Jump to content

[SOLVED] New SSL certificate, yellow to green padlock, how to fix insecure URL's


generalexperts

Recommended Posts

  • 3 weeks later...

i dont really understand the question though but.

 

 

Domain Name:
URL Tested:
Number of items downloaded on page: 97

check.PNGValid Certificate found. check.PNGCertificate valid through: Aug 21 23:59:59 2015 GMT
Certificate Issuer: COMODO CA Limited check.PNGAll 97 items called securely! check.PNGSecure calls made to other websites:


apis.google.com is valid and secure.

 is valid and secure.

Edited by Zeepshop (see edit history)
  • Like 1
Link to comment
Share on other sites

Hi!

 

All locks good if you check this out: ********

 

Then type in you're site.

 

If you paid for the green bar? It is not cheap, it costs From € 359.00 per year. Then it should be GREEN.

 

If you have a regular certificate, you will get a green bar if you use Google Crome. But not with other browsers.

 

By the way, not to have a green bar does not mean you are unsecured. HTTP (S) means that it is secure.

 

Consumers have been taught that they must look for the green bar to be sure that the site is secured. I think that, given that in a big way only company that can afford these ridiculously expensive certificates. Sure, you get a much higher security, and moreover, you are insured with a fairly high amount if you get hacked, sure that's really good! But they should lower the prices considerably so that we all shop owners would be able to drive safer and that clients might feel safer too. But that's my thoughts. What do you think?

 

Regards

 

MacRoy

Edited by MacRoy (see edit history)
Link to comment
Share on other sites

Everything looks good except for when using Chrome. It goes quickly from Green to yellow. I did not pay that high of a price for my SSL per year. Although, I think there is something else in my site that isn't being detected, because why would it show green at all. I'm also using Front Office Zoom module which loads content at the top first or uneeded, so maybe it gets to the bottom of my site or something not needed to load right away (purpose of this module) and the content is unsecure so it switches? I don't know. 

 

Yes i am aware yellow is fine, just trying to keep customers from leaving. Such an annoying problem!

 

Thanks!

Link to comment
Share on other sites

I'm reading that it is encrypted under the connection tab. But there are other resources which are maybe not secure. 

 

 

Not sure what I would do in my .htaccess file. But here it is....



# ~~start~~ Do not remove this comment, Prestashop will keep automatically the code outside this comment when .htaccess will be generated again
# .htaccess automaticaly generated by PrestaShop e-commerce open-source solution
# http://www.prestashop.com - http://www.prestashop.com/forums

<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP_HOST} ^www.mysite.com$
RewriteRule . - [E=REWRITEBASE:/]
RewriteRule ^api/?(.*)$ %{ENV:REWRITEBASE}webservice/dispatcher.php?url=$1 [QSA,L]

