Post by IzzyMac » Mon Jan 18, 2016 10:46 pm

Hi all, i'm in the process of testing alternatives to Zen Cart. But I have come up against a problem with OC that stops me from progressing.

When I go to change and order's status, add a comment (SALES>ORDERS>view) or edit an order (SALES>ORDERS>edit), I am returned with the following error message

[Exception... "<no message>" nsresult: "0x805e0006 (<unknown>)" location: "JS frame :: https://MYDOMAIN.co.uk/opencart-test/ad ... 1.1.min.js :: .send :: line 4" data: no]

[Exception... "<no message>" nsresult: "0x805e0006 (<unknown>)" location: "JS frame :: https://MYDOMAIN.co.uk/opencart-test/ad ... 1.1.min.js :: .send :: line 4" data: no]

undefined


This only happens when the ADMIN is set to use SSL, which is a must.

Does anyone know why this happens / how to fix it?

I'll be honest, I am testing both Opencart and Prestashop. I'd rather go with Opencart as the admin is so much easier to use and more intuitive, where as Prestashop is massively complicated and a PIA to use, but PS doesn't throw me any technical problems like this :(

I hope someone can help, as I have to make a decision this Friday on which system to use, and i really don't want to go with Prestashop.

Thanks, Izzy

Newbie

Posts

Joined
Wed Jan 06, 2016 11:11 pm

Post by pm-netti » Tue Jan 19, 2016 12:47 am

IzzyMac wrote:Hi all, i'm in the process of testing alternatives to Zen Cart. But I have come up against a problem with OC that stops me from progressing.

When I go to change and order's status, add a comment (SALES>ORDERS>view) or edit an order (SALES>ORDERS>edit), I am returned with the following error message

[Exception... "<no message>" nsresult: "0x805e0006 (<unknown>)" location: "JS frame :: https://MYDOMAIN.co.uk/opencart-test/ad ... 1.1.min.js :: .send :: line 4" data: no]

[Exception... "<no message>" nsresult: "0x805e0006 (<unknown>)" location: "JS frame :: https://MYDOMAIN.co.uk/opencart-test/ad ... 1.1.min.js :: .send :: line 4" data: no]

undefined


This only happens when the ADMIN is set to use SSL, which is a must.

Does anyone know why this happens / how to fix it?

I'll be honest, I am testing both Opencart and Prestashop. I'd rather go with Opencart as the admin is so much easier to use and more intuitive, where as Prestashop is massively complicated and a PIA to use, but PS doesn't throw me any technical problems like this :(

I hope someone can help, as I have to make a decision this Friday on which system to use, and i really don't want to go with Prestashop.

Thanks, Izzy
This error start in Firefox. Can you use in admin page eg. Google Chrome?

User avatar
Active Member

Posts

Joined
Sat Apr 07, 2012 11:22 pm
Location - Kittilä, Finland

Post by IzzyMac » Tue Jan 19, 2016 1:27 am

Firefox is the only browser to returns a detailed Error message, including a broken SSL padlock symbol telling me "Firefox has blocked parts of this page that are not secure!

IE11, returns Error: Access is denied

Chrome, When clicking the 'Continue' button, the text of the button changes to Loading, the mouse pointer turns in to a no-access symbol (red circle with a line through it) but nothing happens.

Opera, When clicking the 'Continue' button, the text of the button changes to Loading, the mouse pointer turns in to a no-access symbol (red circle with a line through it) but nothing happens.

The only way around this is to disable SSL, only then will editing an order work in all 4 browsers.

disabling SSL is not an option

Newbie

Posts

Joined
Wed Jan 06, 2016 11:11 pm

Post by Randem » Tue Jan 19, 2016 9:57 am

Hi IzzyMac,

Yes, your pages should not contain a mix of secure and insecure content. Edit your config file and change ANY reference to http to https to help force all your content to secure when using SSL. Of course set your company setting to SSL also.

