Post by miklcct » Mon Jul 16, 2018 10:35 am

I am currently a staff member working on the support desk and received many support tickets related to "broken installation". The symptoms are one or more of below:
  • Broken images
  • Missing emoticons such as shopping cart
  • After pressing F12 for the developer console, CORS errors show with message saying missing Access-Control-Allow-Origin
  • After pressing F12 for the developer console, errors show with message saying the refuse to use the insecure stylesheet and the resource must be served using HTTPS
It is because for a normal OpenCart installation, in the installation process, the URL and paths are hardcoded into config.php and admin/config.php (which no sensitive PHP developer writes such code). If the URL is changed the site is broken with the above symptoms. If the path is changed PHP errors occur because OpenCart can't load resources from non-existent path.

This also covers the case where a site is accessible on multiple different URLs. For example, if you have installed a store at http://example.com/ , and the customer types in http://www.example.com/ (note the www.), the same symptoms occurs because http://www.example.com/ can't load AJAX from http://example.com/ due to same origin policy. https://example.com/ and https://www.example.com/ are also broken for the same reason.

I have made a pull request to handle this issue: https://github.com/opencart/opencart/pull/6730

However, as config.php and admin/config.php are generated on installation, it only applies to new installations. For existing store owners, simply copying the following the code for config.php and admin/config.php will fix your broken site, no matter where your site is installed and which URL your customer types (i.e. http://example.com/ , https://example.com/ , http://www.example.com/ , https://www.example.com/ will all work as long as your web server is configured to serve them all).

When copying these files, please take care to keep your database credential, and the storage directory (if you have moved it) untouched.

Code: Select all

<?php
// config.php
// Check if SSL
if (((isset($_SERVER['HTTPS']) && (($_SERVER['HTTPS'] == 'on') || ($_SERVER['HTTPS'] == '1')))) || $_SERVER['SERVER_PORT'] == 443) {
        $protocol = 'https://';
} elseif (!empty($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https' || !empty($_SERVER['HTTP_X_FORWARDED_SSL']) && $_SERVER['HTTP_X_FORWARDED_SSL'] == 'on') {
        $protocol = 'https://';
} else {
        $protocol = 'http://';
}
// HTTP
define('HTTP_SERVER', $protocol . $_SERVER['HTTP_HOST'] . rtrim(dirname($_SERVER['SCRIPT_NAME']), '/.\\') . '/');

// HTTPS
define('HTTPS_SERVER', $protocol . $_SERVER['HTTP_HOST'] . rtrim(dirname($_SERVER['SCRIPT_NAME']), '/.\\') . '/');

// DIR
define('DIR_OPENCART', str_replace('\\', '/', __DIR__) . '/');
define('DIR_APPLICATION', DIR_OPENCART . 'catalog/');
define('DIR_SYSTEM', DIR_OPENCART . 'system/');
define('DIR_IMAGE', DIR_OPENCART . 'image/');
define('DIR_STORAGE', DIR_SYSTEM . 'storage/'); // keep this line unchanged if you moved your storage
define('DIR_LANGUAGE', DIR_APPLICATION . 'language/');
define('DIR_TEMPLATE', DIR_APPLICATION . 'view/theme/');
define('DIR_CONFIG', DIR_SYSTEM . 'config/');
define('DIR_CACHE', DIR_STORAGE . 'cache/');
define('DIR_DOWNLOAD', DIR_STORAGE . 'download/');
define('DIR_LOGS', DIR_STORAGE . 'logs/');
define('DIR_MODIFICATION', DIR_STORAGE . 'modification/');
define('DIR_SESSION', DIR_STORAGE . 'session/');
define('DIR_UPLOAD', DIR_STORAGE . 'upload/');

// DB
// keep the below lines unchanged for your database credential
define('DB_DRIVER', 'mysqli');
define('DB_HOSTNAME', 'localhost');
define('DB_USERNAME', 'opencart');
define('DB_PASSWORD', 'password');
define('DB_DATABASE', 'opencart');
define('DB_PORT', '3306');
define('DB_PREFIX', 'oc_');

