Loading the preview took longer than expected

will-o-matic · August 18, 2017, 6:24pm

I am seeing an error “Loading the preview took longer than expected.” when attempting to edit a page in Cornerstone. At the same time, I see requests to https://womensmarchmichigan.org/cornerstone-endpoint receiving a response of {“success”:false,“data”:{“invalid_user”:true,“message”:“nonce verification failed.”}}.

So far I have tried resetting my keys (from https://api.wordpress.org/secret-key/1.1/salt/) and disabling third-party plugins.

christopher · August 19, 2017, 8:42am

Hi there,

You are using an old version of the theme with the latest version of Cornerstone which is not compatible.

Please kindly either delete the Cornerstone plugin and go to X > Addond page to have the version 4.6.4 of the theme install the compatible Cornerstone version automatically for you, or kindly update your theme to latest version.

Either way, it is wise to have a complete backup of your website before doing anything.

Thank you.

will-o-matic · August 19, 2017, 12:15pm

Hey,

Thanks for the reply. I went ahead and updated X to the latest version, but I’m still seeing the same behavior. I added some credentials to my post - are you able to take a look? The home page is where I’m seeing the issue.

will-o-matic · August 20, 2017, 12:32am

I’ve managed to narrow the issue down to a call Cornerstone makes to /cornerstone-endpoint. When I change the content of a Raw Content element, it calls /cornerstone-endpoint, apparently to get the data preformatted. That is the only call to the endpoint that fails with the nonce message. It appears to only occur when there is an iframe in the Raw Content element. This worked in previous versions, so it feels like a bug.

ruenel · August 21, 2017, 4:10am

Hello There,

Thanks for updating in! Please make sure that iframe is allowed in your server. This could be a
cornerstone-endpoint 403 Forbidden Error

The request returns 403 Forbidden when saving, and it’s mostly related to security. Please contact your hosting provider and see if they can disable the security or exclude that URL and all requests (all payload related to that URL ) from your security rules.

Please let us know how it goes.

will-o-matic · August 22, 2017, 12:22am

Thanks, RueNel. My hosting provider confirmed it was ModSecurity blocking the endpoint whenever the request contained an iframe element.

Prasant · August 22, 2017, 5:31am

I logged in and Cornerstone is working fine now. Glad to hear issue is resolved now.

archonic · September 8, 2017, 2:44am

It appears the WordFence, which is super popular, is also blocking this endpoint when the request is made from an iframe. I don’t have the option of disabling it. Does anyone know a way to get these 2 to play nice?

Joao · September 8, 2017, 12:32pm

Hi There,

I recommend you disabling while editing or playing with its parameters.

Unfortunately providing support for Wordfence would be outside of the scope of our support but I would recommend you consult with our Facebook group X Theme Pro Users and I am sure you will get some good advice there.

Hope it helps