a business directory sort of like what Prestashop has on its website for vendor modules. I know this is something out of the ordinary but looking to see if anyone has seen a module or a website that resembles the following before? First page would resemble this page: https://addons.prestashop.com/en/2-modules-prestashop Second page would look like this: https://addons.prestashop.com/en/data-migration-backup/8934-migrationpro-prestashop-upgrade-and-migrate-tool.html

Thanks @Aldeag, I will try it out. I believe the one I have sunnytoo created but we are removing the empty categories when all the products under that category are disabled.

@ChristosDs - Awesome job. I will try it out soon.

Hi Community, I would like to add customize urls to my current menu header if possible. The key is that these urls would need to live under that category. (Womens) Does anyone know what I can do to make this happen? Could I utilize Prestashop List Link feature in the menu to create customize urls under the Women category? ? I would prefer not to hardcode. Shop <---1st level category Women<---2nd level category Categories Top Brands Specialty Sizes <---3rd level categories under Women Dresses Plus Brand 1 Tops Maternity Brand 2 Sweaters Juniors Brand 3 Jeans Tall Brand 4 Pants Petite Brand 5 Skirts The "Categories" menu listed above with Dresses, Tops, sweaters, etc. is standard with Prestashop so that should work. Adding the customize urls Top Brands and Specialty Sizes would be the ask.

I am currently setting up a cronjob to disable a product when it is sold out. Is there a better way or better script that someone could assist me with? Right now when I run the cronjob, I am getting this error? Cronjob: /usr/local/bin/php "https://mywebsite.com/app/config/product_out_of_stock.php” > /dev/null Error after job runs: usr/local/cpanel/bin/jailshell: -c: line 0: unexpected EOF while looking for matching `"' /usr/local/cpanel/bin/jailshell: -c: line 1: syntax error: unexpected end of file product_out_of_stock.php <?php ini_set('display_errors', 1); $mysql_host = '127.0.0.1'; $mysql_database = 'database'; $mysql_user = 'user'; $mysql_password = 'password'; $db = new PDO("mysql:host=$mysql_host;dbname=$mysql_database", $mysql_user, $mysql_password); $sql = 'UPDATE ps_product_shop SET active=0 WHERE id_product IN (SELECT id_product FROM ps_stock_available WHERE quantity=0)'; $stmt = $db->prepare($sql); if($stmt->execute()){ echo "Success"; }else{ echo "Fail"; } ?>

