Product/product pages in SSL, new Chrome security warning for input fields
Posted: Fri Aug 18, 2017 8:42 am
From October Chrome is going to start giving "NOT SECURE" warnings on pages that contain text input fields (such as < input type="text" > or < input type="email" >). Product pages with options and quantity input fields will have this problem since by default the product/product urls are non SSL (at least for Opencart versions before 2.0).
What's the best way to change all product pages to SSL?
I thought maybe something like this?
This is assuming that search module is disabled on all pages, and email form has been removed from the contact page, so that there are no other text input fields on other pages that are not SSL by default. Although we would still have to rewrite all non https direct urls to product pages in htaccess, then might as well force all urls to SSL?
Would it be simpler to replace:
with
And in htaccess:
What's the best way to change all product pages to SSL?
I thought maybe something like this?
Code: Select all
<file name="system/library/url.php">
<operation>
<search position="replace"><![CDATA[
if ($connection == 'NONSSL') {
]]></search>
<add><![CDATA[
if ($route == 'product/product') {
$url = $this->ssl;
} elseif ($connection == 'NONSSL') {
]]></add>
</operation>
</file>
Would it be simpler to replace:
Code: Select all
if ($connection == 'NONSSL') {
$url = $this->url;
} else {
$url = $this->ssl;
}
Code: Select all
$url = $this->ssl;
Code: Select all
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} ^domain.com$ [NC]
RewriteRule ^(.*) https://www.domain.com/$1 [R=301,L]