Hey everyone,
I've had a couple of customers getting to the 'order/confirm' page with http not https.
This is causing problems with ajax calls when https is declared in the config.php.
Any ideas how I can force the page to use https on certain pages?
ht.access is possible, but how to define certain urls...
Robin
I've had a couple of customers getting to the 'order/confirm' page with http not https.
This is causing problems with ajax calls when https is declared in the config.php.
Any ideas how I can force the page to use https on certain pages?
ht.access is possible, but how to define certain urls...
Robin
I stumbled on this article today since I was looking for the same solution. My concern was that even though all the links within the code specify https, there's always that person who gets to the url using http. So to prevent that and force https, it's a simple .htaccess edit. Here's the article: http://joseph.randomnetworks.com/archiv ... -htaccess/.
Hey Everyone,
Yep - using SagePay direct, I haven't had any users do it recently...
Just a worry because things start to break when they do!
@iloveopencart - I've seen that idea before, however how do I force it for only certain pages? Maybe I should read every comment
Robin
Yep - using SagePay direct, I haven't had any users do it recently...
Just a worry because things start to break when they do!
@iloveopencart - I've seen that idea before, however how do I force it for only certain pages? Maybe I should read every comment
Robin
I know that, but I wanted to FORCE the SSL on certain pages like the title of the topic suggests.rph wrote:If you set up your store to use SSL in Admin it'll be done automatically.
By default, OpenCart let you type in an URL like this:
Code: Select all
http://www.sitename.com/index.php?route=checkout/payment
I want to redirect that URL to the "https version".
Anyway, I find a solution myself. I added this string in the .htaccess file:
Code: Select all
#no non-ssl access
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteCond %{QUERY_STRING} checkout|account
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
Code: Select all
http://www.sitename.com/index.php?route=checkout/payment
Code: Select all
http://www.sitename.com/index.php?route=account/create
Code: Select all
https://www.sitename.com/index.php?route=checkout/payment
Code: Select all
https://www.sitename.com/index.php?route=account/create
Thank you thank you thank you thank you!
I posted your data in htaccess. But then I had one additional problem. For some reason my config had this:
// HTTPS
define('HTTPS_SERVER', 'http://www.qhgraphics.com/');
define('HTTPS_IMAGE', 'http://www.qhgraphics.com/image/');
I just added the 's':
// HTTPS
define('HTTPS_SERVER', 'https://www.qhgraphics.com/');
define('HTTPS_IMAGE', 'https://www.qhgraphics.com/image/');
After that I am good to go! Thanks again for the help!
I posted your data in htaccess. But then I had one additional problem. For some reason my config had this:
// HTTPS
define('HTTPS_SERVER', 'http://www.qhgraphics.com/');
define('HTTPS_IMAGE', 'http://www.qhgraphics.com/image/');
I just added the 's':
// HTTPS
define('HTTPS_SERVER', 'https://www.qhgraphics.com/');
define('HTTPS_IMAGE', 'https://www.qhgraphics.com/image/');
After that I am good to go! Thanks again for the help!
Raspo,
I tried this change of .htaaccess on v1.5.1.3, it made shopping cart not working - when clicked "Add to Cart", nothing happened.
I tried this change of .htaaccess on v1.5.1.3, it made shopping cart not working - when clicked "Add to Cart", nothing happened.
Raspo wrote:I know that, but I wanted to FORCE the SSL on certain pages like the title of the topic suggests.rph wrote:If you set up your store to use SSL in Admin it'll be done automatically.
By default, OpenCart let you type in an URL like this:Note the non-ssl urlCode: Select all
http://www.sitename.com/index.php?route=checkout/payment
I want to redirect that URL to the "https version".
Anyway, I find a solution myself. I added this string in the .htaccess file:Now, when I type in URL like:Code: Select all
#no non-ssl access RewriteEngine On RewriteCond %{HTTPS} off RewriteCond %{QUERY_STRING} checkout|account RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
orCode: Select all
http://www.sitename.com/index.php?route=checkout/payment
it redirects me toCode: Select all
http://www.sitename.com/index.php?route=account/create
orCode: Select all
https://www.sitename.com/index.php?route=checkout/payment
Hope this helps someone, cause i've lost days in itCode: Select all
https://www.sitename.com/index.php?route=account/create
Hi Everyone!
I need a little help!
I'd like my whole OpenCart shop to be SSL protected, but here is a little problem.
I using OpenCart 1.4.9.6. and SEO enabled.
I put this code the the .htaccess file:
It works fine, after this, I got all pages https secured, BUT... it messing to the SEO URL-s :-(
Like:
SEO URL before the forced SSL:
http://www.mywebshop.com/goodstuff.html
and after forcing the SSL by the code:
https://www.mywebshop.com/index.php?_route_=goodstuff.html
Is anybody knows, how to fix this problem?
Thank You very much!
I need a little help!
I'd like my whole OpenCart shop to be SSL protected, but here is a little problem.
I using OpenCart 1.4.9.6. and SEO enabled.
I put this code the the .htaccess file:
Code: Select all
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
Like:
SEO URL before the forced SSL:
http://www.mywebshop.com/goodstuff.html
and after forcing the SSL by the code:
https://www.mywebshop.com/index.php?_route_=goodstuff.html
Is anybody knows, how to fix this problem?
Thank You very much!
Did you manage to sort this out? I'm interested in this tooBobHL wrote:Raspo,
I tried this change of .htaaccess on v1.5.1.3, it made shopping cart not working - when clicked "Add to Cart", nothing happened.
If this breaks the 'add to cart' function on your shopping cart change the .htaccess as follows;
Code: Select all
# Require SSL for sensitive areas
RewriteCond %{HTTPS} off
RewriteCond %{QUERY_STRING} checkout|account [NC]
RewriteCond %{QUERY_STRING} !checkout/cart/update [NC]
RewriteRule (.*) https://www.yourstore.com%{REQUEST_URI} [R]
This doesn't force the redirect though, so users can manually type http (which was a problem for my pci)rsmck wrote:If this breaks the 'add to cart' function on your shopping cart change the .htaccess as follows;
Code: Select all
# Require SSL for sensitive areas RewriteCond %{HTTPS} off RewriteCond %{QUERY_STRING} checkout|account [NC] RewriteCond %{QUERY_STRING} !checkout/cart/update [NC] RewriteRule (.*) https://www.yourstore.com%{REQUEST_URI} [R]
This seems to work though, and I added the admin login which wasn't https before.
Code: Select all
#Force https redirect
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(checkout|account|admin) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
RewriteCond %{HTTPS} !=off
A REALLY EASY WAY TO FORCE CERTAIN PAGES TO USE HTTPS!
Just add this to the top of any php page (after the opening <?php tag).
Just add this to the top of any php page (after the opening <?php tag).
Code: Select all
if (!isset($_SERVER['HTTPS']) || !$_SERVER['HTTPS']) { // if request is not secure, redirect to secure url
$url = 'https://' . $_SERVER['HTTP_HOST']
. $_SERVER['REQUEST_URI'];
header('Location: ' . $url);
exit;
}
Last edited by jon.mosier@mac.com on Thu Jan 30, 2014 2:38 am, edited 1 time in total.
When trying to force SSL for account and checkout pages, with some Add to Cart and Update Cart no longer work.
This code seems to have fixed it.
Code: Select all
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteCond %{QUERY_STRING} checkout|account [NC]
RewriteCond %{QUERY_STRING} !checkout/cart [NC]
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
Who is online
Users browsing this forum: No registered users and 3 guests