OpenCart Community

Hi - using OC 1.5.4.1
A question about the system settings 'store url'. Is it supposed to be https://www.mystore.com, or http://www.mystore.com? Prior to today, our .htaccess had been forcing a rewrite of our urls so all the pages were https (a wrong way to use SSL and I've since removed it). However, the 'store url' in system settings is https://www.mystore.com. Should it be?

I can't find any place to change store url, and from what I've read, it's in the config files; the only https used in our config files is in the regular https spot.

Is there a way to change store url, should it be plain old http://www.mystore.com or the https since we're using ssl?

Is it in the database?

Reason for this question: I'm having a problem getting an extension to work - browser console shows =Access-Control-Allow-Origin error, and I'm wondering why 'origin' is https, as below:
XMLHttpRequest cannot load http://www.mystore.com/?route=account%2 ... 6560290788. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https://www.mystore.com' is therefore not allowed access.

This is why I'm trying to change the store url to http://www.mystore.com -

Thank you for any help -

Many of us prefer that www. be part of the favored URL, for, of course, both http :// and https ://. One reason is that www. is "the first" subdomain by default, and visibly distinguishes master from any further subdomains. You're inclined already to go that way, so the problem at hand is instead the SSL.

See bottom pair of links in http://forum.opencart.com/viewtopic.php ... 80#p439397 for basics, and take another run at it.

Thanks for the reply and pointing me to that link. My issue was the use of an extension to add a product was giving an Access-Control-Allow-Origin header while calling a script. It really wasn't cross-browser, the browser was looking for a script on our domain, but considered our https:www.oursite.com different than http://www.oursite.com. The below is new to me, but adding it to our htaccess apparently solved this. From my limited understanding, it allows scripts to be called from both 'places' - (altho it's really coming from one place...).
<IfModule mod_headers.c>
Header set Access-Control-Allow-Origin http://www.mysite.com
Header set Access-Control-Allow-Origin https://www.mysite.com
Header add Access-Control-Allow-Headers "origin, content-type"
Header set Access-Control-Allow-Credentials true
</IfModule>
Anyway - it seems to be working and thank you for your help.

you don't need htaccess rewrite for it

If your site has an ssl cert, then update your admin/config.php file to use https:// for the HTTPS_SERVER and it will automatically use https