Post by Nordikota » Wed Sep 11, 2019 4:22 pm

We've just upgraded to OC3032 and Journal3. All seemed to work fine. But we are getting reports from customers that they cannot login when using Firefox or Safari. Google Chrome and IE are ok though. Weird. I checked on our own machines and sure enough, with Firefox you get the login box - enter your details & nothing happens. Just sits there.

Anyone else had the same. Any ideas on how to resolve? A bit random I know :-\
Last edited by Nordikota on Sat Sep 14, 2019 12:54 am, edited 1 time in total.

Active Member

Posts

Joined
Tue Feb 11, 2014 8:04 pm

Post by letxobnav » Wed Sep 11, 2019 5:39 pm

Then why don't you fire up the good old browser developer tools and look what is going on?

Crystal Light Centrum Taiwan
Extensions: MailQueue | SUKHR | VBoces

“Data security is paramount at [...], and we are committed to protecting the privacy of anyone who is associated with our [...]. We’ve made a lot of improvements and will continue to make them.”
When you know your life savings are gone.


User avatar
Expert Member

Posts

Joined
Fri Aug 18, 2017 4:35 pm
Location - Taiwan

Post by Nordikota » Wed Sep 11, 2019 5:46 pm

Cos I'm not a developer :o
But that's a good suggestion & I didn't think of it.

This comes up when the Login Module appears:
"SecurityError: Permission denied to access property "document" on cross-origin object"

Active Member

Posts

Joined
Tue Feb 11, 2014 8:04 pm

Post by paulfeakins » Wed Sep 11, 2019 5:48 pm

Nordikota wrote:
Wed Sep 11, 2019 4:22 pm
Any ideas on how to resolve?
Journal is a paid theme, they should provide support.

UK OpenCart Hosting | OpenCart Audits | OpenCart Support - please email info@antropy.co.uk


User avatar
Guru Member
Online

Posts

Joined
Mon Aug 22, 2011 11:01 pm
Location - London Gatwick, United Kingdom

Post by letxobnav » Wed Sep 11, 2019 5:59 pm

well, first thing to do, you may not be a developer and able to fix it but it will tell you if you get a 404 or 500 error somewhere or a javascript error and it might even tell you which file it is which in turn may tell you if it is template related or not, your basic emergency room first assessment stuff.

That will also help in providing more detailed info when asking for help here or at the journal people.

Crystal Light Centrum Taiwan
Extensions: MailQueue | SUKHR | VBoces

“Data security is paramount at [...], and we are committed to protecting the privacy of anyone who is associated with our [...]. We’ve made a lot of improvements and will continue to make them.”
When you know your life savings are gone.


User avatar
Expert Member

Posts

Joined
Fri Aug 18, 2017 4:35 pm
Location - Taiwan

Post by Nordikota » Wed Sep 11, 2019 6:25 pm

Sounds like you are both saying it's a Journal issue. There is no error messages appearing. The screen gets stuck at the login page and won't go any further. The last message that appears in the developers section is the one I already posted.

Active Member

Posts

Joined
Tue Feb 11, 2014 8:04 pm

Post by paulfeakins » Wed Sep 11, 2019 6:28 pm

Nordikota wrote:
Wed Sep 11, 2019 6:25 pm
Sounds like you are both saying it's a Journal issue.
Probably is, it's a very complex theme and the more moving parts the more chance of something breaking.

You should raise a support request with them in the first instance.

UK OpenCart Hosting | OpenCart Audits | OpenCart Support - please email info@antropy.co.uk


User avatar
Guru Member
Online

Posts

Joined
Mon Aug 22, 2011 11:01 pm
Location - London Gatwick, United Kingdom

Post by letxobnav » Wed Sep 11, 2019 6:38 pm

Not necessarily.
Permission denied to access property "document" on cross-origin object
is a CORS issue.

perhaps you are mixing https:// with http:// or www with no www url's?

Crystal Light Centrum Taiwan
Extensions: MailQueue | SUKHR | VBoces

“Data security is paramount at [...], and we are committed to protecting the privacy of anyone who is associated with our [...]. We’ve made a lot of improvements and will continue to make them.”
When you know your life savings are gone.


User avatar
Expert Member

Posts

Joined
Fri Aug 18, 2017 4:35 pm
Location - Taiwan

Post by Nordikota » Wed Sep 11, 2019 6:47 pm

OK. I understand what you're saying, but not sure how to fix that. I've added a rewriterule into the HTAccess file to ensure all goes to the HTTPS site.

