Hi,
After enabling SSL, I have problem at the admin site when I try to edit an order. when I click next, the button is disabled and spit out error below.
Obviously, the website is trying to access non ssl content and therefore it's disallow. Could anybody help me resolving the issue?
Error message from javascript console:
Mixed Content: The page at 'https://www.mystore.com/admin/index.php ... rder_id=35' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://ilivingusa.com/index.php?route=api/login'. This request has been blocked; the content must be served over HTTPS.
Have you edited the config files?
Opencart Developer - My Extension Showcase
Contact me at aeon.yoda@gmail.com
Hi yodapt,
Yes, the config file settings is below. Looks like $ajax is calling api/customer without using https. How can I fix this? Does anybody has this problem or just me?
Yes, the config file settings is below. Looks like $ajax is calling api/customer without using https. How can I fix this? Does anybody has this problem or just me?
Code: Select all
$.ajax({
url: $('select[name=\'store\'] option:selected').val() + 'index.php?route=api/customer&token=' + token,Code: Select all
[b]Admin[/b]
// HTTP
define('HTTP_SERVER', 'http://www.mystore.com/admin/');
define('HTTP_CATALOG', 'http://www.mystore.com/');
// HTTPS
define('HTTPS_SERVER', 'https://www.mystore.com/admin/');
define('HTTPS_CATALOG', 'https://www.mystore.com/');
[b]Root Config[/b]
// HTTP
define('HTTP_SERVER', 'http://www.mystore.com/');
// HTTPS
define('HTTPS_SERVER', 'https://www.mystore.com/');I am also having exact the same issue. When I want to edit an order I get a pop-up with 'SyntaxError: Unexpected token" and when I want to view an order and change the order status it stays on loading and gives the same "was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://domain.com/index.php?route=api/login'. This request has been blocked; the content must be served over HTTPS." error. It isn't possible for me to change the order statussen and edit the order information. I hope this can be solved.
Cutemonster, did you solve the issue? Or does anybody know how this can be solved?
Cutemonster, did you solve the issue? Or does anybody know how this can be solved?
try changing
to
Code: Select all
// HTTP
define('HTTP_SERVER', 'http://www.mystore.com/admin/');
define('HTTP_CATALOG', 'http://www.mystore.com/');Code: Select all
// HTTP
define('HTTP_SERVER', 'https://www.mystore.com/admin/');
define('HTTP_CATALOG', 'https://www.mystore.com/');
Koeltechnische deurrubbers eenvoudig online op maat bestellen.
Alle niet stekplichtige onderdelen zoals scharnieren, sloten, randverwarming en verlichting voor alle typen koelingen en vriezers.
https://koelcel-onderdelen.com
victorj wrote:try changing
toCode: Select all
// HTTP define('HTTP_SERVER', 'http://www.mystore.com/admin/'); define('HTTP_CATALOG', 'http://www.mystore.com/');
Code: Select all
// HTTP define('HTTP_SERVER', 'https://www.mystore.com/admin/'); define('HTTP_CATALOG', 'https://www.mystore.com/');
Tried that, same problem.
Here's the output from Chrome Java Developer console
Code: Select all
'https://example.com/admin/index.php?route=sale/order/info&token=Nj9vKoX8CAN2Ansb5jjTkOdQOu9JBzWH&order_id=47' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://example.com/index.php?route=api/login'. This request has been blocked; the content must be served over HTTPS.just a stuppid question.
did you eneable https in the admin section under store config server ?
did you eneable https in the admin section under store config server ?
Koeltechnische deurrubbers eenvoudig online op maat bestellen.
Alle niet stekplichtige onderdelen zoals scharnieren, sloten, randverwarming en verlichting voor alle typen koelingen en vriezers.
https://koelcel-onderdelen.com
recently put a oc 2 shop under ssl incl admin
just edited the 2 config files so http and https are both pointing to https, and switched https in admin off and it wass all working.
if its not working, check if you have a mod or vqmod thats acting on th eorder section and unistall te see if that cures the problem.
just edited the 2 config files so http and https are both pointing to https, and switched https in admin off and it wass all working.
if its not working, check if you have a mod or vqmod thats acting on th eorder section and unistall te see if that cures the problem.
Koeltechnische deurrubbers eenvoudig online op maat bestellen.
Alle niet stekplichtige onderdelen zoals scharnieren, sloten, randverwarming en verlichting voor alle typen koelingen en vriezers.
https://koelcel-onderdelen.com
So heres an update - Did all of that, removed all vqmods. Went as far as rebuilding the server from scratch, fresh install of opencart with demo data, enabled ssl, modified config files. And the problem still exists.
No modules no add-ons present, being a javascript error I wanted to ensure the browser wasn't effecting this so I did fresh installs of chrome and FF on different machines. Still no luck
I dug hard enough and found were this is failing for me -
In admin/view/template/sale/order_info.tpl, there are two API url definitions
line 506: url: '<?php echo $store_url; ?>index.php?route=api/login', - This provides API login when the order is viewed
line 582: url: '<?php echo $store_url; ?>index.php?route=api/order/history&token=' + token + '&order_id=<?php echo $order_id; ?>', - this processes the add history button.
The problem on all the instances of 2.1.0.1 that I install are in this instance the $store_url variable maps to http://example.com/ - not https://example.com/ --
I manually modified each of these instances with " 'https://example.com/' +" and the problem went away --
Not an elegant solution but finally was able to find the problem --
What I can't yet find is were $store_url is instantiated to figure out why its not getting properly set.
