Post by cutemonster » Sun Dec 20, 2015 12:03 pm

Hi,
After enabling SSL, I have problem at the admin site when I try to edit an order. when I click next, the button is disabled and spit out error below.
Obviously, the website is trying to access non ssl content and therefore it's disallow. Could anybody help me resolving the issue?

Error message from javascript console:
Mixed Content: The page at 'https://www.mystore.com/admin/index.php ... rder_id=35' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://ilivingusa.com/index.php?route=api/login'. This request has been blocked; the content must be served over HTTPS.

Newbie

Posts

Joined
Tue Sep 06, 2011 2:39 am

Post by yodapt » Sun Dec 20, 2015 2:44 pm

Have you edited the config files?

Opencart Developer - My Extension Showcase
Contact me at aeon.yoda@gmail.com


User avatar
Active Member

Posts

Joined
Fri Jun 17, 2011 6:39 pm


Post by cutemonster » Sun Dec 20, 2015 3:46 pm

Hi yodapt,
Yes, the config file settings is below. Looks like $ajax is calling api/customer without using https. How can I fix this? Does anybody has this problem or just me?

Code: Select all

$.ajax({
		url: $('select[name=\'store\'] option:selected').val() + 'index.php?route=api/customer&token=' + token,

Code: Select all

[b]Admin[/b]
// HTTP
define('HTTP_SERVER', 'http://www.mystore.com/admin/');
define('HTTP_CATALOG', 'http://www.mystore.com/');

// HTTPS
define('HTTPS_SERVER', 'https://www.mystore.com/admin/');
define('HTTPS_CATALOG', 'https://www.mystore.com/');

[b]Root Config[/b]
// HTTP
define('HTTP_SERVER', 'http://www.mystore.com/');

// HTTPS
define('HTTPS_SERVER', 'https://www.mystore.com/');

Newbie

Posts

Joined
Tue Sep 06, 2011 2:39 am

Post by Webtelligo » Mon Jan 04, 2016 6:05 pm

I am also having exact the same issue. When I want to edit an order I get a pop-up with 'SyntaxError: Unexpected token" and when I want to view an order and change the order status it stays on loading and gives the same "was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://domain.com/index.php?route=api/login'. This request has been blocked; the content must be served over HTTPS." error. It isn't possible for me to change the order statussen and edit the order information. I hope this can be solved.

Cutemonster, did you solve the issue? Or does anybody know how this can be solved?

Newbie

Posts

Joined
Mon Sep 30, 2013 4:22 pm

Post by ryanpete » Mon Jan 11, 2016 1:07 am

Any news on this? Having the exact same issue.. Using version 2.1.0.1

Its easy enough to bypass but a large annoyance

Newbie

Posts

Joined
Fri Jan 17, 2014 6:42 am

Post by victorj » Mon Jan 11, 2016 7:08 am

try changing

Code: Select all

// HTTP
define('HTTP_SERVER', 'http://www.mystore.com/admin/');
define('HTTP_CATALOG', 'http://www.mystore.com/');
to

Code: Select all

// HTTP
define('HTTP_SERVER', 'https://www.mystore.com/admin/');
define('HTTP_CATALOG', 'https://www.mystore.com/');

Koeltechnische deurrubbers eenvoudig online op maat bestellen.
Alle niet stekplichtige onderdelen zoals scharnieren, sloten, randverwarming en verlichting voor alle typen koelingen en vriezers.
https://koelcel-onderdelen.com

Koeltechnische deurrubbers eenvoudig online op maat bestellen.
Eigen productie en snelle levering.
https://123-deurrubbers.com


User avatar
Expert Member

Posts

Joined
Sat Jun 25, 2011 4:09 am
Location - Alkmaar Holland

Post by ryanpete » Mon Jan 11, 2016 7:28 am

victorj wrote:try changing

Code: Select all

// HTTP
define('HTTP_SERVER', 'http://www.mystore.com/admin/');
define('HTTP_CATALOG', 'http://www.mystore.com/');
to

Code: Select all

// HTTP
define('HTTP_SERVER', 'https://www.mystore.com/admin/');
define('HTTP_CATALOG', 'https://www.mystore.com/');

Tried that, same problem.
Here's the output from Chrome Java Developer console

Code: Select all

'https://example.com/admin/index.php?route=sale/order/info&token=Nj9vKoX8CAN2Ansb5jjTkOdQOu9JBzWH&order_id=47' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://example.com/index.php?route=api/login'. This request has been blocked; the content must be served over HTTPS.

