Post by hillfingerr » Tue Jun 03, 2014 9:29 am

Hi,

What can I do to automatically load all pages of the site in https instead of just the checkout and account pages?

Would this be unwise for any reason?

thanks!

New member

Posts

Joined
Mon May 26, 2014 8:22 pm

Post by raikage » Tue Jun 03, 2014 1:35 pm

hillfingerr wrote:Hi,

What can I do to automatically load all pages of the site in https instead of just the checkout and account pages?

Would this be unwise for any reason?

thanks!
u just need edit your config.php in admin folder and the same config.php in your OC root

this two line :
// HTTPS
define('HTTPS_SERVER', 'http://
define('HTTPS_CATALOG', 'http://
change in :
// HTTPS
define('HTTPS_SERVER', 'https://
define('HTTPS_CATALOG', 'https://

https://www.informaticazone.it
Consulenza,Sviluppo Extension per: Opencart,Magento,Prestahop,Wordpress,Ocart,Zencart,Joomla,Multimerch e SEO Specialist Certified

Info e Contatti

Image


User avatar
Active Member

Posts

Joined
Mon Jun 03, 2013 3:04 pm

Post by OSWorX » Tue Jun 03, 2014 1:47 pm

To be able to load ALL pages (as requested) via HTTPS you need a bit more than only editing the 2 config.php.

Custom Development | Individuelle Entwicklung | Support & Bugfixes

Image Image Image


User avatar
Guru Member
Online

Posts

Joined
Mon Jan 11, 2010 10:52 pm
Location - Austria

Post by hillfingerr » Tue Jun 03, 2014 7:42 pm

That's right! I already have those lines in both my config.php.

OSWorX, can you please elaborate on what I need to make this happen?

Thanks in advance.

New member

Posts

Joined
Mon May 26, 2014 8:22 pm

Post by raikage » Tue Jun 03, 2014 7:54 pm

but did u have installed a SSL certificate in your OC store?

https://www.informaticazone.it
Consulenza,Sviluppo Extension per: Opencart,Magento,Prestahop,Wordpress,Ocart,Zencart,Joomla,Multimerch e SEO Specialist Certified

Info e Contatti

Image


User avatar
Active Member

Posts

Joined
Mon Jun 03, 2013 3:04 pm

Post by hillfingerr » Tue Jun 03, 2014 8:01 pm

Yes, I do have a SSL certificate installed and kicks in and working just fine for the checkout and user account pages, but I want it to work for all pages automatically, not by manually haveing to add an "s" after http in the browser url area.

New member

Posts

Joined
Mon May 26, 2014 8:22 pm

Post by raikage » Tue Jun 03, 2014 8:08 pm

ok try that open your both config.php

for admin config.php rename this two line

<?php
// HTTP
define('HTTP_SERVER', 'http:
define('HTTP_CATALOG', 'http:

rename in :
// HTTP
define('HTTP_SERVER', 'https:
define('HTTP_CATALOG', 'https:
--------------------------------------------------------------------
for root config.php
<?php
// HTTP
define('HTTP_SERVER', 'http:
rename in
<?php
// HTTP
define('HTTP_SERVER', 'https:

try this i'm not sure

https://www.informaticazone.it
Consulenza,Sviluppo Extension per: Opencart,Magento,Prestahop,Wordpress,Ocart,Zencart,Joomla,Multimerch e SEO Specialist Certified

Info e Contatti

Image


User avatar
Active Member

Posts

Joined
Mon Jun 03, 2013 3:04 pm

Post by raikage » Tue Jun 03, 2014 8:16 pm

i have tried on my OC demo and work for all pages give a look

www.informaticazone.com/ocart1551

https://www.informaticazone.it
Consulenza,Sviluppo Extension per: Opencart,Magento,Prestahop,Wordpress,Ocart,Zencart,Joomla,Multimerch e SEO Specialist Certified

Info e Contatti

Image


User avatar
Active Member

Posts

Joined
Mon Jun 03, 2013 3:04 pm

Post by hillfingerr » Tue Jun 03, 2014 9:08 pm

Thank you for your answer. This solves it and now I also have the answer to what the downside of doing this might be.

If your running the whole site in https there might be certaing content that is considered unsecure and automatically blocked therefore loosing functionality. I'm guessing that's why opencart restricted the use of https to just the user account and the checkout process.

Here's an extract from Chrome:

"If you're visiting a site via a secure connection, Google Chrome will verify that the content on the webpage has been transmitted safely. If it detects certain types of content on the page coming from insecure channels, it can automatically prevent the content from loading and you'll see a shield icon Insecure content shield icon appearing in the address bar. By blocking the content and possible security gaps, Chrome protects your information on the page from falling into the wrong hands."

Best regards,
Gabriel

New member

Posts

Joined
Mon May 26, 2014 8:22 pm

Post by Dhaupin » Wed Jun 04, 2014 1:05 am

Theory if you use subs/multis: On top of the config thoughts, this may work as well to help (untested currently, dont have SSL on a test store). This is assuming that you have a subdomain set as primary store root in preparation for attachments of multistore addon domains.

In www/your-oc-install/htaccess, mask all temp urls then tell the http_host that it should resolve to https:

Code: Select all

RewriteCond %{HTTP_HOST} ^store\.example\.com$ [OR]
RewriteCond %{HTTP_HOST} ^www\.store\.example\.com$ [OR]
RewriteCond %{HTTP_HOST} ^store\.com$
RewriteRule ^(.*)$ "https\:\/\/www\.store\.com\/$1" [R=301,L]

RewriteCond %{HTTPS_HOST} ^store\.example\.com$ [OR]
RewriteCond %{HTTPS_HOST} ^www\.store\.example\.com$ [OR]
RewriteCond %{HTTPS_HOST} ^store\.com$
RewriteRule ^(.*)$ "https\:\/\/www\.store\.com\/$1" [R=301,L]
Then if you run multistores, goto the store settings and enter the https:// base URL for both fields, then turn SSL on. Combined with the config settings, this should help to force https://.

A note about Chrome not loading insecure content or making the yellow broken lock -- be sure to prefix your images/media/calls/etc with either an "https://" to ONLY load via SSL, or use "//" to let it pick and choose between SSL or normal http mode. If configs are set right, and https:// defined there, utility or json urls should accent this correctly.

So a call for an image in code would look like:
SSL Always => https://www.example.com/image/data/my-image.png
SSL On Demand => //www.example.com/image/data/my-image.png
SSL Never => http://www.example.com/image/data/my-image.png

https://creadev.org | support@creadev.org - Opencart Extensions, Integrations, & Development. Made in the USA.


User avatar
Active Member

Posts

Joined
Tue May 13, 2014 3:45 am
Location - PA

Post by platypuspuzzles » Wed Jun 04, 2014 10:54 pm

I can't add an SSL URL to the admin>system>settings>multi store URL>edit>SSL URL on the general tab.

when I do, all I get is 'page cannot be found!' and am unable to save it

What is causing this?

Active Member

Posts

Joined
Sun Jan 23, 2011 8:11 pm
Who is online

Users browsing this forum: No registered users and 18 guests