html – Are there security issues around controlled cross site sharing behind SSO?

Very simply we have a ton of websites at our company behind SSO.

I am having a hard time figuring out what security issues there are if we open cross-site sharing between these sites but wanted to get a broader view. This is really a result of browser updates around cross site sharing in iframes in chrome and IE a few months back. With those security features disabled at the browser level (yes we will not have users do that) iframing within our sites work fine.

Let me give you context of the specific problem:

  1. example.com – main site
  2. subdomain1.example.com – subdomain we have a ton
  3. subdomain2.example.com – another sub
  4. example.login.com – SSO server we authenticate to
  5. example.cms.com – random vendor that uses our SSO

So right now as long as the servers in 1, 2, and 3 allow cross site sharing iframes work… as long as your cookie/token is already active. If it is not active then it just errors out trying to connect to example.login.com.

We are discussing changing the CORS/sharing settings on the login server and others brought up possible security issues. I just don’t see how there are issues with clickjacking or anything else when we control all of the sites ourselves. Am I missing something here? Are there security issues with sharing between controlled tenets? Let me know if I need to provide anymore info.

magento2.3 – MagePlaza Layered Navigation Not working on Local host but is working On production site?

When I hit a radio box button on the left side like ‘Extract Labs’ nothing happens. It should filter products and show all Extract Labs products. It will load for a second with a loading circle, then nothing happens. Does not filter any products. On Production site it works as expected, on local host and staging site it is not working. Image Below. Using Porto Theme.

enter image description here

sharepoint online – How to retrieve the Creator or Author of a site or any sub site?

I cannot find a way to get the creator of a site in a SharePoint site collection (There are more than one administrators), be it in web view or programmatically.

I tried get-author-creator-of-a-site-subsite-using-jsom-or-rest-api but seems to work only for (sub-)subsites.
I also tried https://www.sharepointdiary.com/2018/02/find-who-created-site-in-sharepoint.html. I would prefer using PnP, but no solution has worked so far.

$con = Connect-PnPOnline -ReturnConnection -Url $mySiteUrl -Credentials $myCreds
$web = Get-PnPWeb -Connection $con
Get-PnPProperty -ClientObject $web -Property Author
Get-PnPProperty : 'Author' is not a member of 'Microsoft.SharePoint.Client.Web'

+ Get-PnPProperty -ClientObject $Web -Property Author
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : WriteError: (:) (Get-PnPProperty), ArgumentException
    + FullyQualifiedErrorId : EXCEPTION,SharePointPnP.PowerShell.Commands.Base.EnsureProperty

I tried including all properties $web = Get-PnPWeb -Connection $cnx -Includes allproperties without any success.

javascript – Getting intermittent AJAX.js error on a Commerce site when changing product variation dropdown menu

We’ve been trying to troubleshoot this issue for weeks now without luck and am really hoping someone here can help point us in the right direction.

We have a D8/Commerce 2 site with a **very intermittent ** issue. When changing the product variation dropdown on the add to cart form sometimes the variation does not update (the sku, photo, etc) remain on the default even though the dropdown is changed. When this issue occurs the console log shows the below error but we are unable to make sense of it.

Also, the fact that it is intermittent really make troubleshooting difficult.

  1. JS aggregation is turned off
  2. When the issue occurs it seems to occur
    until the caches are cleared and them will eventually pop up again
  3. No custom caching or sever caching is being used

We’ve removed just about every extra service and script from the product pages but the error still persists.

Any ideas what it could be? Why it is intermittent? Or any suggestions for troubleshooting steps?

enter image description here

facebook – How to automatically search my entire site for any content embedded using oEmbed?

How can I carry out an automatic search of all pages/posts on my site for any content embedded using oEmbed (preferably Facebook/Instagram content)?

The reason I ask is because this WPBeginner post says that on October 24th, all Facebook or Instagram content embedded on a site using oEmbed will be deprecated, and such content will be (slightly) broken. I’d like to first determine how much oEmbed content I have on my site. My site is has a relatively large amount of pages/posts (content added by others), so manually searching each will be a bit tedious.

Would I perhaps need to carry out a database search? Or a text search through all the files?

FYI my site uses Classic Editor throughought–not Gutenberg.

Thanks.