Are you a GenerateCustomer?

Do you have an active GP Premium or GenerateBlocks Pro license key?

Create a GenerateSupport account for GeneratePress and GenerateBlocks support in one dedicated place.

Create an account
Already have a GenerateSupport account? Login

Just browsing?

Feel free to browse the forums. Support for our free versions is provided on WordPress.org (GeneratePress, GenerateBlocks).

Want to become a premium user? Learn more below.

SVG in menu labels 403 error

  • Hi, I have followed the procedure you suggested to add an SVG icon to the menu: insert the SVG sanitized code in the item label field, as shown in https://generatepress.com/forums/topic/use-svg-icons-for-menu-items/.

    The menu is displayed correctly, but now, every time I try to update the menu, there is a 403 error thrown by nav-menu.php file and the message “Forbidden. You don’t have permission to access this resource.”

    Now I´m updating the menu directly through the database, but it makes it difficult for the client to manage his web page.

    Currently therie is no cache plugin, and I have even tried disabling the security plugin and uploading a minimal htaccess, without results. I have also checked that the folder permissions are set to 755.

    Thanks.

  • Hi there,

    hmmm… so whether it be WP or something on the server, i assume something no longer likes the SVG XML in there.

    Perhaps removing the SVGs for now, and look for an alternative method of adding them? How may different icons are there ?

  • Hi David, thanks for the quick response.

    I was surprised because I have already used this very same method when I need a custom icon, and I have also allowed by code the SVG uploads in the website.

    I’m in contact with my hosting, it could be due to a very strict filtering rules in their WAF, but I can’t confirm it yet.

    Regards.

  • Let us know what they say

  • Hello, David.

    Seems to be a problem with the mod_security rules on my server. The rulers are interpreting the SVG upload insde the menu tag as a cross-site scripting attack.

    I think your method is still valid, as I understand that the issue is due to a misinterpretation.

    Thanks.

  • Glad to hear you found the issue.

Viewing 6 posts - 1 through 6 (of 6 total)
  • You must be logged in to reply to this topic.