hemo1987 Posted July 24, 2014 Share Posted July 24, 2014 Im having a problem with chrome saying data is being passed over a http connection. This only happens in chrome. Cant replicate from safari or firefox. The console from safari and firefox shows no errors but in chrome it says The page at 'https://affordable-electronics.co.uk/login?back=my-account' was loaded over HTTPS, but is submitting data to an insecure location at 'http://affordable-electronics.co.uk/search': this content should also be submitted over HTTPS. login:1 The page at 'https://affordable-electronics.co.uk/login?back=my-account' was loaded over HTTPS, but is submitting data to an insecure location at 'http://affordable-electronics.co.uk/': this content should also be submitted over HTTPS. I cant understand why or how this would happen? Its not showing as a module causing the problem. Ive tried clearing caches and disabling non prestashop modules. Does anyone have any ides or is it limited to just my computer? Link to comment Share on other sites More sharing options...
vekia Posted July 24, 2014 Share Posted July 24, 2014 firefox works in the same way at the moment it also filters unsecured content (when you're on secured page) in your case problem is related to module blocksearch you use instant search it means that in module .tpl flle you have to use {$link->getPageLink('search',true)|escape:'html':'UTF-8'} instead of {$link->getPageLink('search')|escape:'html':'UTF-8'} themes/default-bootstrap/modules/blocksearch/blocksearch-top.tpl 1 Link to comment Share on other sites More sharing options...
hemo1987 Posted July 24, 2014 Author Share Posted July 24, 2014 Hey Vekia, Thanks for the reply, I tried this but had the same problem. I just ended up disabling Ajax search in the end. Link to comment Share on other sites More sharing options...
vekia Posted July 25, 2014 Share Posted July 25, 2014 after changes you recompiled theme? Link to comment Share on other sites More sharing options...
Mister Denial Posted September 9, 2014 Share Posted September 9, 2014 (edited) Im having a problem with chrome saying data is being passed over a http connection. This only happens in chrome. Cant replicate from safari or firefox. The console from safari and firefox shows no errors but in chrome it says The page at 'https://affordable-electronics.co.uk/login?back=my-account' was loaded over HTTPS, but is submitting data to an insecure location at 'http://affordable-electronics.co.uk/search': this content should also be submitted over HTTPS. I have exactly the same error, in Chrome only, on the quick checkout page. I am using the default bootstrap template, and can't locate where the error comes from. EDIT: in my case, I believe the searchbox and the newsletter input fields to cause the error - any ideas on how to fix this? Edited September 9, 2014 by Mister Denial (see edit history) Link to comment Share on other sites More sharing options...
vekia Posted September 9, 2014 Share Posted September 9, 2014 do you know what contents are loaded without ssl connection? this is the most important question, without these files it will be a little hard to helpeach problem like that is different and depends on stuff like modules and on theme that you use 1 Link to comment Share on other sites More sharing options...
Mister Denial Posted September 10, 2014 Share Posted September 10, 2014 (edited) do you know what contents are loaded without ssl connection? this is the most important question, without these files it will be a little hard to help each problem like that is different and depends on stuff like modules and on theme that you use Hi Vekia, thanks again for your help! If I am to believe the info in Chrome console, it is the search box (quicksearch) and the newsletter email form at the bottom of the default tempalte. I was able to find how to force https on the quicksearch box by searching the forum, <form id="searchbox" method="get" action="{$link->getPageLink('/search',true)|escape:'html':'UTF-8'}" > but not how to make the newsletter form to post securely. So if you have an idea how to make the newsletter email input form secure, that would be awesome! Edited September 10, 2014 by Mister Denial (see edit history) Link to comment Share on other sites More sharing options...
Bill Dalton Posted September 11, 2014 Share Posted September 11, 2014 (edited) MD, interesting, I've had the problem with the search but not the newsletter, here is my code for the newsletter, how does it compare with yours? <!-- Block Newsletter module--> <section id="newsletter_block_left" class="block products_block column_box"> <h4><span>{l s='Newsletter' mod='blocknewsletter'}</span><i class="column_icon_toggle"></i></h4> <div class="block_content toggle_content"> {if isset($msg) && $msg} <p class="{if $nw_error}warning_inline{else}success_inline{/if}">{$msg}</p> {/if} <form action="{$request_uri}" method="post"> <p> {* @todo use jquery (focusin, focusout) instead of onblur and onfocus *} <input type="email" name="email" size="18" value="{if isset($value) && $value}{$value}{else}{l s='Your email address' mod='blocknewsletter'}{/if}" onfocus="javascript:if(this.value=='{l s='Your email address' mod='blocknewsletter' js=1}')this.value='';" onblur="javascript:if(this.value=='')this.value='{l s='Your email address' mod='blocknewsletter' js=1}';" class="inputNew" /> <select name="action"> <option value="0"{if isset($action) && $action == 0} selected="selected"{/if}>{l s='Subscribe' mod='blocknewsletter'}</option> <option value="1"{if isset($action) && $action == 1} selected="selected"{/if}>{l s='Unsubscribe' mod='blocknewsletter'}</option> </select> <input type="submit" value="ok" class="button_form button" name="submitNewsletter" /> </p> </form> </div> </section> Edited September 11, 2014 by Bill Dalton (see edit history) Link to comment Share on other sites More sharing options...
