OpenCart Community

Hi,

I'm getting these errors when i try to check out with SSL switched on:

[blocked] The page at https://www.mysite.co.uk/index.php?rout ... t/checkout ran insecure content from http://www.mysite.co.uk/catalog/view/th ... esheet.css.
[blocked] The page at https://www.mysite.co.uk/index.php?rout ... t/checkout ran insecure content from http://www.mysite.co.uk/catalog/view/ja ... 7.1.min.js.
[blocked] The page at https://www.mysite.co.uk/index.php?rout ... t/checkout ran insecure content from http://www.mysite.co.uk/catalog/view/ja ... tom.min.js.
[blocked] The page at https://www.mysite.co.uk/index.php?rout ... t/checkout ran insecure content from http://www.mysite.co.uk/catalog/view/ja ... custom.css.
[blocked] The page at https://www.mysite.co.uk/index.php?rout ... t/checkout ran insecure content from http://www.mysite.co.uk/catalog/view/ja ... .cookie.js.
[blocked] The page at https://www.mysite.co.uk/index.php?rout ... t/checkout ran insecure content from http://www.mysite.co.uk/catalog/view/ja ... olorbox.js.
[blocked] The page at https://www.mysite.co.uk/index.php?rout ... t/checkout ran insecure content from http://www.mysite.co.uk/catalog/view/ja ... lorbox.css.
[blocked] The page at https://www.mysite.co.uk/index.php?rout ... t/checkout ran insecure content from http://www.mysite.co.uk/catalog/view/ja ... ry/tabs.js.
[blocked] The page at https://www.mysite.co.uk/index.php?rout ... t/checkout ran insecure content from http://www.mysite.co.uk/catalog/view/ja ... /common.js.
The page at https://www.mysite.co.uk/index.php?rout ... t/checkout displayed insecure content from http://www.mysite.co.uk/image/data/logo-1.jpg.
The page at https://www.mysite.co.uk/index.php?rout ... t/checkout displayed insecure content from http://www.mysite.co.uk/image/cache/dat ... -75x75.jpg.
The page at https://www.mysite.co.uk/index.php?rout ... t/checkout displayed insecure content from http://www.mysite.co.uk/catalog/view/th ... -small.png.


I've cleared my system->cache folder as recommended in another similar post but still no joy. Any help is appreciated

If your asking for help, actually provide us with your site so we can see what the problem is, pasting that is no help.

Hi yes sorry i apreciate it would be easier for you to look at my site, however because this issue is stopping anyone checking out on my site I have had to switch "Use SSL" ogg else i'll get no orders! I suppose i was just looking for some advice as to what i should be looking for that may be causing theese errors.

Hi

Have you changed the path in config file to https??

Yes. The checkout link is showing as https as it should

Ok see you getting the problem saying you ran insecure content from the css link which is http.

For Https everthing should be secure.

So go to your config under https cahnge it to "https"

// HTTPS
define('HTTPS_SERVER', 'https://'.$server_name);
define('HTTPS_IMAGE', 'https://'.$server_name.'image/');

And preferably do the same for admin config too

I have done this

Did you redirect to ssl using htaccess or in the admin?

have you changed the path anywhere in the template files?

no

does every url in all of the stylesheets, js etc have to be https?

Yes

so why are lots of them http? i havent changed them manually and my https variables within my config are both set

Did you do any changes in htaccess file?

a few but nothing that should affect this

Can you attach your config file and also your htaccess or mail it to me?

have done some investigation and looking at lines 6-10 in catalog\controller\common\header.php

if (isset($this->request->server['HTTPS']) && (($this->request->server['HTTPS'] == 'on') || ($this->request->server['HTTPS'] == '1'))) {
$this->data['base'] = $this->config->get('config_ssl');
} else {
$this->data['base'] = $this->config->get('config_url');
}

Even with SSL on and my HTTPS variables correctly set to https:// in my config $this->data['base'] still = http:// not https://

Any ideas what could be causing this?

This if statement will never be true because the $this->request->server['HTTPS'] attribute is always undefined

if (isset($this->request->server['HTTPS']) && (($this->request->server['HTTPS'] == 'on') || ($this->request->server['HTTPS'] == '1'))) {
$this->data['base'] = $this->config->get('config_ssl');

Ok - I tested the account login page through a website called whynopadlock.com and these are the results:

Insecure URL: http://www.mysite.co.uk/catalog/view/th ... esheet.css
Found in: https://www.mysite.co.uk/index.php?route=account/login

Insecure URL: http://www.mysite.co.uk/catalog/view/ja ... 7.1.min.js
Found in: https://www.mysite.co.uk/index.php?route=account/login

Insecure URL: http://www.mysite.co.uk/catalog/view/ja ... tom.min.js
Found in: https://www.mysite.co.uk/index.php?route=account/login

Insecure URL: http://www.mysite.co.uk/catalog/view/ja ... custom.css
Found in: https://www.mysite.co.uk/index.php?route=account/login

Insecure URL: http://www.mysite.co.uk/catalog/view/ja ... .cookie.js
Found in: https://www.mysite.co.uk/index.php?route=account/login

Insecure URL: http://www.mysite.co.uk/catalog/view/ja ... olorbox.js
Found in: https://www.mysite.co.uk/index.php?route=account/login

Insecure URL: http://www.mysite.co.uk/catalog/view/ja ... lorbox.css
Found in: https://www.mysite.co.uk/index.php?route=account/login

Insecure URL: http://www.mysite.co.uk/catalog/view/ja ... ry/tabs.js
Found in: https://www.mysite.co.uk/index.php?route=account/login

Insecure URL: http://www.mysite.co.uk/catalog/view/ja ... /common.js
Found in: https://www.mysite.co.uk/index.php?route=account/login

Insecure URL: http://www.mysite.co.uk/catalog/view/ja ... okielaw.js
Found in: https://www.mysite.co.uk/index.php?route=account/login

Insecure URL: http://www.mysite.co.uk/image/data/My-logo-1.jpg
Found in: https://www.mysite.co.uk/index.php?route=account/login

Insecure URL: http://www.mysite.co.uk/catalog/view/th ... w-down.png
Found in: http://www.mysite.co.uk/catalog/view/th ... esheet.css

Insecure URL: http://www.mysite.co.uk/catalog/view/th ... search.png
Found in: http://www.mysite.co.uk/catalog/view/th ... esheet.css

Insecure URL: http://www.mysite.co.uk/catalog/view/th ... e/menu.png
Found in: http://www.mysite.co.uk/catalog/view/th ... esheet.css

Insecure URL: http://www.mysite.co.uk/catalog/view/th ... uccess.png
Found in: http://www.mysite.co.uk/catalog/view/th ... esheet.css

Anyone got any idea why these urls arent being made https?

For anyone who encounters the same issue here is the solution:

The problem was something to do with my hosts server. Opencart looks for this variable:

$this->request->server['HTTPS'] in various files such as catalog\controller\common\header.php

Because of a strange proxy setting with my host this value wasn't present instead i had to use this value:

$this->request->server['HTTP_FORWARDED_SSL']

paulnic777 wrote:For anyone who encounters the same issue here is the solution:

The problem was something to do with my hosts server. Opencart looks for this variable:

$this->request->server['HTTPS'] in various files such as catalog\controller\common\header.php

Because of a strange proxy setting with my host this value wasn't present instead i had to use this value:

$this->request->server['HTTP_FORWARDED_SSL']

interesting

paulnic777

I reckon I have the same problem.

You say "in various files" - would you mind being more specific?

RobinD