RewriteRule ^(.*)$ https://nordikota.co.uk/$1 [R=301,L]

Do I need to do anything more?

Active Member

Posts

Joined
Tue Feb 11, 2014 8:04 pm

Post by letxobnav » Wed Sep 11, 2019 6:59 pm

ok, but that is not the problem.
It is more about which links you are putting on the pages and whether they are from different domains.
http://www.domain.com
https://www.domain.com
http://domain.com
https://domain.com

are all different domains and browsers do not allow data to be transferred via http ajax requests without explicit permission, that is CORS.
That is why some browsers do and some don't allow it, it's a browser restriction and in this world not all browsers are equal.

I suspect that the error message was a little bit longer and also stated the reason, it normally does, and I suspect you are mixing some of those domains.

you can turn off CORS by simply explicitly allowing all cross origin transfers by putting this in htaccess

Code: Select all

<IfModule mod_headers.c>
    Header set Access-Control-Allow-Origin "*"
</IfModule>
if module headers is not activated by your host you would have to send the header via php.

Crystal Light Centrum Taiwan
Extensions: MailQueue | SUKHR | VBoces

“Data security is paramount at [...], and we are committed to protecting the privacy of anyone who is associated with our [...]. We’ve made a lot of improvements and will continue to make them.”
When you know your life savings are gone.


User avatar
Expert Member

Posts

Joined
Fri Aug 18, 2017 4:35 pm
Location - Taiwan

Post by Nordikota » Thu Sep 12, 2019 2:48 pm

OK thanks. I'll give it a go and see if it resolves the issue ;D

Active Member

Posts

Joined
Tue Feb 11, 2014 8:04 pm

Post by Nordikota » Thu Sep 12, 2019 9:31 pm

Nope that didn't solve it. Now we get something different in the Login screen. I've raised a Journal request to see if they can fix it.

Active Member

Posts

Joined
Tue Feb 11, 2014 8:04 pm

Post by letxobnav » Thu Sep 12, 2019 10:45 pm

can login just fine with firefox.

Crystal Light Centrum Taiwan
Extensions: MailQueue | SUKHR | VBoces

“Data security is paramount at [...], and we are committed to protecting the privacy of anyone who is associated with our [...]. We’ve made a lot of improvements and will continue to make them.”
When you know your life savings are gone.


User avatar
Expert Member

Posts

Joined
Fri Aug 18, 2017 4:35 pm
Location - Taiwan

Post by Nordikota » Thu Sep 12, 2019 10:53 pm

How weird is that. We've tested it on 2 machines and can't log in. We've had 7 complaints that customers can't login - and all were using either Firefox or Safari :-\

Active Member

Posts

Joined
Tue Feb 11, 2014 8:04 pm

Post by Nordikota » Sat Sep 14, 2019 12:53 am

Added this to the Config.php and it fixed the issue. All customers who couldn't login previously are now able to get in.

Code: Select all

// Redirect users to the OpenCart installation url preventing cross-origin resource sharing policy errors.
if (strtolower($_SERVER['REQUEST_METHOD']) === 'get') {
$https = false;
if (isset($_SERVER['HTTPS']) && (($_SERVER['HTTPS'] == 'on') || ($_SERVER['HTTPS'] == '1'))) {
$https = true;
} elseif (!empty($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https' || !empty($_SERVER['HTTP_X_FORWARDED_SSL']) && $_SERVER['HTTP_X_FORWARDED_SSL'] == 'on') {
$https = true;
}

$current_url = parse_url(($https ? 'https' : 'http') . '://' . $_SERVER['HTTP_HOST'] . rtrim(dirname($_SERVER['PHP_SELF']), '/.\\') . '/');
$correct_url = parse_url($https ? HTTPS_SERVER : HTTP_SERVER);

if ($current_url !== $correct_url) {
if (dirname($_SERVER['PHP_SELF']) !== '/') {
$url = str_replace(dirname($_SERVER['PHP_SELF']), '', $_SERVER['REQUEST_URI']);
} else {
$url = $_SERVER['REQUEST_URI'];
}

$url = ($https ? HTTPS_SERVER : HTTP_SERVER) . ltrim($url, '/');

if (!headers_sent()) {
header('Location: ' . $url);
} else {
echo '<script>location = "' . $url . '";</script>';
}

exit;
}
}

Active Member

Posts

Joined
Tue Feb 11, 2014 8:04 pm
Who is online

Users browsing this forum: No registered users and 28 guests