Code: Select all

<?php
// admin/config.php
// Check if SSL
if (((isset($_SERVER['HTTPS']) && (($_SERVER['HTTPS'] == 'on') || ($_SERVER['HTTPS'] == '1')))) || $_SERVER['SERVER_PORT'] == 443) {
        $protocol = 'https://';
} elseif (!empty($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https' || !empty($_SERVER['HTTP_X_FORWARDED_SSL']) && $_SERVER['HTTP_X_FORWARDED_SSL'] == 'on') {
        $protocol = 'https://';
} else {
        $protocol = 'http://';
}
// HTTP
define('HTTP_SERVER', $protocol . $_SERVER['HTTP_HOST'] . rtrim(dirname($_SERVER['SCRIPT_NAME']), '/.\\') . '/');
define('HTTP_CATALOG', $protocol . $_SERVER['HTTP_HOST'] . rtrim(dirname(dirname($_SERVER['SCRIPT_NAME'])), '/.\\') . '/');

// HTTPS
define('HTTPS_SERVER', $protocol . $_SERVER['HTTP_HOST'] . rtrim(dirname($_SERVER['SCRIPT_NAME']), '/.\\') . '/');
define('HTTPS_CATALOG', $protocol . $_SERVER['HTTP_HOST'] . rtrim(dirname(dirname($_SERVER['SCRIPT_NAME'])), '/.\\') . '/');

// DIR
define('DIR_OPENCART', realpath(str_replace('\\', '/', __DIR__ . '/..')) . '/');
define('DIR_APPLICATION', DIR_OPENCART . 'admin/');
define('DIR_SYSTEM', DIR_OPENCART . 'system/');
define('DIR_IMAGE', DIR_OPENCART . 'image/');
define('DIR_STORAGE', DIR_SYSTEM . 'storage/'); // keep this line unchanged if you moved your storage
define('DIR_CATALOG', DIR_OPENCART . 'catalog/');
define('DIR_LANGUAGE', DIR_APPLICATION . 'language/');
define('DIR_TEMPLATE', DIR_APPLICATION . 'view/template/');
define('DIR_CONFIG', DIR_SYSTEM . 'config/');
define('DIR_CACHE', DIR_STORAGE . 'cache/');
define('DIR_DOWNLOAD', DIR_STORAGE . 'download/');
define('DIR_LOGS', DIR_STORAGE . 'logs/');
define('DIR_MODIFICATION', DIR_STORAGE . 'modification/');
define('DIR_SESSION', DIR_STORAGE . 'session/');
define('DIR_UPLOAD', DIR_STORAGE . 'upload/');

// DB
// keep the below lines unchanged for your database credential
define('DB_DRIVER', 'mysqli');
define('DB_HOSTNAME', 'localhost');
define('DB_USERNAME', 'opencart');
define('DB_PASSWORD', 'password');
define('DB_DATABASE', 'opencart');
define('DB_PORT', '3306');
define('DB_PREFIX', 'oc_');

// OpenCart API
define('OPENCART_SERVER', 'https://www.opencart.com/');

Administrator

Posts

Joined
Wed Mar 14, 2018 10:00 am

Post by IP_CAM » Mon Jul 16, 2018 4:47 pm

CORS errors show with message saying missing Access-Control-Allow-Origin
Well, such can be fixed much easier, by just adding the Code, shown below, to the .htaccess
file.
Ernie

Code: Select all

<FilesMatch "\.(ttf|ttc|otf|eot|woff|font.css|css)$">
<IfModule mod_headers.c>
Header set Access-Control-Allow-Origin "*"
</IfModule>
</FilesMatch>

My Github OC Site: https://github.com/IP-CAM
5'200 + FREE OC Extensions, on the World's largest private Github OC Repository Archive Site.


User avatar
Legendary Member

Posts

Joined
Tue Mar 04, 2014 1:37 am
Location - Switzerland
Who is online

Users browsing this forum: No registered users and 126 guests