PageSpeedInsights shows 0 CLS, but field data around 0.30 CLS

Lab data, as well as online analysis tools show my site to have 0 CLS issues in mobile and desktop versions. However, Google field data is showing 0.30 CLS issues, (Critical, no passing level!).

I want to ask: is this to be expected and typical? I have no other ideas on how to fix this. I wonder how people can still experience CLS…. perhaps they are on older devices that don’t respond to modern code, therefore having CLS issues?

Thank you! Dave

Google shows IP instead of domain

I’ve tried breaking my problem down into some smaller stuff that I asked here but I couldn’t figure it out so I am looking for a complete solution now. Google is showing my website’s IP address https://xx.xxx.xxx.xxx instead of my domain. Since it is https, I can’t redirect to my domain because the certificate check fails before a redirect can be made. I have already redirected http ip address to my domain. How do I make my domain show up instead of IP address?

From google search console everything seems to be ok for my domain: the last crawl was a day ago, indexing and crawling is allowed, and it is the google selected canonical.

If I search site:mydomain.xxx, it shows up on google but not bing. I only care about google though, but I am a little worried about why it doesn’t show up on bing.

There is a pretty similar-title question but the issue was due to redirecting to the IP from domain, which I am not doing.

I can provide my IP and domain if you want but I’m scared this will be deleted for being self promotional.

WordPress shows after migration

I copied the files of our WordPress live site from Cpanel and export the database. In my local, I paste the WordPress files to htdocs > devfolder and then import the database to localhost/PHPMyAdmin. Using search and replace the live URL to localhost. Also, changed the configuration of the wp-config file. Then when I visit my local version, the site has some code on the upper part of the front end and admin when you logged in. I think that is the code for FAQ custom post type because that is missing compared to the live site.

How can I fix that kind of error? Thanks.

Custom embed shows on posts but not on category pages

I added a custom embed handler for brightcove since one doesn’t exist.

It works fine on the post itself and the video loads, but just shows a linked url on category and blog roll pages. I am setting the post type to Video because I’d like that to be the featured image. Here’s what I have:

add_action( 'init', function() { wp_embed_register_handler(     'brightcove',     '#https?://players\.brightcove\.net/([^/]+)/([^/]+)/index.html\?videoId=([\d]+)#',     'wp_embed_handler_brightcove'  ); } );  function wp_embed_handler_brightcove($  matches, $  attr, $  url, $  rawattr) {    $  account  = esc_attr($  matches[ 1 ]); $  player   = esc_attr($  matches[ 2 ]); $  video_id = esc_attr($  matches[ 3 ]);  $  embed = '<div style="position: relative; display: block; max-width: 100%;"><div style="padding-top: 56.25%;"><iframe src="' . sprintf('https://players.brightcove.net/%1$  s/%2$  s/index.html?videoId=%3$  s',           $  account,           $  player,           $  video_id ) . '" allowfullscreen="" allow="encrypted-media" style="position: absolute; top: 0px; right: 0px; bottom: 0px; left: 0px; width: 100%; height: 100%;"></iframe></div></div>';    return apply_filters('embed_brightcove', $  embed, $  matches, $  attr, $  url, $  rawattr); 

}

Any input is appreciated. https://players.brightcove.net/1160438696001/SJaEAUSpl_default/index.html?videoId=4592378961001

Creating a list that shows the numerical values not in boolean form

Based from the equation I used in the code below, I found how many values are divisible by 5. However, this is in boolean form. I only know how many are divisible by 5. I need to formulate a conjecture by exploring the values, but I’m having trouble figuring out how to create a list that gives me the numerical values that are divisible by 5 based from given function. Here’s is my program.

expn = Flatten[Table[1^n + 2^n + 3^n + 4^n, {n, 1, 10000}]]; sumpowern = Mod[Total /@ expn, 5] ; Count[sumpowern, 0] posints = Length[Select[Divisible[Total /@ expn , 5], TrueQ]]  

Understanding CSP: report shows blocked that shouldn’t have been blocked

I’m having trouble making sense of some reported CSP violations that don’t seem to actually be violations according to the CSP standard. I have not managed to reproduce the violations in my own browser, and based on my own testing I believe that the block is the result of a non-compliant browser. That seems like a bold assertion, but based on all the documentation I’ve read and my tests it’s the only thing that makes sense.

