Picker.js error

im trying to do this [url]CS-Cart Documentation — CS-Cart 4.16.x documentation

but whenever i hit the +add product, admin hangs in chrome and i get this error in IE8

Message: Permission denied

Line: 79

Char: 3

Code: 0

URI: [url]https://www.blink.com.ph/js/picker.js[/url]

I already checked file and folder permission. Any idea what may be causing this? I’m not knowledgeable in JS so im not sure how to read this.

thank you

2.1.4 MVE

using chrome, i was able to get this error

Unsafe JavaScript attempt to access frame with URL [url]https://www.domain.com/cc.php?dispatch=products.update&product_id=29778[/url] from frame with URL [url]http://www.domain.com/[/url]. Domains, protocols and ports must match.

and i get an SSL warning. So i temporarly disabled SSL in the admin. i no longer get the error but i now get a 404 not found in the iframe

any help is appreciated.


after searching i found another forum post with a similar problem and it had something to do with mod_security PHP module. Unfortunately, im unable to reach the user who has the solution.

Any clues where i can get started? I believe it might be an issue with my host, but im not sure where to begin or what to tell my host admin.


Hello buging!

You should ask your server administration to disable the “mod_security” module, it may cause a number of problems with CS-Cart installation.

There is no reason to completely disable mod_security nor is it wise because it provides excellent protection against most common exploit attempts. It will also help a great deal with PCI compliance scanning.

Only a few of the default rules routinely interfere with CS-Cart functions so, it is much better to only remove or modify those rules instead of completely disabling all of the protection mod_security provides.

Your host can easily do this for you by adding something similar to this to your virtualhost container after checking the server logs to see which rule IDs are giving false alarms

SecRuleRemoveById 950006

SecRuleRemoveById 959007

SecRuleRemoveById 950904

SecRuleRemoveById 950906

Those IDs above are rules from the default mod_security ruleset known to conflict with some CS-Cart functions but they may differ with your host if they are using a custom ruleset.

When I want to use the Product Picker, I just go to Administration > Settings > General

and then UNCHECK “Enable secure connection in the administration panel (SSL certificate is required to be installed on your server)”

When https is NOT running, the product picker works just fine.

When I'm done using it, I then enable SSL again. That's the work around that works best for me.