Page 1 of 1

Admin SSL causing trouble, communicating to non SSL content

Posted: Sun Dec 20, 2015 12:03 pm
by cutemonster
Hi,
After enabling SSL, I have problem at the admin site when I try to edit an order. when I click next, the button is disabled and spit out error below.
Obviously, the website is trying to access non ssl content and therefore it's disallow. Could anybody help me resolving the issue?

Error message from javascript console:
Mixed Content: The page at 'https://www.mystore.com/admin/index.php ... rder_id=35' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://ilivingusa.com/index.php?route=api/login'. This request has been blocked; the content must be served over HTTPS.

Re: Admin SSL causing trouble, communicating to non SSL cont

Posted: Sun Dec 20, 2015 2:44 pm
by yodapt
Have you edited the config files?

Re: Admin SSL causing trouble, communicating to non SSL cont

Posted: Sun Dec 20, 2015 3:46 pm
by cutemonster
Hi yodapt,
Yes, the config file settings is below. Looks like $ajax is calling api/customer without using https. How can I fix this? Does anybody has this problem or just me?

Code: Select all

$.ajax({
		url: $('select[name=\'store\'] option:selected').val() + 'index.php?route=api/customer&token=' + token,

Code: Select all

[b]Admin[/b]
// HTTP
define('HTTP_SERVER', 'http://www.mystore.com/admin/');
define('HTTP_CATALOG', 'http://www.mystore.com/');

// HTTPS
define('HTTPS_SERVER', 'https://www.mystore.com/admin/');
define('HTTPS_CATALOG', 'https://www.mystore.com/');

[b]Root Config[/b]
// HTTP
define('HTTP_SERVER', 'http://www.mystore.com/');

// HTTPS
define('HTTPS_SERVER', 'https://www.mystore.com/');

Re: Admin SSL causing trouble, communicating to non SSL cont

Posted: Mon Jan 04, 2016 6:05 pm
by Webtelligo
I am also having exact the same issue. When I want to edit an order I get a pop-up with 'SyntaxError: Unexpected token" and when I want to view an order and change the order status it stays on loading and gives the same "was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://domain.com/index.php?route=api/login'. This request has been blocked; the content must be served over HTTPS." error. It isn't possible for me to change the order statussen and edit the order information. I hope this can be solved.

Cutemonster, did you solve the issue? Or does anybody know how this can be solved?

Re: Admin SSL causing trouble, communicating to non SSL cont

Posted: Mon Jan 11, 2016 1:07 am
by ryanpete
Any news on this? Having the exact same issue.. Using version 2.1.0.1

Its easy enough to bypass but a large annoyance

Re: Admin SSL causing trouble, communicating to non SSL cont

Posted: Mon Jan 11, 2016 7:08 am
by victorj
try changing

Code: Select all

// HTTP
define('HTTP_SERVER', 'http://www.mystore.com/admin/');
define('HTTP_CATALOG', 'http://www.mystore.com/');
to

Code: Select all

// HTTP
define('HTTP_SERVER', 'https://www.mystore.com/admin/');
define('HTTP_CATALOG', 'https://www.mystore.com/');

Re: Admin SSL causing trouble, communicating to non SSL cont

Posted: Mon Jan 11, 2016 7:28 am
by ryanpete
victorj wrote:try changing

Code: Select all

// HTTP
define('HTTP_SERVER', 'http://www.mystore.com/admin/');
define('HTTP_CATALOG', 'http://www.mystore.com/');
to

Code: Select all

// HTTP
define('HTTP_SERVER', 'https://www.mystore.com/admin/');
define('HTTP_CATALOG', 'https://www.mystore.com/');

Tried that, same problem.
Here's the output from Chrome Java Developer console

Code: Select all

'https://example.com/admin/index.php?route=sale/order/info&token=Nj9vKoX8CAN2Ansb5jjTkOdQOu9JBzWH&order_id=47' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://example.com/index.php?route=api/login'. This request has been blocked; the content must be served over HTTPS.

Re: Admin SSL causing trouble, communicating to non SSL cont

Posted: Mon Jan 11, 2016 7:36 am
by victorj
just a stuppid question.
did you eneable https in the admin section under store config server ?

Re: Admin SSL causing trouble, communicating to non SSL cont

Posted: Mon Jan 11, 2016 7:40 am
by ryanpete
Sure did

Re: Admin SSL causing trouble, communicating to non SSL cont

Posted: Mon Jan 11, 2016 7:46 am
by victorj
recently put a oc 2 shop under ssl incl admin
just edited the 2 config files so http and https are both pointing to https, and switched https in admin off and it wass all working.

if its not working, check if you have a mod or vqmod thats acting on th eorder section and unistall te see if that cures the problem.

