unbranched

That's awesome, thank you! Can we hope in a stable 1.4.1 version soon?

Hi, I successfully upgraded from TB 1.2.0 to TB 1.4.0 but now I encounter this problem: in the backoffice login page if i put my correct credentials and press Enter, the page refreshes to the same login page. If then I just revisit the backoffice page typing it in the browser URL bar, I can access the dashboard without login. So I think there's a wrong redirect from the login page, or cookies are not seen at first, or the given tokens are wrong. My server setup Ubuntu 20.04 php 7.4 MariaDB 10.3 Thirtybees 1.4.0 Nginx configuration (I did it as much simple as possible for the tests): server { listen 443 ssl; index index.php index.html; server_name mywebsite.com www.mywebsite.com; root /var/www/html/mywebsite; ssl_certificate /etc/letsencrypt/live/mywebsite.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/mywebsite.com/privkey.pem; # php rewriting location ~ \.php$ { fastcgi_pass unix:/run/php/php7.4-fpm.sock; fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include fastcgi_params; } }

You do it with the "From:" parameter in the header, depending on the email server you use.

Ok I spent too much time but I solved this with DIY... now my script handles everything. At least I don't have to pay those online services. Would be great if TB will offer a more complex module to handle this GDPR complications.

I know we need to be careful with internet sources, anyway my primary was this , that links to this Paypal page. One other source is this, that shows a consequence of denying marketing cookies.

Trust me, I would 100% agree with you if it was 1 week ago. The problem is that I just discovered I need to handle this Paypal thing because they use analitycs cookies when the user buys. That's the point of this thread. So, sadly is not a necessary technical cookie anymore and I must give the user a choice. With your method you include all Paypal cookies included the analytics ones (unless cookiehub allows a more granular selection, I don't know), so I GUESS you're doing it wrong. Thirtybees is an ecommerce software, I bet 90% of its userbase uses Paypal module, so I really wonder why I can't find other topics about this. Looks like a big priority to me. Please tell me if I'm wrong, comments are welcome.

"So categorise the main paypal ones as essential for example which means the customer can not reject them" Ha! This totally kills the purpose of GDPR, never thought about this. Better find another solution, anyway thanks for sharing!

Hi, I don't use any analytical/statistical cookies on my website, but when a user buys a product can use Paypal to checkout. As far as I understand, I MUST add a cookie banner that can selectively block the installation of analytical/statistical cookies due to Paypal cookies. I'm currently using the "EU Cookie Consent" module that links the above explanation in my privacy policy. You can understand that this is not enough, so what can I do? Does the Cookiebot module handle this problem? If yes and if the user denies the consent, how the checkout page will be shown? Will the payment just fail? I'd like to know some personal experience before considering to pay for Cookiebot. Are there any free alternatives out there, even js scripts that can be added?

Not at all, not using inline things is actually always recommended in web developing since years.

Hi, just curious about the thirtybees cookie that is set just by browsing the website. Is it just a technical cookie or something analytical too? Due to those GDPR cookie warnings we must put on websites, I'd like to be sure about that. Then, I see you also use a tracking pixel, what's the purpose of it? Thanks

I was about to contact you due to CSP and found this thread. Is TB team working on this? Using Mozilla Observatory the best score I can get, making frontoffice & backoffice work, is B (screens in attachment). One first (easy I hope) step to let users setting a stronger CSP would be not using any inline script & css. Another is implementing some Subresource Integrity.

Ok, I'll retry asap.

Same problem here.

Looks like it wanted the contents inside my language folder, not inside "en". I'll double check this later and will put Solved on title if it's fixed.

I'm on TB 1.2.0, upgraded from 1.1.0 last week. On the backoffice translations page, the section for "blocknewsletter" says that english files are missing and to check under <MyPath>/modules/blocknewsletter/mails/en . There was no "en" folder, so I copied it with its contents from your Github, changed permissions, but the problem persists. What's still missing?