Newbie

Posts

Joined
Fri Jan 17, 2014 6:42 am

Post by victorj » Mon Jan 11, 2016 7:36 am

just a stuppid question.
did you eneable https in the admin section under store config server ?

Koeltechnische deurrubbers eenvoudig online op maat bestellen.
Alle niet stekplichtige onderdelen zoals scharnieren, sloten, randverwarming en verlichting voor alle typen koelingen en vriezers.
https://koelcel-onderdelen.com

Koeltechnische deurrubbers eenvoudig online op maat bestellen.
Eigen productie en snelle levering.
https://123-deurrubbers.com


User avatar
Expert Member

Posts

Joined
Sat Jun 25, 2011 4:09 am
Location - Alkmaar Holland

Post by ryanpete » Mon Jan 11, 2016 7:40 am

Sure did

Newbie

Posts

Joined
Fri Jan 17, 2014 6:42 am

Post by victorj » Mon Jan 11, 2016 7:46 am

recently put a oc 2 shop under ssl incl admin
just edited the 2 config files so http and https are both pointing to https, and switched https in admin off and it wass all working.

if its not working, check if you have a mod or vqmod thats acting on th eorder section and unistall te see if that cures the problem.

Koeltechnische deurrubbers eenvoudig online op maat bestellen.
Alle niet stekplichtige onderdelen zoals scharnieren, sloten, randverwarming en verlichting voor alle typen koelingen en vriezers.
https://koelcel-onderdelen.com

Koeltechnische deurrubbers eenvoudig online op maat bestellen.
Eigen productie en snelle levering.
https://123-deurrubbers.com


User avatar
Expert Member

Posts

Joined
Sat Jun 25, 2011 4:09 am
Location - Alkmaar Holland

Post by ryanpete » Thu Jan 14, 2016 10:56 am

So heres an update - Did all of that, removed all vqmods. Went as far as rebuilding the server from scratch, fresh install of opencart with demo data, enabled ssl, modified config files. And the problem still exists.

No modules no add-ons present, being a javascript error I wanted to ensure the browser wasn't effecting this so I did fresh installs of chrome and FF on different machines. Still no luck

I dug hard enough and found were this is failing for me -

In admin/view/template/sale/order_info.tpl, there are two API url definitions

line 506: url: '<?php echo $store_url; ?>index.php?route=api/login', - This provides API login when the order is viewed

line 582: url: '<?php echo $store_url; ?>index.php?route=api/order/history&token=' + token + '&order_id=<?php echo $order_id; ?>', - this processes the add history button.

The problem on all the instances of 2.1.0.1 that I install are in this instance the $store_url variable maps to http://example.com/ - not https://example.com/ --

I manually modified each of these instances with " 'https://example.com/' +" and the problem went away --
Not an elegant solution but finally was able to find the problem --

What I can't yet find is were $store_url is instantiated to figure out why its not getting properly set.

Newbie

Posts

Joined
Fri Jan 17, 2014 6:42 am

Post by Randem » Thu Jan 14, 2016 11:19 am

Hi ,

I had a similar issue in v1.5.6.4 and it may not have been fixed in v2.x.

This is what I had to do to resolve - http://forum.opencart.com/viewtopic.php?f=161&t=132231
Possibly it can help you with this issue.

