Has anyone seen this error when using the Stripe button? In the button you configure a success page and a failure page. For me these are just static .html pages. After a payment Stripe redirects to the page but the Apache server gives a 406 error.
It is coming from mod_security which I have disabled by adding the following to .htaccess but it is still happening.
<IfModule mod_security.c>
SecFilterEngine Off Preformatted textSecFilterScanPOST Off </IfModule>
Not Acceptable!
An appropriate representation of the requested resource could not be found on this server. This error was generated by Mod_Security.
So the workaround to this problem is indeed to turn off mod_sec. CPanel provides a widget for mod_sec which overrides any settings in .htaccess.
My provider hides the widget but I was able to get them to turn it off.
So now I have a working Stripe success page but at what risk?
I raised a support request with Stripe which they referred to development but ultimately said not their issue.
I have read it could be the SQL Injection prevention that could be causing this but for me I do not have any control over mode_sec so cannot experiment.
Never heard of mod_sec, by the sound of it it isn’t adding any security if the code is properly written, but in the case of stripe there is in fact no code on the server.