Post by DonHermes » Tue Dec 27, 2016 11:36 pm

Hey guys & girls!

I have a really nasty issue here with a client website.

After enabling SSL, and forcing the whole site to use SSL the client is not able to edit order status anymore.
First, we got error_undefined, that I traced back to a "httpss://" issue and we solved it from a fix on a forum post.

But now, I get this one:

1. "Mixed Content: The page at 'https://mysite.com/admin/index.php?rout ... der_id=134' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://mysite.com/index.php?route=api/login'. This request has been blocked; the content must be served over HTTPS."
2. "jquery-2.1.1.min.js:4 XMLHttpRequest cannot load http://mysite.com/index.php?route=api/login. Failed to start loading."

config.php & admin/config.php have been forced from http --> https but no help. ???

Any help with this issue is greatly appreciated. I think I am going crrrazy with this bug, and my client is not very happy either.

OC 2.2.0.0.
php 5.5 (tried 5.4 & 5.3 too...)

HELP ME!!!

Newbie

Posts

Joined
Thu Jun 04, 2015 4:30 pm

Post by rjcalifornia » Wed Dec 28, 2016 2:58 am

Did you try this solution:

Code: Select all

My current version is: Version 2.1.0.1 on Apache

This is how I patched mine to get around this error:
While editing orders in the adming, you'll get an error message like this when viewing an order.
Exception... "<no message>" nsresult: "0x805e0006 (<unknown>)" location: "JS frame ::

Looks like the API user tries to login via HTTP while the browser is in HTTPS
in admin/view/template/sale/order_info.tpl you'll find this line:

$.ajax({
url: '<?php echo $store_url; ?>index.php?route=api/login',

It shows that it's using a variable called '$store_url , which is defined in: admin/controller/sale/order.php

In admin/controller/sale/order.php Find this line:

$data['store_url'] = $order_info['store_url'];

You'll notice it pulls the url from the order, and not from your browsing context.
I'm not sure if I'm over riding some other functionality, but I added this:

$data['store_url'] = $order_info['store_url'];
# add the following
if( isset($_SERVER['HTTPS'] ) ) {
$data['store_url'] = str_replace('http://','https://',$data['store_url']);
}

It just checks if you're in SSL mode and swaps the http for https

When I did that everything started working. 
Source:
viewtopic.php?f=191&t=153203#p592114

Image


Active Member

Posts

Joined
Fri Sep 02, 2011 1:19 pm
Location - Worldwide

Post by IP_CAM » Wed Dec 28, 2016 3:21 am


Please don't send me OC Forum Personal Messages, just contact: jti@jacob.ch
---
OC 1.5.6.5 LIGHT Test Site: http://www.bigmax.ch/shop/
OC 1.5.6.5 V-PRO Test Site: http://www.jacob.ch/shop/
My Github OC Site: https://github.com/IP-CAM
2'600+ FREE OC Extensions on the World's largest Github OC Repository Archive Site.


User avatar
Legendary Member

Posts

Joined
Tue Mar 04, 2014 1:37 am
Location - Switzerland
Who is online

Users browsing this forum: No registered users and 46 guests