Jump to content

SSL and unsafe script/content

gabiatti
 Share

Recommended Posts

gabiatti Newbie

gabiatti

Posted
Posted

I have a PS installation 1.5.4.1 and everything was working fine till last week.

 

www.lcsmotorparts.com

 

Trying some optimization to speed the shop, I changed some configuration and after that the store keeps an alert of unsafe script or unsafe content (Chrome/IE/Firefox; no problems in Safari or Opera).

 

Checking it by Chrome console or whynopadlock, all errors make reference to files from themes, modules and js folders that is loading under http, instead of https.

 

If you access a page that requires https, it becomes a mess, losing css and js configuration

 

I found a lot of posts related to that, but no one gave a real solution to the problem.

 

I don't want to configure all my store under https, only the pages that really needs SSL protocol, so basically changes in httpaccess is not an option.

 

I have a good idea of what I have to do, change $base_dir to $base_dir_ssl, but I don't know WHERE, which folder/file I have to edit.

 

 

Thanks in advance for helping

 

 

 

Link to comment
Share on other sites
  • 2 weeks later...
  • 1 month later...
gabiatti Newbie

gabiatti

Posted
  • Author
Posted

I still have this problem for almost two months.  

 

When I access secured pages (login or cart) it shows that there's unsafe JS scripts (Chrome/Firefox and IE). Those scripts are coming from files in directories JS, THEMES and MODULES.

 

The problem is so simple, that I fell shamed couldn't solve it. I want that those folders could load by HTTPS, instead of HTPP. 

 

It's not absolute link as logo image or google fonts, that use http, so I just need to ad the letter "S". It's dynamic content, load from somewhere, and I don't know where. Maybe in header.tpl, but I'm not sure.

 

In header.tpl there's 

<link href="{$css_uri}" rel="stylesheet" type="text/css" media="{$media}", and

<script type="text/javascript" src="{$js_uri}"></script>

That I imagine that's the way to configure the sources that causing this error

 

ie.

<script src="http://www.lcsmotorparts.com/js/jquery/jquery-1.7.2.min.js" type="text/javascript">/* <![CDATA[ *//* ]]> */</script>

 

That script have to load under HTTPS, on secured pages.

 

 

All was working fine, untill I made some changes in friendly url and media servers configuration. All changes reverted. I continue using no friendly urls and no media servers at all.

 

http://lcsmotorparts.com

Prestashop vs 1.5.4.1

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...