Hi Gareth, thanks for taking the time to share your experience.
Whilst I'm still not sure of the specific cause, as I've mentioned, I'm guessing that the issue is our tightened security defaults (our website is running on an older version of TurnKey that isn't quite so locked down - and obviously our site is working for you). If you experienced the issue with WordPress, I'm not super surprised that you hit this issue on other TurnKey appliances you tested. About 70-80% of the library uses Apache as the webserver and it seems that it's our locked down Apache config (that all apps that use Apache inherit) that is causing you this issue.
Could you please give me some more info about the device(s) that failed? I don't have any Apple devices and it only appears to affect them (or at least I can't reproduce with any of the devices that I have access to)?! Assuming that it's only affecting Apple devices for you too, then I'd be particularly interested in what device in particular and ideally what OS and browser version too. If it affects other devices, if you could please share what they are (and OS and browser versions too ideally). Armed with that info I'm almost certain that I can get to the bottom of this issue.
I will also think about developing a tool to tighten and/or loosen security config so these issues are easier to work around.
You also noted that you went a different path and it "just worked", so I'd also be interested to know what you are using now? Perhaps we should reduce the default security a little to ensure better compatibility?
Hi Gareth, thanks for taking the time to post your feedback
Hi Gareth, thanks for taking the time to share your experience.
Whilst I'm still not sure of the specific cause, as I've mentioned, I'm guessing that the issue is our tightened security defaults (our website is running on an older version of TurnKey that isn't quite so locked down - and obviously our site is working for you). If you experienced the issue with WordPress, I'm not super surprised that you hit this issue on other TurnKey appliances you tested. About 70-80% of the library uses Apache as the webserver and it seems that it's our locked down Apache config (that all apps that use Apache inherit) that is causing you this issue.
Could you please give me some more info about the device(s) that failed? I don't have any Apple devices and it only appears to affect them (or at least I can't reproduce with any of the devices that I have access to)?! Assuming that it's only affecting Apple devices for you too, then I'd be particularly interested in what device in particular and ideally what OS and browser version too. If it affects other devices, if you could please share what they are (and OS and browser versions too ideally). Armed with that info I'm almost certain that I can get to the bottom of this issue.
I will also think about developing a tool to tighten and/or loosen security config so these issues are easier to work around.
You also noted that you went a different path and it "just worked", so I'd also be interested to know what you are using now? Perhaps we should reduce the default security a little to ensure better compatibility?