Jump to content

[SOLVED] Access CMS pages using https


Amazzing

Recommended Posts



Hello,

I have a shop with active SSL.

After updating to PS 1.5.6.0 I have an issue with CMS pages displayed in Fancybox.

Browsers block CMS content, because it is loaded  via http, so popups are just not appearing.

I tried to set link manually, instead of using {$link_conditions}, but even if https is forced for CMS link, it is redirected to http

Even if you simply try to open it it browser using https, it is redirected to http

 

Is there any way to get CMS pages loaded via https?



Edited by Amazzing (see edit history)
Link to comment
Share on other sites

just found a drawback in using https on all pages, particularly CMS pages:

 

By default, when you upload an image via editor and insert it to article, its parth is saved as absolute and starts from http.

Example: http://yoursite/img/cms/imagename.png

 

This causes security warnings, because if site uses SSL, all resources must be loaded via secure connection.

Moreover, if you move to another domain, all these paths won't work anymore.

 

I tried to find a way to save relative image path using editor, but still could find it.

Does anybody know how to do that?

  • Like 1
Link to comment
Share on other sites

just found a drawback in using https on all pages, particularly CMS pages:

 

By default, when you upload an image via editor and insert it to article, its parth is saved as absolute and starts from http.

Example: http://yoursite/img/cms/imagename.png

 

This causes security warnings, because if site uses SSL, all resources must be loaded via secure connection.

Moreover, if you move to another domain, all these paths won't work anymore.

 

I tried to find a way to save relative image path using editor, but still could find it.

Does anybody know how to do that?

Hi Amazzing

 

Frankly I'm suffering from the same issue and simply updating the link to add an S to the http link in the TinyMCE editor but frankly this is no answer as it cracks the image view under tinymce.

 

Anyone got a fix please... Thanks

  • Like 1
Link to comment
Share on other sites

... updating the link to add an S to the http link in the TinyMCE editor

 

Well, if you are updating the link, you better make it relative. In this case it will work with both http and https and even if you move to another domain. 

 

My content-manager adds lots of CMS pages with lots of images, so I created a special button to make all image links relative.

 

If you need it, just add this piece of code at the end of /js/tinymce.inc.js (this script is loaded with tinymce editor)

//added code to correct image paths
$(document).ready(function(){
	$('.cc_button').prepend('<li><button id="clearpaths" style="margin-top:15px">correct img paths</button></li>');
	
	$('#clearpaths').click(function(){	 
		var siteurl = window.location.host;	
		var i = 0;		
		$('.mceIframeContainer iframe').contents().find('img').each(function(){
			src = $(this).attr('src');			
			//remove www. if present
			newsrc = src.replace('www.'+siteurl, siteurl);	
			//remove http absolute path if present
			newsrc = newsrc.replace('http://'+siteurl,'');
			//remove https absolute path if present
			newsrc = newsrc.replace('https://'+siteurl,'');  
			$(this).attr('src', newsrc);
			$(this).attr('data-mce-src', newsrc);			
			if (src != newsrc){				
				i++;
			}
		});		
		alert (i+' links were corrected');
	}); 	
});
//end of added code

it adds a button in top menu, before "save". By clicking that button you make all img links relative.

 

This code might not be so elegant. But it does its job and it can be used as a temporary solution. 

 

Of course, saving relative paths by default, without using additional patches would be better :)

Edited by Amazzing (see edit history)
Link to comment
Share on other sites

  • 3 weeks later...

Hi,

 

I'm using version 1.5.4.1 and facing this exact issue. I'm using SSL during order preparations and term-of-use-and-conditions CMS page is getting blocked because it can be accessed only with HTTP.

 

How can I access a CMS page using HTTPS?

 

I tried modifying the order-carrier.tpl file (line 270) to get the HTTPS link from:

<label for="cgv">{l s='I agree to the Terms of Service and will adhere to them unconditionally.'}</label><a href="{$link_conditions}" class="iframe">{l s='(Read Terms of Service)'}</a>

to:

<label for="cgv">{l s='I agree to the Terms of Service and will adhere to them unconditionally.'}</label><a href="{$link->getPageLink('terms-of-use-and-conditions', true)}" class="iframe">{l s='(Read Terms of Service)'}</a>

I do get the HTTPS link correctly but I get 404 error when trying to access it.

 

Any way to solve that?

 

Couldn't find a solution in the forums. Would appreciate your help.

 

Thanks!

Link to comment
Share on other sites

Thanks Vekia, this indeed creates the link for HTTPS. The link is:

 

https://mapot.biz/he/content/3-terms-and-conditions-of-use?content_only=1

 

The issue is that the browser redirects the request back to HTTP and I get an error in the Chrome console saying:

 

[blocked] The page at https://mapot.biz/he/order ran insecure content from http://mapot.biz/he/content/3-terms-and-conditions-of-use?content_only=1.

 

Any idea how to avoid this?

Link to comment
Share on other sites

ohh dear you've got right, this is the most annoying thing in prestashop - these weirdy redirections drive me crazy! ALl modern browsers block unsecured connections while you browse secured content. It must be fixed, definitely!

 

Now i've got a little workaround,

it will be necessary to modify the core. unfortunately.

