Post by DonHermes » Tue Dec 27, 2016 11:36 pm

Hey guys & girls!

I have a really nasty issue here with a client website.

After enabling SSL, and forcing the whole site to use SSL the client is not able to edit order status anymore.
First, we got error_undefined, that I traced back to a "httpss://" issue and we solved it from a fix on a forum post.

But now, I get this one:

1. "Mixed Content: The page at ' ... der_id=134' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint ''. This request has been blocked; the content must be served over HTTPS."
2. "jquery-2.1.1.min.js:4 XMLHttpRequest cannot load Failed to start loading."

config.php & admin/config.php have been forced from http --> https but no help. ???

Any help with this issue is greatly appreciated. I think I am going crrrazy with this bug, and my client is not very happy either.

php 5.5 (tried 5.4 & 5.3 too...)




Thu Jun 04, 2015 4:30 pm

Post by rjcalifornia » Wed Dec 28, 2016 2:58 am

Did you try this solution:

Code: Select all

My current version is: Version on Apache

This is how I patched mine to get around this error:
While editing orders in the adming, you'll get an error message like this when viewing an order.
Exception... "<no message>" nsresult: "0x805e0006 (<unknown>)" location: "JS frame ::

Looks like the API user tries to login via HTTP while the browser is in HTTPS
in admin/view/template/sale/order_info.tpl you'll find this line:

url: '<?php echo $store_url; ?>index.php?route=api/login',

It shows that it's using a variable called '$store_url , which is defined in: admin/controller/sale/order.php

In admin/controller/sale/order.php Find this line:

$data['store_url'] = $order_info['store_url'];

You'll notice it pulls the url from the order, and not from your browsing context.
I'm not sure if I'm over riding some other functionality, but I added this:

$data['store_url'] = $order_info['store_url'];
# add the following
if( isset($_SERVER['HTTPS'] ) ) {
$data['store_url'] = str_replace('http://','https://',$data['store_url']);

It just checks if you're in SSL mode and swaps the http for https

When I did that everything started working. 


Active Member


Fri Sep 02, 2011 1:19 pm
Location - Worldwide

Post by IP_CAM » Wed Dec 28, 2016 3:21 am

Please don't send me OC Forum Personal Messages, just contact:
OC LIGHT Test Site:
OC V-PRO Test Site:
My Github OC Site:
2'600+ FREE OC Extensions on the World's largest Github OC Repository Archive Site.

User avatar
Legendary Member


Tue Mar 04, 2014 1:37 am
Location - Switzerland
Who is online

Users browsing this forum: No registered users and 46 guests