Re: Admin SSL causing trouble, communicating to non SSL cont

Posted: Thu Jan 14, 2016 10:56 am
by ryanpete
So heres an update - Did all of that, removed all vqmods. Went as far as rebuilding the server from scratch, fresh install of opencart with demo data, enabled ssl, modified config files. And the problem still exists.

No modules no add-ons present, being a javascript error I wanted to ensure the browser wasn't effecting this so I did fresh installs of chrome and FF on different machines. Still no luck

I dug hard enough and found were this is failing for me -

In admin/view/template/sale/order_info.tpl, there are two API url definitions

line 506: url: '<?php echo $store_url; ?>index.php?route=api/login', - This provides API login when the order is viewed

line 582: url: '<?php echo $store_url; ?>index.php?route=api/order/history&token=' + token + '&order_id=<?php echo $order_id; ?>', - this processes the add history button.

The problem on all the instances of 2.1.0.1 that I install are in this instance the $store_url variable maps to http://example.com/ - not https://example.com/ --

I manually modified each of these instances with " 'https://example.com/' +" and the problem went away --
Not an elegant solution but finally was able to find the problem --

What I can't yet find is were $store_url is instantiated to figure out why its not getting properly set.

Re: Admin SSL causing trouble, communicating to non SSL cont

Posted: Thu Jan 14, 2016 11:19 am
by Randem
Hi ,

I had a similar issue in v1.5.6.4 and it may not have been fixed in v2.x.

This is what I had to do to resolve - http://forum.opencart.com/viewtopic.php?f=161&t=132231
Possibly it can help you with this issue.

Re: Admin SSL causing trouble, communicating to non SSL cont

Posted: Fri Jan 15, 2016 12:51 am
by ryanpete
I'm now more convinced this is a bug - I'm just not sure why other people aren't experiencing it -

$store_url is set in admin/controller/sale/order.php -
"$data['store_url'] = $order_info['store_url'];"

$order_info['store_url'] - is an array of the database fields and references the order table - store_url field, which is set during each order referencing the base store URL which regardless of SSL enabled uses the base http://example.com

I'll open this up on the github site -

If anyone else is having this issue you have a few options -

one change all instances of our site in both config.php files - to reference https, this will force all sessions SSL, any new orders going forward will be fine-

Two - Still testing but it looks like for the instances of url: in the api calls we can use - The route will have to be changed according to the two spots located in order_info.tpl

Code: Select all

url: $('select[name=\'store\'] option:selected').val() + 'index.php?route=api/login',

Re: Admin SSL causing trouble, communicating to non SSL cont

Posted: Fri Jan 15, 2016 4:53 am
by Randem
The information that I gave you should fix that. It still hasn't been fixed since I spotted it in v1.5...

Re: Admin SSL causing trouble, communicating to non SSL cont

Posted: Fri Jan 15, 2016 11:30 pm
by ryanpete
I'm currently running a 1.5.6 store without this problem and no fix in play. I'll try what you listed but, I think I'm just going to go all SSL for this new store.

Re: Admin SSL causing trouble, communicating to non SSL cont

Posted: Sat Jan 16, 2016 4:33 am
by Randem
Actually you are supposed to go ALL SSL for your store. It makes no sense to combine secure and non-secure properties. It will confuse your customers if they are really on a secure site. you don't need your customers to have to keep checking if they are in a secure area or not. If they visit your store it should ALWAYS be secure!

Basicall in your config.php file make EVERYTHING HTTPS. There maybe some code that may need to be forced like in v1.5.x but you can start with that. I made the fix on v1.5.x and haven't gotten around to testing 2.1.x in that area yet.

Re: Admin SSL causing trouble, communicating to non SSL content

Posted: Wed Jul 11, 2018 7:40 pm
by stavrosa
solution

around line 850:

Code: Select all

//$data['store_url'] = $order_info['store_url'];
if ($order_info['store_id'] == 0) {
   $data['store_url'] = $this->request->server['HTTPS'] ? HTTPS_CATALOG : HTTP_CATALOG;
} else {
   $data['store_url'] = $order_info['store_url'];
}

Re: Admin SSL causing trouble, communicating to non SSL content

Posted: Wed Jul 11, 2018 7:56 pm
by pasmatos
Stavrosa,

in what file do I look for this line to change.

Thank you

Re: Admin SSL causing trouble, communicating to non SSL content

Posted: Mon Dec 10, 2018 8:12 pm
by brobuildltd
Hello, I am coming across the same errors on my website.

I have changed over to the SSL version of the website? For new orders it works fine, however for older orders the website is still using http://www.[thedomain].com/index.php?route=api/login rather than https://

I have cleared the vqcache. Is there anything I missing to get this changed over?

Re: Admin SSL causing trouble, communicating to non SSL content

Posted: Thu Dec 13, 2018 6:08 am
by thekrotek
Search your database for "http", this might be the issue.