I was having security issues a while back under the FL days and Justin was looking into them. I have recently returned to BeaverBuilder and most of these have disappeared with a few exceptions;
I am unable to embed youtube URLs either via the Video Module or within text module. If I use a YouTube widget plugin it works.
I am unable to include any embeds for third part sites e.g a dimi booking button
The hosting provider hostgeek.com.au advises a apache mod_security event is generated.
I experienced similar issues a while back and Justin provided some assistance, I would very much like to have this issue resolved. It has also occurred with crazydomains.com.au host so its not unique to a single host company.
Can you tell me what version of the builder you’re using? We fixed those issues a few versions back but the 403 issue does look like it might be new. I’m thinking mod security doesn’t like the script tags being sent to the server, but the latest version might fix that. Let me know and we can go from there.
Builder version 1.3.7. I agree some of the previous problems are resolved but a few niggles remain. Its not just the script tag as youtube embeds are also problematic
I spent some time trying to fix this particular 403 issue but unfortunately, I don’t think we’ll be able to do anything about it. The issue appears to be that your hosting company isn’t allowing iframe or script tags to be sent in an ajax post request to the server.
I searched high and low for a solution and tried a number of things but so far nothing has worked. From what I can see on the web, most people are disabling that feature of mod security in their .htaccess or asking their host to disable it when running into this issue. Can you give that a shot? Here’s the code to put in your .htaccess file…
Thanks for these insights. I have tried disabling via .htaccess and get a HTTP500 error. so I have logged a ticket with the host and will see what they say
I’m glad to hear they were able to help! For future reference, they actually don’t need to completely disable mod_security, just the rule that blocks certain tags in AJAX requests (they may have done that).