NEVER take serious; anyone who gives negative impact statements with no ABSOLUTE proof!
OpenCart Helpful Information * Upgrade 1.5 to 2.1 * Upgrade 2.1 to 2.2
"Why do people NEVER have enough time to do it right but ALWAYS enough time to do it over?"
DO NOT EVER GIVE SOMEONE YOU DON"T KNOW ADMIN ACCESS TO ANYTHING!
I am NOT affiliated with OpenCart


User avatar
Active Member

Posts

Joined
Sat Sep 27, 2014 9:17 am

Post by IzzyMac » Tue Jan 19, 2016 7:44 pm

Hi, I believe my config.php file settings are correct:

Frontoffice - config.php
// HTTP
define('HTTP_SERVER', 'http://TEST.co.uk/open2102/');

// HTTPS
define('HTTPS_SERVER', 'https://TEST.co.uk/open2102/');


Backoffice - config.php
// HTTP
define('HTTP_SERVER', 'https://TEST.co.uk/open2102/admin/');
define('HTTP_CATALOG', 'https://TEST.co.uk/open2102/');

// HTTPS
define('HTTPS_SERVER', 'https://TEST.co.uk/open2102/admin/');
define('HTTPS_CATALOG', 'https://TEST.co.uk/open2102/');


I have tried all possible combinations of having http or https. the above setting are the only way I can edit an order with out an error message being returned when following SALES>ORDERS>edit

But I still cannot change an orders status or add a status comment via SALES>ORDERS>view.

Again, the only work around is to have either the front and backoffice with NO SSL, or the front and backoffice all SSL... both of which is not acceptable.

Im really upset I cannot get this to work :( is this a bug?

Newbie

Posts

Joined
Wed Jan 06, 2016 11:11 pm

Post by Randem » Wed Jan 20, 2016 4:28 am

Of course it is a bug... :crazy: I provided all the tools to resolve these types of issue - http://www.randemsystems.com/support/op ... n-2-1-0-1/

When I stated to change ALL references this would include define('HTTP_SERVER', 'http://TEST.co.uk/open2102/');
it needs to be changed to define('HTTP_SERVER', 'https://TEST.co.uk/open2102/');

NEVER take serious; anyone who gives negative impact statements with no ABSOLUTE proof!
OpenCart Helpful Information * Upgrade 1.5 to 2.1 * Upgrade 2.1 to 2.2
"Why do people NEVER have enough time to do it right but ALWAYS enough time to do it over?"
DO NOT EVER GIVE SOMEONE YOU DON"T KNOW ADMIN ACCESS TO ANYTHING!
I am NOT affiliated with OpenCart


User avatar
Active Member

Posts

Joined
Sat Sep 27, 2014 9:17 am

Post by IzzyMac » Wed Jan 20, 2016 4:57 pm

Randem wrote:Of course it is a bug... :crazy: I provided all the tools to resolve these types of issue - http://www.randemsystems.com/support/op ... n-2-1-0-1/

When I stated to change ALL references this would include define('HTTP_SERVER', 'http://TEST.co.uk/open2102/');
it needs to be changed to define('HTTP_SERVER', 'https://TEST.co.uk/open2102/');
Hi, I said I had already tried this, and yes, 'edit orders' then works, but the whole front office / shop side of opencart is then in SSL... which is just, well.. shit. This is a clean install not an upgrade.

Im rapidly being put off by OC, looks like I'll be forced to use the bloatware that is prestashop :(

Newbie

Posts

Joined
Wed Jan 06, 2016 11:11 pm

Post by Randem » Wed Jan 20, 2016 5:08 pm

I don't understand what you want... The whole site front and back is supposed to be Secure (SSL), for maximum protection. Why would you want an insecure front end. this is where the customers need to be protected?

NEVER take serious; anyone who gives negative impact statements with no ABSOLUTE proof!
OpenCart Helpful Information * Upgrade 1.5 to 2.1 * Upgrade 2.1 to 2.2
"Why do people NEVER have enough time to do it right but ALWAYS enough time to do it over?"
DO NOT EVER GIVE SOMEONE YOU DON"T KNOW ADMIN ACCESS TO ANYTHING!
I am NOT affiliated with OpenCart


User avatar
Active Member

Posts

Joined
Sat Sep 27, 2014 9:17 am

Post by IzzyMac » Wed Jan 20, 2016 7:30 pm

Only pages with sensitive information need to be protected by SSL, such as login, checkout, etc.. not product pages or information pages. The customer is not at risk when viewing those pages, as there is no sensitive customer information.