 

open this file:

classes/controllers/frontController.php

 

there is a code like:
 

		if (Configuration::get('PS_SSL_ENABLED') && ($_SERVER['REQUEST_METHOD'] != 'POST') && $this->ssl != Tools::usingSecureMode())
		{	
			header('HTTP/1.1 301 Moved Permanently');
			header('Cache-Control: no-cache');
			if ($this->ssl)					
				header('Location: '.Tools::getShopDomainSsl(true).$_SERVER['REQUEST_URI']);
			else						
				header('Location: '.Tools::getShopDomain(true).$_SERVER['REQUEST_URI']);
			exit();
		}

remove it :)

 

 

 

i created pull request with this fix here: https://github.com/PrestaShop/PrestaShop/pull/956

Link to comment
Share on other sites

Hi Vekia,

 

Thanks for pointing out the solution!

 

In 1.5.4.1 the code looks a bit different but close enough for me to figure it out  :)

I had to modify the code in two places in classes/controller/FrontController.php:

		// If current URL use SSL, set it true (used a lot for module redirect)
		if (Tools::usingSecureMode())
/*			$useSSL = $this->ssl = true;*/
			$useSSL = true;

and to comment out the redirect code:

/*
*		if ($this->ssl && !Tools::usingSecureMode() && Configuration::get('PS_SSL_ENABLED'))
*		{
*			header('HTTP/1.1 301 Moved Permanently');
*			header('Cache-Control: no-cache');
*			header('Location: '.Tools::getShopDomainSsl(true).$_SERVER['REQUEST_URI']);
*			exit();
*		}
*		elseif (Configuration::get('PS_SSL_ENABLED') && Tools::usingSecureMode() && !($this->ssl))
*		{
*			header('HTTP/1.1 301 Moved Permanently');
*			header('Cache-Control: no-cache');
*			header('Location: '.Tools::getShopDomain(true).$_SERVER['REQUEST_URI']);
*			exit();
*		}
*/

Seems to be working fine.

 

Thanks!

Link to comment
Share on other sites

  • 6 months later...

ohh dear you've got right, this is the most annoying thing in prestashop - these weirdy redirections drive me crazy! ALl modern browsers block unsecured connections while you browse secured content. It must be fixed, definitely!

 

Now i've got a little workaround,

it will be necessary to modify the core. unfortunately.

 

open this file:

classes/controllers/frontController.php

 

there is a code like:

 

		if (Configuration::get('PS_SSL_ENABLED') && ($_SERVER['REQUEST_METHOD'] != 'POST') && $this->ssl != Tools::usingSecureMode())
		{	
			header('HTTP/1.1 301 Moved Permanently');
			header('Cache-Control: no-cache');
			if ($this->ssl)					
				header('Location: '.Tools::getShopDomainSsl(true).$_SERVER['REQUEST_URI']);
			else						
				header('Location: '.Tools::getShopDomain(true).$_SERVER['REQUEST_URI']);
			exit();
		}

remove it :)

 

 

 

i created pull request with this fix here: https://github.com/PrestaShop/PrestaShop/pull/956

It worked for me :)

Thanks a lot Vekia!!!

  • Like 1
Link to comment
Share on other sites

  • 1 month later...
  • 3 weeks later...

prestashop 1.6.0.8

 

I Found the solution without erase anything.

 

enable ssl and force the ssl on all pages but uncheck html purifier library (very important). you could enable it after insert the image.

 

then go on CMS (exemple: about us) the image who's already there when you install prestashop work well even in ssl so you have to copy how they wrote the code. 

 

<img title="cms-img" src="../img/cms/cms-img.jpg" alt="cms-img" width="370" height="192" />

 

replace by your name image 

 

<img title="your name image" src="../img/cms/your name image.jpg" alt="your name image" width="370" height="192" />

 

write this way on the little popup window [insert/edit image] right after uploaded and chose the image from your file manager.

 

 source             ../img/cms/your name image.jpg

 image description   ....

 dimensions             ...

 

Save it and go to enable the html filter purifier if you done to put new images.

Now it should work. your image is here and your page is still SSL.

 

ps: you'll have to disable html purifier library every time you need to add a new picture from your file manager otherwise it will appear this famous question mark instead of the image and your page won't be SSL

 

It tooks 2weeks to found that, I hope you'll appreciate this post. That's the most annoying bug on prestashop, I don't even know why the Presta team didn't fix that so far!!!!????

 

 

I still have a problem with the homeslider who's disappear when running on Safari, need to refresh the page every time I come back on the home page!!! if somebody have the Solution I'll appreciate to know it ;) thanks

Edited by vincent89 (see edit history)
Link to comment
Share on other sites

  • 3 months later...
  • 9 months later...

im face same problem but in 1.6.0.6

 

exemple of page : https://www.jeveuxmescheveux.fr/fr/content/10-ondulations-curls

cms image not loaded thru https

 

Vekia solution (delete part of code in frontcontroller didnt worked in 1.6.0.6)

 

i dont have option "html purifier library"

 

Anyone got a new solution actually ?

 

i have hundreds page/product with image on it, and it would be so long to change all url to relative... :/

Link to comment
Share on other sites

  • 1 year later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...