NEVER take serious; anyone who gives negative impact statements with no ABSOLUTE proof!
OpenCart Helpful Information * Upgrade 1.5 to 2.1 * Upgrade 2.1 to 2.2
"Why do people NEVER have enough time to do it right but ALWAYS enough time to do it over?"
DO NOT EVER GIVE SOMEONE YOU DON"T KNOW ADMIN ACCESS TO ANYTHING!
I am NOT affiliated with OpenCart


User avatar
Active Member

Posts

Joined
Sat Sep 27, 2014 9:17 am

Post by ryanpete » Fri Jan 15, 2016 12:51 am

I'm now more convinced this is a bug - I'm just not sure why other people aren't experiencing it -

$store_url is set in admin/controller/sale/order.php -
"$data['store_url'] = $order_info['store_url'];"

$order_info['store_url'] - is an array of the database fields and references the order table - store_url field, which is set during each order referencing the base store URL which regardless of SSL enabled uses the base http://example.com

I'll open this up on the github site -

If anyone else is having this issue you have a few options -

one change all instances of our site in both config.php files - to reference https, this will force all sessions SSL, any new orders going forward will be fine-

Two - Still testing but it looks like for the instances of url: in the api calls we can use - The route will have to be changed according to the two spots located in order_info.tpl

Code: Select all

url: $('select[name=\'store\'] option:selected').val() + 'index.php?route=api/login',

Newbie

Posts

Joined
Fri Jan 17, 2014 6:42 am

Post by Randem » Fri Jan 15, 2016 4:53 am

The information that I gave you should fix that. It still hasn't been fixed since I spotted it in v1.5...

NEVER take serious; anyone who gives negative impact statements with no ABSOLUTE proof!
OpenCart Helpful Information * Upgrade 1.5 to 2.1 * Upgrade 2.1 to 2.2
"Why do people NEVER have enough time to do it right but ALWAYS enough time to do it over?"
DO NOT EVER GIVE SOMEONE YOU DON"T KNOW ADMIN ACCESS TO ANYTHING!
I am NOT affiliated with OpenCart


User avatar
Active Member

Posts

Joined
Sat Sep 27, 2014 9:17 am

Post by ryanpete » Fri Jan 15, 2016 11:30 pm

I'm currently running a 1.5.6 store without this problem and no fix in play. I'll try what you listed but, I think I'm just going to go all SSL for this new store.

Newbie

Posts

Joined
Fri Jan 17, 2014 6:42 am

Post by Randem » Sat Jan 16, 2016 4:33 am

Actually you are supposed to go ALL SSL for your store. It makes no sense to combine secure and non-secure properties. It will confuse your customers if they are really on a secure site. you don't need your customers to have to keep checking if they are in a secure area or not. If they visit your store it should ALWAYS be secure!

Basicall in your config.php file make EVERYTHING HTTPS. There maybe some code that may need to be forced like in v1.5.x but you can start with that. I made the fix on v1.5.x and haven't gotten around to testing 2.1.x in that area yet.

NEVER take serious; anyone who gives negative impact statements with no ABSOLUTE proof!
OpenCart Helpful Information * Upgrade 1.5 to 2.1 * Upgrade 2.1 to 2.2
"Why do people NEVER have enough time to do it right but ALWAYS enough time to do it over?"
DO NOT EVER GIVE SOMEONE YOU DON"T KNOW ADMIN ACCESS TO ANYTHING!
I am NOT affiliated with OpenCart


User avatar
Active Member

Posts

Joined
Sat Sep 27, 2014 9:17 am

Post by stavrosa » Wed Jul 11, 2018 7:40 pm

solution

around line 850:

Code: Select all

//$data['store_url'] = $order_info['store_url'];
if ($order_info['store_id'] == 0) {
   $data['store_url'] = $this->request->server['HTTPS'] ? HTTPS_CATALOG : HTTP_CATALOG;
} else {
   $data['store_url'] = $order_info['store_url'];
}

Newbie

Posts

Joined
Wed Sep 23, 2015 8:08 pm

Post by pasmatos » Wed Jul 11, 2018 7:56 pm

Stavrosa,

in what file do I look for this line to change.

Thank you

Newbie

Posts

Joined
Thu Aug 25, 2016 6:11 pm
Who is online

Users browsing this forum: No registered users and 29 guests