Mister Denial Posted September 11, 2014 Share Posted September 11, 2014 @ Bill: thanks for your help on this. Are we talking about the blocknewsletter.tpl found in themes/mytheme/modules? If yes, my code looks like this: <!-- Block Newsletter module--> <div id="newsletter_block_left" class="block"> <h4>{l s='Newsletter' mod='blocknewsletter'}</h4> <div class="block_content"> <form action="{$link->getPageLink('index')|escape:'html':'UTF-8'}" method="post"> <div class="form-group{if isset($msg) && $msg } {if $nw_error}form-error{else}form-ok{/if}{/if}" > <input class="inputNew form-control grey newsletter-input" id="newsletter-input" type="text" name="email" size="18" value="{if isset($msg) && $msg}{$msg}{elseif isset($value) && $value}{$value}{else}{l s='Enter your e-mail' mod='blocknewsletter'}{/if}" /> <button type="submit" name="submitNewsletter" class="btn btn-default button button-small"> <span>{l s='Ok' mod='blocknewsletter'}</span> </button> <input type="hidden" name="action" value="0" /> </div> </form> </div> </div> <!-- /Block Newsletter module--> {strip} {if isset($msg) && $msg} {addJsDef msg_newsl=$msg|@addcslashes:'\''} {/if} {if isset($nw_error)} {addJsDef nw_error=$nw_error} {/if} {addJsDefL name=placeholder_blocknewsletter}{l s='Enter your e-mail' mod='blocknewsletter' js=1}{/addJsDefL} {if isset($msg) && $msg} {addJsDefL name=alert_blocknewsletter}{l s='Newsletter : %1$s' sprintf=$msg js=1 mod="blocknewsletter"}{/addJsDefL} {/if} {/strip} When I check the error in Chrome Console, here's the code I get: <div id="newsletter_block_left" class="block"> <h4>Newsletter</h4> <div class="block_content"> <form action="http://www.the-black-angel.com/" method="post"> <div class="form-group" > <input class="inputNew form-control grey newsletter-input" id="newsletter-input" type="text" name="email" size="18" value="Enter your e-mail" /> <button type="submit" name="submitNewsletter" class="btn btn-default button button-small"> <span>Ok</span> </button> <input type="hidden" name="action" value="0" /> </div> </form> </div> </div> What I find strange is that this issue only happens in Chrome, in Firefox and Internet Explorer, the SSL bar is green. I guess I could fix the issue by "hard coding" my domain to be https: but I was hoping there was a better solution, like the fix for the search block. Link to comment Share on other sites More sharing options...
Bill Dalton Posted September 11, 2014 Share Posted September 11, 2014 (edited) Try replacing your form action with mine, you are using, <form action="{$link->getPageLink('index')|escape:'html':'UTF-8'}" method="post"> I'm using, <form action="{$request_uri}" method="post"> Edited September 11, 2014 by Bill Dalton (see edit history) Link to comment Share on other sites More sharing options...
Mister Denial Posted September 11, 2014 Share Posted September 11, 2014 Hi Bill, the code you posted, is that the entire code from your blocknewsletter.tpl ? Link to comment Share on other sites More sharing options...
Bill Dalton Posted September 11, 2014 Share Posted September 11, 2014 (edited) Yeah, I dropped the java script at the bottom of yours, could not figure out what it did. Mine is also set to allow unsubscribe. You can see it here, top right in red, Join 911 Discount Offer - https://scrubscanada.ca/testsept/en/med-couture-gold/32-med-couture-gold-milan-top.html Edited September 11, 2014 by Bill Dalton (see edit history) Link to comment Share on other sites More sharing options...
Mister Denial Posted September 11, 2014 Share Posted September 11, 2014 Hi Bill, I see, nice! I am currently using the bootstrap template (modified), so I would actually just need to change the posting part and keep the input form layout intact. So I think I would need to replace only parts with your code, to also use <form action="{$request_uri}" method="post"> instead of <form action="{$link->getPageLink('index')|escape:'html':'UTF-8'}" method="post"> Any idea how to best do that? Link to comment Share on other sites More sharing options...
Bill Dalton Posted September 11, 2014 Share Posted September 11, 2014 Just make a copy of your file, so that you will learn to always do that. Then just change your line <form action="{$link->getPageLink('index')|escape:'html':'UTF-8'}" method="post"> for, <form action="{$request_uri}" method="post"> See if it works for you. 2 Link to comment Share on other sites More sharing options...