Having the whole frontend in SSL is surely not sensible because of server load etc, embedded data etc...

Newbie

Posts

Joined
Wed Jan 06, 2016 11:11 pm

Post by Randem » Thu Jan 21, 2016 3:07 am

IzzyMac,

That may be ideal, but with the OpenCart system it places secure and insecure content on the same page rendering that idea useless. It leaves you with all or nothing. I choose all so not to confuse the customers and give them the idea that the site is compromised.

NEVER take serious; anyone who gives negative impact statements with no ABSOLUTE proof!
OpenCart Helpful Information * Upgrade 1.5 to 2.1 * Upgrade 2.1 to 2.2
"Why do people NEVER have enough time to do it right but ALWAYS enough time to do it over?"
DO NOT EVER GIVE SOMEONE YOU DON"T KNOW ADMIN ACCESS TO ANYTHING!
I am NOT affiliated with OpenCart


User avatar
Active Member

Posts

Joined
Sat Sep 27, 2014 9:17 am

Post by EvolveWebHosting » Fri Jan 29, 2016 11:00 pm

Randem wrote:I don't understand what you want... The whole site front and back is supposed to be Secure (SSL), for maximum protection. Why would you want an insecure front end. this is where the customers need to be protected?
This is not necessary to be honest. Most customers don't even know the difference and it does take longer to load. I run a mix of sites using some and all HTTPS and there is no increase in sales for the sites using all SSL. There is nothing that needs to be protected on a product, category or information page.

This is especially true if the site owner does not make every single aspect of the page load over HTTPS. I see a lot of sites where the browser puts up the yellow triangle which is even more confusing to most. I think they would be more skeptical of seeing this yellow triangle vs. seeing no HTTPS or Padlock for a category, product or information page.

I have tried the solutions provided above and unfortunately, they are not fixing the bug listed in the beginning of this thread. Looks like it's time to test a few things and post the bug on Github.

Opencart Hosting Plans, Domain Registration, Microsoft and Google Email and More
Visit our website for great deals and most importantly, fast and friendly support - www.evolvewebhosting.com


User avatar
Active Member

Posts

Joined
Fri Mar 27, 2015 11:13 pm
Location - Denver, Colorado, USA

Post by Randem » Sat Jan 30, 2016 4:28 am

EvolveWebHosting wrote: This is not necessary to be honest. Most customers don't even know the difference and it does take longer to load. I run a mix of sites using some and all HTTPS and there is no increase in sales for the sites using all SSL. There is nothing that needs to be protected on a product, category or information page.
Well, for those of us who do know... I would not shop online on a site that was not secured. If I had to worry about which parts were secure and which were not I would just not transact business there. Next time you log onto your banking site, tell them it does not matter... It is very bad advice to tell people that doing it the wrong way is correct. Just because one can do something does not mean that one should...

NEVER take serious; anyone who gives negative impact statements with no ABSOLUTE proof!
OpenCart Helpful Information * Upgrade 1.5 to 2.1 * Upgrade 2.1 to 2.2
"Why do people NEVER have enough time to do it right but ALWAYS enough time to do it over?"
DO NOT EVER GIVE SOMEONE YOU DON"T KNOW ADMIN ACCESS TO ANYTHING!
I am NOT affiliated with OpenCart


User avatar
Active Member

Posts

Joined
Sat Sep 27, 2014 9:17 am

Post by EvolveWebHosting » Sat Jan 30, 2016 6:11 am

Randem wrote:
EvolveWebHosting wrote: This is not necessary to be honest. Most customers don't even know the difference and it does take longer to load. I run a mix of sites using some and all HTTPS and there is no increase in sales for the sites using all SSL. There is nothing that needs to be protected on a product, category or information page.
Well, for those of us who do know... I would not shop online on a site that was not secured. If I had to worry about which parts were secure and which were not I would just not transact business there. Next time you log onto your banking site, tell them it does not matter... It is very bad advice to tell people that doing it the wrong way is correct. Just because one can do something does not mean that one should...
To comment about the banking website vs. an Opencart site (or any ecommerce site)..... The admin side of Opencart would be similar to a banking site. There is nothing 'dangerous or sensitive' on a product or category page that HAS to be secure. If so, why were bank pages secure long before website owners attempted to secure every page on the catalog side of their website?

