Upon saving the page, I get a 'Saving Error' pop-up
LiveCanvas is basically a HTML editor under the hood - running in your browser, and enriched with some "point-and-click" interface to help build HTML scaffolds.
LiveCanvas is using WordPress as a backend - to save the full HTML data of your page - and it does it into the standard post_content field.
On some WordPress installs, due to strict security settings of the environment, LiveCanvas can have problems while saving the HTML.
In these cases, upon clicking the saving button in the editor, you will see a 'Saving Error' pop-up.
Depending on the actual content of the page, you could see more or less this message. Embedding some image URLs, or JS code is a typical trigger.
This issue has been traced many times at:
- Security [at application level] plugins like WordFence
- Security [at server level] settings / tools like Imunify 360
What's happening behind the scenes?
Basically when you hit the save button, all the page's <main> HTML is sent via $_POST to your WordPress backend.
This can trigger some false positives in security software.
What to do?
Try tweaking settings / disabling your security plugins, or in case of server level tools / settings, contact your host and ask them to tweak settings / disable the offending tool.
How to fix issues with WordFence
Some users are reporting problems with this famous security plugin, but it's easy to get around it.
If you do see that turning off WordFence fixes your saving problem with LiveCanvas, just look at the live traffic and when the request from LiveCanvas comes through, add it to a whitelist:
"Saving Error | Forbidden" seems to occur when there is an SVG path in the html: max_input_vars
From a client:
I'm noticing the "Saving Error | Forbidden" seems to occur when there is an SVG path in the html. Does that help any further?
I'm using GoDaddy dedicated server with C-Panel access, and all my sites are hosted on GoDaddy.
After 2 full business days of being on the phone with GoDaddy's support, I finally got a proper tech to resolve the issue. He added a .user.ini file to the file manager with these settings:
memory_limit = 512M max_input_vars = 5000 upload_max_filesize = 1024M post_max_size = 128M max_execution_time = 300
Advice for CloudFlare
Some added advice by a kind Customer
Next Topic: AI-Powered Web Design: from MidJourney to LiveCanvas »"I was incurring the issue within integration with CloudFlare and a security not allowing script in the POST request with the rule "HTML Injection - Script Tag".
I was able to fix the issue by setting an EXCEPTION under SECURITY -> WAF then MANAGED RULES tab clicking on Add Exception.
In the rule I set the requests to match:
Request Method -> POST
Hostname = "my site"
Country = "United States"
Referer contains "my site url"You can lock this down more by adding the source IP which would be the local IP your logged in at but mine changes so i didnt do that. Anyhow, this took up like 2-3 hours of my day pulling my hair out trying to figure it out and figured it might help someone else out. See the recorded block event from CloudFlare."