Here is (more or less) what the CSP is:

frame-ancestors [list-of-urls]; default-src https: data: blob: 'unsafe-inline' 'unsafe-eval' [list-of-more-urls]; report-uri [my-reporting-endpoint] 

The problem is that I’m getting some violations sent to my reporting endpoint. Here is an example violation report:

{"csp-report":{     "document-uri":"[REDACTED]",     "referrer":"[REDACTED]",     "violated-directive":"script-src-elem",     "effective-directive":"script-src-elem",     "original-policy":"[SEE ABOVE]",     "disposition":"enforce",     "blocked-uri":"https://example.com/example.js",     "status-code":0,     "script-sample":"" }} 

The context would be that the page in question had a <script src="https://example.com/example.js"></script> on it somewhere.

To be clear, https://example.com is not in the list of allowed URLs under default-src. However, that shouldn’t really matter. Here are all the relevant facts that lead me to believe this is being caused by a non-compliant browser that someone is using:

  1. There is no script-src-elem defined so it should fall back on the default-src for the list of allowed URLs.
  2. default-src includes the https: schema, which means that all urls with an https scheme will be allowed. The blocked URL definitely uses HTTPS
  3. This source agrees that the scheme source (https) will automatically allow any https resources. Therefore this should be allowed even though example.com is not in the list of allowed URLs.
  4. The official CSP docs also agree, showing that scheme matching happens first and can allow a URL even before the list of allowed URLs is checked.
  5. Therefore, if you include the https: scheme in your default-src, your CSP will match <script src="https://anything.com"> even if not specifically in the list of allowed URLs
  6. In my own testing I found the above to be true.

Despite all of this, I have sporadic reports of CSP violations even though it shouldn’t. Note that I’m unable to replicate this exactly because the pages in question have changed, and I don’t have easy control over them. The only thing I can think of is that some of my users have a browser that isn’t properly adhering to the CSP standard, and are rejecting the URL since it is not on the list of allowed URLs, rather than allowing it based on its scheme.

Is this the best explanation, or am I missing something about my CSP? (and yes, I know that this CSP is not a very strict one).

Running PHP echo $_SERVER [‘DOCUMENT_ROOT’]; Shows Apache Default Path

Trying to get set up and running on a new hosting company after the old one announced they are discontinuing their service at the end of the year, I am having difficulty getting the sites to run. I narrowed it down to Apache’s DocumentRoot for each domain showing the Apache default path rather than showing the path to the individual site’s file location. In other words, when I run echo $ _SERVER ['DOCUMENT_ROOT']; in a test script, it shows the path as /etc/apache2/htdocs when it should show /home/username/public_html/domain.com. They seem unable to fix it so can DocumentRoot be changed through cPanel for each domain?

MessageBoxA only shows up in debugger?

This question is related to crackmes.de’s k1 by xtfusion. I’m trying to add custom shellcode through stack overflow.

The shellcode works perfect under Windows XP (without ASLR) when the program is attached in the debugger. But when I run the program with double click, the program only exits quietly and no window pops up.

Full alphanumeric shellcode (and the screenshot above):

                     ; no need to LoadLibraryA manually push eax             ; eax should be 0 now push 0x646E7770      ; 'pwnd' push esp pop ecx              ; address of 'pwnd' push esp pop eax push esp pop edx              ; address of 'pwnd', backup for later use sub eax,0x55555521   ; only `sub eax, xxx` is allowed for Alphanumeric shellcode sub eax,0x55555421 sub eax,0x55555648 push eax pop esp push 0x7E and eax,0x554E4D4A and eax,0x2A313235 sub eax,0x55555555 sub eax,0x55555555 sub eax,0x334D556E   ; encode intruction e8070822 push eax             ; write to memory on the fly push edx pop esp push esi             ; 0, esi should be 0 now push ecx             ; address of string 'pwnd', 4 bytes to save life push esi             ; 0 push esi             ; 0 jne 0x22FFE6         ; jump to the generated instruction `call USER32.MessageBoxA` 

I’m not quite familiar with Windows API.

What does the window do when the program exits? Do I need to migrate the window to another existed process?

Why the window does not show up without the debugger?

Thanks in advance.