I wanted to pass this on to someone that may need this. I am currently working off of Prestashop 1.7.8.0 / CPanel / Apache 4 / php7.3. If you use this htaccess code your security headers will pass with an "A" grade. There is one piece I am having trouble with and that is: Content-Security-Policy - I have this line commented out. I am still working on this one. My Recaptcha on the create login and contact us pages stopped working because of this line. Has something to do with CSP and inline code from Google. If anyone can figure this out please respond to the thread or if anyone has any updates to this htaccess please respond to the thread. Thanks! Note: Be sure to change all the urls "yourwebsiteurl.com" to your website url. If like to hear back if it works for anyone. URL to scan your headers: https://securityheaders.com/ # ~~start~~ Do not remove this comment, Prestashop will keep automatically the code outside this comment when .htaccess will be generated again # .htaccess automaticaly generated by PrestaShop e-commerce open-source solution # https://www.prestashop.com - https://www.prestashop.com/forums <IfModule mod_rewrite.c> <IfModule mod_env.c> SetEnv HTTP_MOD_REWRITE On </IfModule> RewriteEngine on #Domain: yourwebsiteurl.com RewriteRule . - [E=REWRITEBASE:/] RewriteRule ^api(?:/(.*))?$ %{ENV:REWRITEBASE}webservice/dispatcher.php?url=$1 [QSA,L] # Images RewriteCond %{HTTP_HOST} ^yourwebsiteurl.com$ RewriteRule ^([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ %{ENV:REWRITEBASE}img/p/$1/$1$2$3.jpg [L] RewriteCond %{HTTP_HOST} ^yourwebsiteurl.com$ RewriteRule ^([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ %{ENV:REWRITEBASE}img/p/$1/$2/$1$2$3$4.jpg [L] RewriteCond %{HTTP_HOST} ^yourwebsiteurl.com$ RewriteRule ^([0-9])([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ %{ENV:REWRITEBASE}img/p/$1/$2/$3/$1$2$3$4$5.jpg [L] RewriteCond %{HTTP_HOST} ^yourwebsiteurl.com$ RewriteRule ^([0-9])([0-9])([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ %{ENV:REWRITEBASE}img/p/$1/$2/$3/$4/$1$2$3$4$5$6.jpg [L] RewriteCond %{HTTP_HOST} ^yourwebsiteurl.com$ RewriteRule ^([0-9])([0-9])([0-9])([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ %{ENV:REWRITEBASE}img/p/$1/$2/$3/$4/$5/$1$2$3$4$5$6$7.jpg [L] RewriteCond %{HTTP_HOST} ^yourwebsiteurl.com$ RewriteRule ^([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ %{ENV:REWRITEBASE}img/p/$1/$2/$3/$4/$5/$6/$1$2$3$4$5$6$7$8.jpg [L] RewriteCond %{HTTP_HOST} ^yourwebsiteurl.com$ RewriteRule ^([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ %{ENV:REWRITEBASE}img/p/$1/$2/$3/$4/$5/$6/$7/$1$2$3$4$5$6$7$8$9.jpg [L] RewriteCond %{HTTP_HOST} ^yourwebsiteurl.com$ RewriteRule ^c/([0-9]+)(\-[\.*_a-zA-Z0-9-]*)(-[0-9]+)?/.+\.jpg$ %{ENV:REWRITEBASE}img/c/$1$2$3.jpg [L] RewriteCond %{HTTP_HOST} ^yourwebsiteurl.com$ RewriteRule ^c/([a-zA-Z_-]+)(-[0-9]+)?/.+\.jpg$ %{ENV:REWRITEBASE}img/c/$1$2.jpg [L] # AlphaImageLoader for IE and fancybox RewriteRule ^images_ie/?([^/]+)\.(jpe?g|png|gif)$ js/jquery/plugins/fancybox/images/$1.$2 [L] # Dispatcher RewriteCond %{REQUEST_FILENAME} -s [OR] RewriteCond %{REQUEST_FILENAME} -l [OR] RewriteCond %{REQUEST_FILENAME} -d RewriteRule ^.*$ - [NC,L] RewriteRule ^.*$ %{ENV:REWRITEBASE}index.php [NC,L] </IfModule> # Security Headers <IfModule mod_headers.c> Header set X-Content-Type-Options "nosniff" Header set X-XSS-Protection "1; mode=block" Header set X-Frame-Options "SAMEORIGIN" Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains" Header always set Referrer-Policy "strict-origin-when-cross-origin" Header set Expect-CT "enforce, max-age=604800" #Header set Content-Security-Policy "default-src script-src script-src 'nonce-uG2bsk6JIH923nsvp01n24KE' 'unsafe-inline' 'unsafe-eval' 'self';" Header always set Permissions-Policy "accelerometer=(self); ambient-light-sensor=(self); autoplay=(self); camera=(self); encrypted-media=(self); fullscreen=(self); geolocation=(self); gyroscope=(self); magnetometer=(self); microphone=(self); midi=(self); payment=(self); picture-in-picture=(*); speaker=(self); sync-xhr=(*); usb=(self); vr=(self);" Header always edit Set-Cookie (.