Mister Denial Posted September 11, 2014 Share Posted September 11, 2014 Hi Bill, works perfectly fine, thanks a lot! And I always make backups of files before tinkering with them! ;-) I am just wondering about this, if this would maybe be something to post to forge as improvement, because this Chrome issue happened after my hosting company had their expert team optimize my Apache settings. So it's not directly a bug, but rewriting the code like you did makes it "more compatible". What do you think? Link to comment Share on other sites More sharing options...
Bill Dalton Posted September 11, 2014 Share Posted September 11, 2014 I agree, I'm pretty sure there are a few already. I think it is going to become an issue pretty quick now that Google is giving extra page rank love to web sites that use full site SSL. And as you pointed out, this problem seemed to be related to only Chrome, and add to that many sites don't even have SSL, they use an offsite Gateway and the issue has been around only biting guys like us. But once SSL become mainstream, I have a feeling a lot of people are going to like this thread. 1 Link to comment Share on other sites More sharing options...
Mister Denial Posted September 11, 2014 Share Posted September 11, 2014 I agree completely with what you said. Besides, with full site SSL, you can use SPDY, which potentially can give websites with lots of content and elements a speed boost. My host recommended to not implement it yet, as it's still experimental, but I believe during the next months, there will be lots of changes and more websites using SSL / full site SSL. Still, what baffles me most is that this SSL error also seems to be Apache configuration related. I did not have this newsletter / search block issue before getting my Apache settings optimized. Obviously it is possible to make the code for both modules more secure, so I hope the next updates will include those changes we're currently discussing. And thanks again for your help Bill, it's much appreciated! Link to comment Share on other sites More sharing options...
Bill Dalton Posted September 11, 2014 Share Posted September 11, 2014 Here is a good web site for checking SSL installations. https://www.ssllabs.com/ssltest/index.html Link to comment Share on other sites More sharing options...
jetx Posted October 2, 2014 Share Posted October 2, 2014 firefox works in the same way at the moment it also filters unsecured content (when you're on secured page) in your case problem is related to module blocksearch you use instant search it means that in module .tpl flle you have to use {$link->getPageLink('search',true)|escape:'html':'UTF-8'} instead of {$link->getPageLink('search')|escape:'html':'UTF-8'} themes/default-bootstrap/modules/blocksearch/blocksearch-top.tpl Thanks for this vekia. This fixed the issue I was having with SSL. 1 Link to comment Share on other sites More sharing options...
Mister Denial Posted October 3, 2014 Share Posted October 3, 2014 Should we have this post marked as fixed? It looks like most of these errors are caused by the search block, and the fix for this issue has been posted. Link to comment Share on other sites More sharing options...
nsweb Posted January 22, 2015 Share Posted January 22, 2015 I added condition: if page loaded unsecure, form will be sent unsecure too. If page loaded secure, form use secure post too {if ($smarty.server.HTTPS == '') || ($smarty.server.HTTPS == 'off')} {assign var="secure_conn" value=false} {else} {assign var="secure_conn" value=true} {/if} .... {$link->getPageLink('search', $secure_conn)} Link to comment Share on other sites More sharing options...
Divyesh Prajapati Posted April 27, 2015 Share Posted April 27, 2015 (edited) Hi, I was having same issue and resolved with changes as mentioned below. Hope it works for you guys. To resolve this do following steps. 1. open blocksearch-top.tpl find this code <form id="searchbox" method="get" action="{$link->getPageLink('search')|escape:'html':'UTF-8'}" > and replace with <form id="searchbox" method="get" action="{$link->getPageLink('search', true)|escape:'html':'UTF-8'}" > 2. open blocknewsletter.tpl find code <form action="{$link->getPageLink('index')|escape:'html':'UTF-8'}" method="post"> and replace with <form action="{$link->getPageLink('index', true)|escape:'html':'UTF-8'}" method="post"> Edited April 27, 2015 by Divyesh Prajapati (see edit history) Link to comment Share on other sites More sharing options...
Totti Posted April 27, 2015 Share Posted April 27, 2015 getPageLink('index', true) true, what good is that parameter ? Link to comment Share on other sites More sharing options...
Divyesh Prajapati Posted April 27, 2015 Share Posted April 27, 2015 getPageLink('index', true) true, what good is that parameter ? What you meant ? Link to comment Share on other sites More sharing options...
Totti Posted April 27, 2015 Share Posted April 27, 2015 what is the true parameter ? a cosa serve il secondo parametro ? Link to comment Share on other sites More sharing options...
razaro Posted April 27, 2015 Share Posted April 27, 2015 It indicate to use link with SSL (https), by setting ssl parameter to true https://github.com/PrestaShop/PrestaShop/blob/ef462f8767559ce721889354ad292a2cc5e5fc81/classes/Link.php#L432 1 Link to comment Share on other sites More sharing options...
Recommended Posts