There are no credit cards stored on site and as long as the required pages are secure when passing credit card information or other sensitive information, a site is secure.

I'm not saying there is anything wrong with securing every page but it's not always necessary or required.

Word was out that Google was 'considering' ranking sites higher if a site was 100% SSL but this remains to be seen.

Are you going to say that Amazon doesn't know what they are doing and their website is insecure?

http://www.amazon.com/gp/product/B00T57 ... _i=desktop

Opencart Hosting Plans, Domain Registration, Microsoft and Google Email and More
Visit our website for great deals and most importantly, fast and friendly support - www.evolvewebhosting.com


User avatar
Active Member

Posts

Joined
Fri Mar 27, 2015 11:13 pm
Location - Denver, Colorado, USA

Post by Randem » Sat Jan 30, 2016 7:23 am

You are confusing a website with a shopping cart of which OpenCart is. You can have a insecure website link to a cart that is secure and the website does not have to or need to be secure. This direction is very well known (We do this), but once you get into the cart it should be secure...

NEVER take serious; anyone who gives negative impact statements with no ABSOLUTE proof!
OpenCart Helpful Information * Upgrade 1.5 to 2.1 * Upgrade 2.1 to 2.2
"Why do people NEVER have enough time to do it right but ALWAYS enough time to do it over?"
DO NOT EVER GIVE SOMEONE YOU DON"T KNOW ADMIN ACCESS TO ANYTHING!
I am NOT affiliated with OpenCart


User avatar
Active Member

Posts

Joined
Sat Sep 27, 2014 9:17 am

Post by EvolveWebHosting » Sat Jan 30, 2016 8:30 am

Randem wrote:You are confusing a website with a shopping cart of which OpenCart is. You can have a insecure website link to a cart that is secure and the website does not have to or need to be secure. This direction is very well known (We do this), but once you get into the cart it should be secure...
I am going to stop hijacking this post but your comment makes no sense at all. That link is a product page with a 'buy button' on it. It's a part of an ecommerce site.

Opencart Hosting Plans, Domain Registration, Microsoft and Google Email and More
Visit our website for great deals and most importantly, fast and friendly support - www.evolvewebhosting.com


User avatar
Active Member

Posts

Joined
Fri Mar 27, 2015 11:13 pm
Location - Denver, Colorado, USA

Post by Randem » Sat Jan 30, 2016 8:51 am

It is part of an eCommerce system but not the shopping cart, it is just a webpage. It just asks the cart to process it the data. There is no security information on the website. However in the OpenCart system it is all eCommerce and the system contains sensitive information which can be modified and used simply by modifying the OpenCart generated HTML page that has the form loaded in HTTP. This information can be stolen from OpenCart from the website page there is nothing to steal.

Our website sends product request to OpenCart to process. These are two distinctly different systems but one can confusingly think they are the same because they look alike. This is why HTTPS is so important. If one doesn't know the difference then this is where the problems arise and the systems are hacked easily.

NEVER take serious; anyone who gives negative impact statements with no ABSOLUTE proof!
OpenCart Helpful Information * Upgrade 1.5 to 2.1 * Upgrade 2.1 to 2.2
"Why do people NEVER have enough time to do it right but ALWAYS enough time to do it over?"
DO NOT EVER GIVE SOMEONE YOU DON"T KNOW ADMIN ACCESS TO ANYTHING!
I am NOT affiliated with OpenCart


User avatar
Active Member

Posts

Joined
Sat Sep 27, 2014 9:17 am

Post by rakeshmaya » Tue Sep 13, 2016 10:49 am

have you able to solve it? i get the same error. But mine doesnt work even after changing all urls to https in admin config and frontend config

Newbie

Posts

Joined
Sun Sep 11, 2016 8:25 pm

Post by sgi_oh_two » Tue Sep 20, 2016 12:28 pm

The solution that worked for me was that if you look in

catalog > view > theme > "yourthemename" > common > header.php

There was a href linking to the fonts.googleapis.com/css.......

it was the only link using http. I just changed it to https and firefox now displays the page without the mixed content warning.

Newbie

Posts

Joined
Tue Sep 20, 2016 12:23 pm
Who is online

Users browsing this forum: No registered users and 68 guests