*) "$1; HTTPOnly; Secure" Header set Connection keep-alive </IfModule> AddType application/vnd.ms-fontobject .eot AddType font/ttf .ttf AddType font/otf .otf AddType application/font-woff .woff AddType font/woff2 .woff2 <IfModule mod_headers.c> <FilesMatch "\.(ttf|ttc|otf|eot|woff|woff2|svg)$"> Header set Access-Control-Allow-Origin "*" </FilesMatch> <FilesMatch "\.pdf$"> Header set Content-Disposition "Attachment" </FilesMatch> </IfModule> <Files composer.lock> # Apache 2.2 <IfModule !mod_authz_core.c> Order deny,allow Deny from all </IfModule> # Apache 2.4 <IfModule mod_authz_core.c> Require all denied </IfModule> </Files> <IfModule mod_expires.c> #Activate ExpiresActive On #Activate ExpiresByType image/gif "access plus 1 month" ExpiresByType image/jpeg "access plus 1 month" ExpiresByType image/jpg "access plus 1 month" ExpiresByType image/png "access plus 1 month" ExpiresByType image/svg+xml "access plus 1 month" ExpiresByType image/x-icon "access plus 1 year" ExpiresByType image/svg+xml "access plus 1 year" ExpiresByType image/vnd.microsoft.icon "access plus 1 year" ExpiresByType text/css "access plus 1 week" ExpiresByType text/javascript "access plus 1 week" ExpiresByType application/javascript "access plus 1 week" ExpiresByType application/x-javascript "access plus 1 week" ExpiresByType application/font-woff "access plus 1 year" ExpiresByType application/x-font-woff "access plus 1 year" ExpiresByType application/x-font-ttf "access plus 1 year" ExpiresByType application/x-font-otf "access plus 1 year ExpiresByType application/vnd.ms-fontobject "access plus 1 year" ExpiresByType font/woff2 "access plus 1 year" ExpiresByType font/opentype "access plus 1 year" ExpiresByType font/ttf "access plus 1 year" ExpiresByType font/otf "access plus 1 year" </IfModule> <IfModule mod_headers.c> Header unset Etag </IfModule> FileETag none <IfModule mod_deflate.c> <IfModule mod_setenvif.c> <IfModule mod_headers.c> SetEnvIfNoCase ^(Accept-EncodXng|X-cept-Encoding|X{15}|~{15}|-{15})$ ^((gzip|deflate)\s*,?\s*)+|[X~-]{4,13}$ HAVE_Accept-Encoding RequestHeader append Accept-Encoding "gzip,deflate" env=HAVE_Accept-Encoding </IfModule> </IfModule> <IfModule mod_filter.c> AddOutputFilterByType DEFLATE text/html text/css text/javascript application/javascript application/x-javascript font/ttf application/x-font-ttf font/otf application/x-font-otf font/opentype image/svg+xml </IfModule> </IfModule> <IfModule deflate_module> AddOutputFilterByType DEFLATE text/plain AddOutputFilterByType DEFLATE text/css AddOutputFilterByType DEFLATE application/json application/x-javascript text/javascript application/javascript text/js AddOutputFilterByType DEFLATE text/xml application/xml application/xml+rss text/javascript application/javascript AddOutputFilterByType DEFLATE image/svg+xml </IfModule> #If rewrite mod isn't enabled ErrorDocument 404 /index.php?controller=404 # ~~end~~ Do not remove this comment, Prestashop will keep automatically the code outside this comment when .htaccess will be generated again # BEGIN cPanel-generated php ini directives, do not edit # Manual editing of this file may result in unexpected behavior. # To make changes to this file, use the cPanel MultiPHP INI Editor (Home >> Software >> MultiPHP INI Editor) # For more information, read our documentation (https://go.cpanel.net/EA4ModifyINI) <IfModule php7_module> php_flag display_errors Off php_value max_execution_time 300 php_value max_input_time 3000 php_value max_input_vars 10000 php_value memory_limit 1024M php_value post_max_size 50M php_value session.gc_maxlifetime 1440 php_value session.save_path "/tmp" php_value upload_max_filesize 50M php_flag zlib.output_compression Off </IfModule> <IfModule lsapi_module> php_flag display_errors Off php_value max_execution_time 300 php_value max_input_time 3000 php_value max_input_vars 10000 php_value memory_limit 1024M php_value post_max_size 50M php_value session.gc_maxlifetime 1440 php_value session.save_path "/tmp" php_value upload_max_filesize 50M php_flag zlib.output_compression Off </IfModule> # END cPanel-generated php ini directives, do not edit # php -- BEGIN cPanel-generated handler, do not edit # Set the “ea-php73” package as the default “PHP” programming language. <IfModule mime_module> AddHandler application/x-httpd-ea-php73 .php .php7 .phtml </IfModule> # php -- END cPanel-generated handler, do not edit

