com.drastikbydesign.stripe icon indicating copy to clipboard operation
com.drastikbydesign.stripe copied to clipboard

Published 20 hours ago verified publisher icon drastik

.htaccess blocking access to stripe.civix.php

Open ksorbo opened this issue 8 years ago • 4 comments

I have been having the same problem as many others with the stripe processor giving the error,

stripe.js token was not passed

When I examine the chrome browser console, it turns out that the browser did not have access (403) to

sites/default/files/civicrm/custom_ext/com.drastikbydesign.stripe/strip.civix.php

Upon further investigation, I located a .htaccess file in the sites/default/files/civicrm folder which was denying browser access to all below it. (I did not put this .htaccess file here. It was a part of the install process.) I assume the .htaccess is there for security as all the logs, status, cache are in this folder area.

When I comment out the deny all portion of .htaccess, stripe works correctly.

My question is,

Is it dangerous to allow browser access to this area?

What are my alternatives?

Civicrm 4.6.10 Drupal 7.34 Ubuntu 14.10

ksorbo avatar Feb 14 '17 16:02 ksorbo

This is very interesting. I wouldn't imagine the web server needs access to that file... strange. @eileenmcnaughton ?

drastik avatar Feb 14 '17 18:02 drastik

@ksorbo If you're up for testing, does the error still occur if you move your extensions directory to <docroot>/sites/mysite/custom_ext (as is gently suggested in this doc)? Note that in addition to moving the actual directory, you will also need to update your custom extensions directory field in the admin (and possibly clear CiviCRM's cache) if you try this.

laryn avatar Feb 14 '17 18:02 laryn

I've never hit issues like that - but I agree that avoiding the files directory for executable files makes sense and while I don't always do that, I do on 'real live' sites

eileenmcnaughton avatar Feb 14 '17 19:02 eileenmcnaughton

Okay, thanks. @ksorbo does that make sense?
I usually like to make a dir here: sites/all/civicrm_extensions or just like laryn said, a slight variation: sites/YOUR_SITE_DIR/civicrm_extensions

Then you must tell CiviCRM where your extensions directory is. This is done on an admin page within CiviCRM. Be sure to copy over any custom extensions you downloaded. I'm not sure how it will handle the auto-downloaded extensions from CiviCRM repos, probably wouldn't hurt to copy the entire extension dir to the new location.

drastik avatar Feb 15 '17 00:02 drastik