Post by thomash2 » Fri Aug 18, 2017 8:42 am

From October Chrome is going to start giving "NOT SECURE" warnings on pages that contain text input fields (such as < input type="text" > or < input type="email" >). Product pages with options and quantity input fields will have this problem since by default the product/product urls are non SSL (at least for Opencart versions before 2.0).

What's the best way to change all product pages to SSL?

I thought maybe something like this?

Code: Select all

<file name="system/library/url.php">  
		<operation>
			<search position="replace"><![CDATA[
				if ($connection ==  'NONSSL') {
			]]></search>
			<add><![CDATA[
				if ($route ==  'product/product') {
					$url = $this->ssl;
				} elseif ($connection ==  'NONSSL') {
			]]></add>
		</operation>
</file>
This is assuming that search module is disabled on all pages, and email form has been removed from the contact page, so that there are no other text input fields on other pages that are not SSL by default. Although we would still have to rewrite all non https direct urls to product pages in htaccess, then might as well force all urls to SSL?

Would it be simpler to replace:

Code: Select all

if ($connection ==  'NONSSL') {
			$url = $this->url;
		} else {
			$url = $this->ssl;	
		}
with

Code: Select all

$url = $this->ssl;
And in htaccess:

Code: Select all

RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} ^domain.com$ [NC]
RewriteRule ^(.*) https://www.domain.com/$1 [R=301,L]

New member

Posts

Joined
Tue Jul 30, 2013 12:44 am

Post by thomash2 » Fri Aug 18, 2017 10:48 am

I would prefer not using SSL on pages that don't have input text fields, because I assume SSL will affect bandwidth?

The vqmod above does successfully change all links to SSL for product pages (1.5x), but how do I force visitors to https if typing a http direct link to product pages? I'm using SEO so there is no common text in the URL to search for.

I've also found that http direct links to accounts and checkout do not redirect to https. And the shopping cart is http and also has http links, triggering Chrome warnings. I fixed this by:

htaccess

Code: Select all

RewriteCond %{HTTPS} =off
RewriteRule ^account https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

RewriteCond %{HTTPS} =off
RewriteRule ^checkout https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
adding extra condition for checkout/cart in the vqmod

Code: Select all

if ($route ==  'product/product' || $route== 'checkout/cart') {

New member

Posts

Joined
Tue Jul 30, 2013 12:44 am

Post by victorj » Fri Aug 18, 2017 9:56 pm

Ssl on every page Does not affect bandwith of speed.
Considering the new rules dictated by Google every shoppingcart should run totally under ssl.
Google Will start to penalize shops that are not using ssl site wilde.

Koeltechnische deurrubbers eenvoudig online op maat bestellen.
Alle niet stekplichtige onderdelen zoals scharnieren, sloten, randverwarming en verlichting voor alle typen koelingen en vriezers.
https://koelcel-onderdelen.com

Koeltechnische deurrubbers eenvoudig online op maat bestellen.
Eigen productie en snelle levering.
https://123-deurrubbers.com


User avatar
Expert Member

Posts

Joined
Sat Jun 25, 2011 4:09 am
Location - Alkmaar Holland
Who is online

Users browsing this forum: No registered users and 6 guests