After enabling SSL, I have problem at the admin site when I try to edit an order. when I click next, the button is disabled and spit out error below.
Obviously, the website is trying to access non ssl content and therefore it's disallow. Could anybody help me resolving the issue?
Error message from javascript console:
Mixed Content: The page at 'https://www.mystore.com/admin/index.php ... rder_id=35' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://ilivingusa.com/index.php?route=api/login'. This request has been blocked; the content must be served over HTTPS.
Opencart Developer - My Extension Showcase
Contact me at aeon.yoda@gmail.com
Yes, the config file settings is below. Looks like $ajax is calling api/customer without using https. How can I fix this? Does anybody has this problem or just me?
Code: Select all
$.ajax({
url: $('select[name=\'store\'] option:selected').val() + 'index.php?route=api/customer&token=' + token,
Code: Select all
[b]Admin[/b]
// HTTP
define('HTTP_SERVER', 'http://www.mystore.com/admin/');
define('HTTP_CATALOG', 'http://www.mystore.com/');
// HTTPS
define('HTTPS_SERVER', 'https://www.mystore.com/admin/');
define('HTTPS_CATALOG', 'https://www.mystore.com/');
[b]Root Config[/b]
// HTTP
define('HTTP_SERVER', 'http://www.mystore.com/');
// HTTPS
define('HTTPS_SERVER', 'https://www.mystore.com/');
Cutemonster, did you solve the issue? Or does anybody know how this can be solved?
Code: Select all
// HTTP
define('HTTP_SERVER', 'http://www.mystore.com/admin/');
define('HTTP_CATALOG', 'http://www.mystore.com/');
Code: Select all
// HTTP
define('HTTP_SERVER', 'https://www.mystore.com/admin/');
define('HTTP_CATALOG', 'https://www.mystore.com/');
Koeltechnische deurrubbers eenvoudig online op maat bestellen.
Alle niet stekplichtige onderdelen zoals scharnieren, sloten, randverwarming en verlichting voor alle typen koelingen en vriezers.
https://koelcel-onderdelen.com
victorj wrote:try changing
toCode: Select all
// HTTP define('HTTP_SERVER', 'http://www.mystore.com/admin/'); define('HTTP_CATALOG', 'http://www.mystore.com/');
Code: Select all
// HTTP define('HTTP_SERVER', 'https://www.mystore.com/admin/'); define('HTTP_CATALOG', 'https://www.mystore.com/');
Tried that, same problem.
Here's the output from Chrome Java Developer console
Code: Select all
'https://example.com/admin/index.php?route=sale/order/info&token=Nj9vKoX8CAN2Ansb5jjTkOdQOu9JBzWH&order_id=47' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://example.com/index.php?route=api/login'. This request has been blocked; the content must be served over HTTPS.
did you eneable https in the admin section under store config server ?
Koeltechnische deurrubbers eenvoudig online op maat bestellen.
Alle niet stekplichtige onderdelen zoals scharnieren, sloten, randverwarming en verlichting voor alle typen koelingen en vriezers.
https://koelcel-onderdelen.com
just edited the 2 config files so http and https are both pointing to https, and switched https in admin off and it wass all working.
if its not working, check if you have a mod or vqmod thats acting on th eorder section and unistall te see if that cures the problem.
Koeltechnische deurrubbers eenvoudig online op maat bestellen.
Alle niet stekplichtige onderdelen zoals scharnieren, sloten, randverwarming en verlichting voor alle typen koelingen en vriezers.
https://koelcel-onderdelen.com
No modules no add-ons present, being a javascript error I wanted to ensure the browser wasn't effecting this so I did fresh installs of chrome and FF on different machines. Still no luck
I dug hard enough and found were this is failing for me -
In admin/view/template/sale/order_info.tpl, there are two API url definitions
line 506: url: '<?php echo $store_url; ?>index.php?route=api/login', - This provides API login when the order is viewed
line 582: url: '<?php echo $store_url; ?>index.php?route=api/order/history&token=' + token + '&order_id=<?php echo $order_id; ?>', - this processes the add history button.
The problem on all the instances of 2.1.0.1 that I install are in this instance the $store_url variable maps to http://example.com/ - not https://example.com/ --
I manually modified each of these instances with " 'https://example.com/' +" and the problem went away --
Not an elegant solution but finally was able to find the problem --
What I can't yet find is were $store_url is instantiated to figure out why its not getting properly set.
I had a similar issue in v1.5.6.4 and it may not have been fixed in v2.x.
This is what I had to do to resolve - http://forum.opencart.com/viewtopic.php?f=161&t=132231
Possibly it can help you with this issue.
NEVER take serious; anyone who gives negative impact statements with no ABSOLUTE proof!
OpenCart Helpful Information * Upgrade 1.5 to 2.1 * Upgrade 2.1 to 2.2
"Why do people NEVER have enough time to do it right but ALWAYS enough time to do it over?"
DO NOT EVER GIVE SOMEONE YOU DON"T KNOW ADMIN ACCESS TO ANYTHING!
I am NOT affiliated with OpenCart
$store_url is set in admin/controller/sale/order.php -
"$data['store_url'] = $order_info['store_url'];"
$order_info['store_url'] - is an array of the database fields and references the order table - store_url field, which is set during each order referencing the base store URL which regardless of SSL enabled uses the base http://example.com
I'll open this up on the github site -
If anyone else is having this issue you have a few options -
one change all instances of our site in both config.php files - to reference https, this will force all sessions SSL, any new orders going forward will be fine-
Two - Still testing but it looks like for the instances of url: in the api calls we can use - The route will have to be changed according to the two spots located in order_info.tpl
Code: Select all
url: $('select[name=\'store\'] option:selected').val() + 'index.php?route=api/login',
NEVER take serious; anyone who gives negative impact statements with no ABSOLUTE proof!
OpenCart Helpful Information * Upgrade 1.5 to 2.1 * Upgrade 2.1 to 2.2
"Why do people NEVER have enough time to do it right but ALWAYS enough time to do it over?"
DO NOT EVER GIVE SOMEONE YOU DON"T KNOW ADMIN ACCESS TO ANYTHING!
I am NOT affiliated with OpenCart
Basicall in your config.php file make EVERYTHING HTTPS. There maybe some code that may need to be forced like in v1.5.x but you can start with that. I made the fix on v1.5.x and haven't gotten around to testing 2.1.x in that area yet.
NEVER take serious; anyone who gives negative impact statements with no ABSOLUTE proof!
OpenCart Helpful Information * Upgrade 1.5 to 2.1 * Upgrade 2.1 to 2.2
"Why do people NEVER have enough time to do it right but ALWAYS enough time to do it over?"
DO NOT EVER GIVE SOMEONE YOU DON"T KNOW ADMIN ACCESS TO ANYTHING!
I am NOT affiliated with OpenCart
around line 850:
Code: Select all
//$data['store_url'] = $order_info['store_url'];
if ($order_info['store_id'] == 0) {
$data['store_url'] = $this->request->server['HTTPS'] ? HTTPS_CATALOG : HTTP_CATALOG;
} else {
$data['store_url'] = $order_info['store_url'];
}
I have changed over to the SSL version of the website? For new orders it works fine, however for older orders the website is still using http://www.[thedomain].com/index.php?route=api/login rather than https://
I have cleared the vqcache. Is there anything I missing to get this changed over?
Professional OpenCart extensions, support and custom work.
Contact me via email or Skype by support@thekrotek.com
Users browsing this forum: No registered users and 101 guests