: Mixed content - SSL Problem or Opencart? This question is related with: Duplicated content www on subdomain and SSL My actual HTACCESS: RewriteBase / # this redirects example.com and www.example.com
This question is related with: Duplicated content www on subdomain and SSL
My actual HTACCESS:
RewriteBase /
# this redirects example.com and example.com to https - thanks closetnoc @webmasters -stackexange
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} ^loja.genesiseries.com$ [NC,OR]
RewriteCond %{HTTP_HOST} ^www.loja.genesiseries.com$ [NC]
RewriteRule ^(.*)$ loja.genesiseries.com/ [R=301,L]
RewriteCond %{HTTPS} on
RewriteCond %{HTTP_HOST} ^www.loja.genesiseries.com$ [NC]
RewriteRule ^(.*)$ loja.genesiseries.com/ [R=301,L]
#Now start the normal rules
RewriteRule ^sitemap.xml$ index.php?route=feed/google_sitemap [L]
RewriteRule ^googlebase.xml$ index.php?route=feed/google_base [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !.*.(ico|gif|jpg|jpeg|png|js|css)
RewriteRule ^([^?]*) index.php?_route_= [L,QSA]
RewriteCond %{QUERY_STRING} ^route=common/home$
RewriteRule ^index.php$ loja.genesiseries.com? [R=301,L]
# Tentativa de prevenir erro headers sent #RewriteCond %{HTTP_HOST} !^loja.genesiseries.com #RewriteRule ^(.*)$ loja.genesiseries.com/ [R=301,L]
Using these rules I am getting the following error(s): Original Screenshot
Mixed Content: The page at 'https://example.com/admin' was loaded over HTTPS, but requested an insecure script 'http://example.com/admin/.../script.js'. This request has been blocked; the content must be served over HTTPS.
:
:
etc.
Problem of opencart config or SSL rules?
More posts by @Debbie626
2 Comments
Sorted by latest first Latest Oldest Best
I realize this question is solved, but to answer you: Its OpenCart side. Here are tips in case anyone else runs into something like this when trying to go SSL everywhere:
-- As mentioned make sure both config.php and admin/config.php point to both http and https variants. Also make sure any mods that use a copied config (a la vTiger sync) have the proper updated urls. Remember there are always at least 2 configs to update in OC.
-- A warning about htaccess forced 301: Make sure that your theme, any modules, or any vQmods do not call strict assets. This is a common error in OC, especially in themes or poorly crafted mods that re-invent the wheel and call their own JS/fonts. If you find strict assets, change them to relative URLs (//) in the source(s). This is the preferred means to repairing the insecure items, htaccess will only skoot around or mask the issue and won't work with HSTS after the first page access (since it is client side 307 & blocks). Most likely you want to use HSTS, it's a great header....but your insecure items above still wouldnt work.
-- You should repair the file manager to use native relative URLs (//) when it attaches media. This would prevent insecure items in the future. The fix is beyond the scope of this writeup, but it involves editing admin/controller/common/filemanager.phpand replacing $this->data['directory'] = HTTP_CATALOG . 'image/data/'; with something like $this->data['directory'] = str_replace('http:', '', HTTP_CATALOG) . 'image/data/'; (or its HTTPS_ counterpart).
-- If you are using HTTPS mode always, its wise to mod the system/library/url.php to include strict HTTPS self-gen assets (like images, menus, links, scripts, etc). Its a very easy fix (1.5.5 to 1.5.6.4), just jump in that file and find $url = $this->url; then change it to $url = $this->ssl;. The magic asset fix.
-- Another route: There is an "SSL everywhere manager" for OpenCart that helps with this stuff and more without the need for htaccess or manual coding. Has 301, HSTS 307, preload, assets, relatives, proxies, etc.
There are more things, but that stuff seems to be what people run into most with SSL always in OpenCart. Hope that helps people in the future!
I found this link that points to some configuration changes: www.inmotionhosting.com/support/edu/opencart/setting-up-payment-gateways/how-to-enable-ssl-connection-in-opencart
In it you will see some edits to config.php.
Original:
define('HTTPS_SERVER', 'http://opencart.inmotiontesting.com/');
define('HTTPS_IMAGE', 'http://opencart.inmotiontesting.com/image/');
define('HTTPS_SERVER', 'http://opencart.inmotiontesting.com/admin/');
define('HTTPS_CATALOG', 'http://opencart.inmotiontesting.com/');
define('HTTPS_IMAGE', 'http://opencart.inmotiontesting.com/image/');
New:
define('HTTPS_SERVER', 'https://opencart.inmotiontesting.com/');
define('HTTPS_IMAGE', 'https://opencart.inmotiontesting.com/image/');
define('HTTPS_SERVER', 'https://opencart.inmotiontesting.com/admin/');
define('HTTPS_CATALOG', 'https://opencart.inmotiontesting.com/');
define('HTTPS_IMAGE', 'https://opencart.inmotiontesting.com/image/');
You will notice that the only thing that changes is HTTP to HTTPS. I checked another site and it agrees with the settings.
Terms of Use Create Support ticket Your support tickets Stock Market News! © vmapp.org2024 All Rights reserved.