No modules no add-ons present, being a javascript error I wanted to ensure the browser wasn't effecting this so I did fresh installs of chrome and FF on different machines. Still no luck
I dug hard enough and found were this is failing for me -
In admin/view/template/sale/order_info.tpl, there are two API url definitions
line 506: url: '<?php echo $store_url; ?>index.php?route=api/login', - This provides API login when the order is viewed
line 582: url: '<?php echo $store_url; ?>index.php?route=api/order/history&token=' + token + '&order_id=<?php echo $order_id; ?>', - this processes the add history button.
The problem on all the instances of 2.1.0.1 that I install are in this instance the $store_url variable maps to http://example.com/ - not https://example.com/ --
I manually modified each of these instances with " 'https://example.com/' +" and the problem went away --
Not an elegant solution but finally was able to find the problem --
What I can't yet find is were $store_url is instantiated to figure out why its not getting properly set.
Hi ,
I had a similar issue in v1.5.6.4 and it may not have been fixed in v2.x.
This is what I had to do to resolve - http://forum.opencart.com/viewtopic.php?f=161&t=132231
Possibly it can help you with this issue.
I had a similar issue in v1.5.6.4 and it may not have been fixed in v2.x.
This is what I had to do to resolve - http://forum.opencart.com/viewtopic.php?f=161&t=132231
Possibly it can help you with this issue.
NEVER take serious; anyone who gives negative impact statements with no ABSOLUTE proof!
OpenCart Helpful Information * Upgrade 1.5 to 2.1 * Upgrade 2.1 to 2.2
"Why do people NEVER have enough time to do it right but ALWAYS enough time to do it over?"
DO NOT EVER GIVE SOMEONE YOU DON"T KNOW ADMIN ACCESS TO ANYTHING!
I am NOT affiliated with OpenCart
I'm now more convinced this is a bug - I'm just not sure why other people aren't experiencing it -
$store_url is set in admin/controller/sale/order.php -
"$data['store_url'] = $order_info['store_url'];"
$order_info['store_url'] - is an array of the database fields and references the order table - store_url field, which is set during each order referencing the base store URL which regardless of SSL enabled uses the base http://example.com
I'll open this up on the github site -
If anyone else is having this issue you have a few options -
one change all instances of our site in both config.php files - to reference https, this will force all sessions SSL, any new orders going forward will be fine-
Two - Still testing but it looks like for the instances of url: in the api calls we can use - The route will have to be changed according to the two spots located in order_info.tpl
$store_url is set in admin/controller/sale/order.php -
"$data['store_url'] = $order_info['store_url'];"
$order_info['store_url'] - is an array of the database fields and references the order table - store_url field, which is set during each order referencing the base store URL which regardless of SSL enabled uses the base http://example.com
I'll open this up on the github site -
If anyone else is having this issue you have a few options -
one change all instances of our site in both config.php files - to reference https, this will force all sessions SSL, any new orders going forward will be fine-
Two - Still testing but it looks like for the instances of url: in the api calls we can use - The route will have to be changed according to the two spots located in order_info.tpl
Code: Select all
url: $('select[name=\'store\'] option:selected').val() + 'index.php?route=api/login',The information that I gave you should fix that. It still hasn't been fixed since I spotted it in v1.5...
NEVER take serious; anyone who gives negative impact statements with no ABSOLUTE proof!
OpenCart Helpful Information * Upgrade 1.5 to 2.1 * Upgrade 2.1 to 2.2
"Why do people NEVER have enough time to do it right but ALWAYS enough time to do it over?"
DO NOT EVER GIVE SOMEONE YOU DON"T KNOW ADMIN ACCESS TO ANYTHING!
I am NOT affiliated with OpenCart
Actually you are supposed to go ALL SSL for your store. It makes no sense to combine secure and non-secure properties. It will confuse your customers if they are really on a secure site. you don't need your customers to have to keep checking if they are in a secure area or not. If they visit your store it should ALWAYS be secure!
Basicall in your config.php file make EVERYTHING HTTPS. There maybe some code that may need to be forced like in v1.5.x but you can start with that. I made the fix on v1.5.x and haven't gotten around to testing 2.1.x in that area yet.
Basicall in your config.php file make EVERYTHING HTTPS. There maybe some code that may need to be forced like in v1.5.x but you can start with that. I made the fix on v1.5.x and haven't gotten around to testing 2.1.x in that area yet.
NEVER take serious; anyone who gives negative impact statements with no ABSOLUTE proof!
OpenCart Helpful Information * Upgrade 1.5 to 2.1 * Upgrade 2.1 to 2.2
"Why do people NEVER have enough time to do it right but ALWAYS enough time to do it over?"
DO NOT EVER GIVE SOMEONE YOU DON"T KNOW ADMIN ACCESS TO ANYTHING!
I am NOT affiliated with OpenCart
solution
around line 850:
around line 850:
Code: Select all
//$data['store_url'] = $order_info['store_url'];
if ($order_info['store_id'] == 0) {
$data['store_url'] = $this->request->server['HTTPS'] ? HTTPS_CATALOG : HTTP_CATALOG;
} else {
$data['store_url'] = $order_info['store_url'];
}Hello, I am coming across the same errors on my website.
I have changed over to the SSL version of the website? For new orders it works fine, however for older orders the website is still using http://www.[thedomain].com/index.php?route=api/login rather than https://
I have cleared the vqcache. Is there anything I missing to get this changed over?
I have changed over to the SSL version of the website? For new orders it works fine, however for older orders the website is still using http://www.[thedomain].com/index.php?route=api/login rather than https://
I have cleared the vqcache. Is there anything I missing to get this changed over?
Search your database for "http", this might be the issue.
Professional OpenCart extensions, support and custom work.
Contact me via email or Skype by support@thekrotek.com
Who is online
Users browsing this forum: No registered users and 279 guests