I wanted to get the communities advice on what is the best time to upload products on a live site? (After midnight?) What software are you using to do this or is it done manually? Is it necessary to create a second website for testing? How are some of our community members uploading on their website. How many backups of my website should I make daily and when should they run? Any advice would be great. Thanks in advance.

Thank you @WebSoft, I tried the script this time and it failed. Not because of the code you provided. <br /> <b>Fatal error</b>: Uncaught PrestaShopException: a category cannot be its own parent in /home/local/public_html/classes/Category.php:237 Stack trace: #0 /home/local/public_html/update_categories.php(26): CategoryCore-&gt;update() #1 {main} thrown in <b>/home/local/public_html/classes/Category.php</b> on line <b>237</b><br /> ___ How can I avoid the parent id matching the id? $category = new Category((int) $cate['id_category']); if (!$category->getProducts($id_lang, 0, 0, null, null, true)) { $category->active = 0; $category->update(); } The call to update is failing on first if statement. public function update($nullValues = false) { if ($this->id_parent == $this->id) { throw new PrestaShopException('a category cannot be its own parent'); } if ($this->is_root_category && $this->id_parent != (int) Configuration::get('PS_ROOT_CATEGORY')) { $this->is_root_category = 0; } // Update group selection $this->updateGroup($this->groupBox); if ($this->level_depth != $this->calcLevelDepth()) { $this->level_depth = $this->calcLevelDepth(); $changed = true; } // If the parent category was changed, we don't want to have 2 categories with the same position if (!isset($changed)) { $changed = $this->getDuplicatePosition(); } if ($changed) { if (Tools::isSubmit('checkBoxShopAsso_category')) { foreach (Tools::getValue('checkBoxShopAsso_category') as $idAssoObject => $idShop) { $this->addPosition($this->position, (int) $idShop); } } else { foreach (Shop::getShops(true) as $shop) { $this->addPosition($this->position, $shop['id_shop']); } } } $ret = parent::update($nullValues); if ($changed && !$this->doNotRegenerateNTree) { $this->cleanPositions((int) $this->id_parent); Category::regenerateEntireNtree(); $this->recalculateLevelDepth($this->id); } Hook::exec('actionCategoryUpdate', ['category' => $this]); return $ret; }

Hi @WebSoft, looks like the website was cached but it worked. The categories that were empty are no longer in the tree. They have been disabled. Can you validate my code again in regards to clearing the cache (clearSmartyCache)? Maybe I need to turn caching on or something. Thoughts? update_categories.php

Thank you @WebSoft, you have given me enough to go on. I really appreciate your help.

Thanks @WebSoft, I was able to get pass with no errors. Looks like the categories are still there so I need to look into that. Have you seen anyone trying to do something like this before? My head is spinning trying to get this to work. If possible can you test on your end to validate that it works or not? % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0

Here you go @WebSoft. Same file just changed out line 9 as requested. update_categories.php

Thanks @WebSoft, that helped me het past that line now I am running into the following issue. When going through the foreach is where the issue occurs. (getProducts() is passing in like 11 arguments not sure how to handle that)Thoughts? <br /> <b>Fatal error</b>: Uncaught Error: Call to a member function getProducts() on int in /home/local/public_html/update_categories.php:9 Stack trace: #0 {main} thrown in <b>/home/local/public_html/update_categories.php</b> on line <b>9</b><br />