# Images
RewriteCond %{HTTP_HOST} ^www.mysite.com$
RewriteRule ^([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ %{ENV:REWRITEBASE}img/p/$1/$1$2$3.jpg [L]
RewriteCond %{HTTP_HOST} ^www.mysite.com$
RewriteRule ^([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ %{ENV:REWRITEBASE}img/p/$1/$2/$1$2$3$4.jpg [L]
RewriteCond %{HTTP_HOST} ^www.mysite.com$
RewriteRule ^([0-9])([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ %{ENV:REWRITEBASE}img/p/$1/$2/$3/$1$2$3$4$5.jpg [L]
RewriteCond %{HTTP_HOST} ^www.mysite.com$
RewriteRule ^([0-9])([0-9])([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ %{ENV:REWRITEBASE}img/p/$1/$2/$3/$4/$1$2$3$4$5$6.jpg [L]
RewriteCond %{HTTP_HOST} ^www.mysite.com$
RewriteRule ^([0-9])([0-9])([0-9])([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ %{ENV:REWRITEBASE}img/p/$1/$2/$3/$4/$5/$1$2$3$4$5$6$7.jpg [L]
RewriteCond %{HTTP_HOST} ^www.mysite.com$
RewriteRule ^([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ %{ENV:REWRITEBASE}img/p/$1/$2/$3/$4/$5/$6/$1$2$3$4$5$6$7$8.jpg [L]
RewriteCond %{HTTP_HOST} ^www.mysite.com$
RewriteRule ^([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ %{ENV:REWRITEBASE}img/p/$1/$2/$3/$4/$5/$6/$7/$1$2$3$4$5$6$7$8$9.jpg [L]
RewriteCond %{HTTP_HOST} ^www.mysite.com$
RewriteRule ^([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ %{ENV:REWRITEBASE}img/p/$1/$2/$3/$4/$5/$6/$7/$8/$1$2$3$4$5$6$7$8$9$10.jpg [L]
RewriteCond %{HTTP_HOST} ^www.mysite.com$
RewriteRule ^c/([0-9]+)(\-[\.*_a-zA-Z0-9-]*)(-[0-9]+)?/.+\.jpg$ %{ENV:REWRITEBASE}img/c/$1$2$3.jpg [L]
RewriteCond %{HTTP_HOST} ^www.mysite.com$
RewriteRule ^c/([a-zA-Z_-]+)(-[0-9]+)?/.+\.jpg$ %{ENV:REWRITEBASE}img/c/$1$2.jpg [L]
# AlphaImageLoader for IE and fancybox
RewriteCond %{HTTP_HOST} ^www.mysite.com$
RewriteRule ^images_ie/?([^/]+)\.(jpe?g|png|gif)$ js/jquery/plugins/fancybox/images/$1.$2 [L]

# Dispatcher
RewriteCond %{REQUEST_FILENAME} -s [OR]
RewriteCond %{REQUEST_FILENAME} -l [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteCond %{HTTP_HOST} ^www.mysite.com$
RewriteRule ^.*$ - [NC,L]
RewriteCond %{HTTP_HOST} ^www.mysite.com$
RewriteRule ^.*$ %{ENV:REWRITEBASE}index.php [NC,L]
RewriteCond %{HTTP_HOST} ^mysite.com$
RewriteRule . - [E=REWRITEBASE:/]
RewriteRule ^api/?(.*)$ %{ENV:REWRITEBASE}webservice/dispatcher.php?url=$1 [QSA,L]

# Images
RewriteCond %{HTTP_HOST} ^mysite.com$
RewriteRule ^([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ %{ENV:REWRITEBASE}img/p/$1/$1$2$3.jpg [L]
RewriteCond %{HTTP_HOST} ^mysite.com$
RewriteRule ^([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ %{ENV:REWRITEBASE}img/p/$1/$2/$1$2$3$4.jpg [L]
RewriteCond %{HTTP_HOST} ^mysite.com$
RewriteRule ^([0-9])([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ %{ENV:REWRITEBASE}img/p/$1/$2/$3/$1$2$3$4$5.jpg [L]
RewriteCond %{HTTP_HOST} ^mysite.com$
RewriteRule ^([0-9])([0-9])([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ %{ENV:REWRITEBASE}img/p/$1/$2/$3/$4/$1$2$3$4$5$6.jpg [L]
RewriteCond %{HTTP_HOST} ^mysite.com$
RewriteRule ^([0-9])([0-9])([0-9])([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ %{ENV:REWRITEBASE}img/p/$1/$2/$3/$4/$5/$1$2$3$4$5$6$7.jpg [L]
RewriteCond %{HTTP_HOST} ^mysite.com$
RewriteRule ^([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ %{ENV:REWRITEBASE}img/p/$1/$2/$3/$4/$5/$6/$1$2$3$4$5$6$7$8.jpg [L]
RewriteCond %{HTTP_HOST} ^mysite.com$
RewriteRule ^([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ %{ENV:REWRITEBASE}img/p/$1/$2/$3/$4/$5/$6/$7/$1$2$3$4$5$6$7$8$9.jpg [L]
RewriteCond %{HTTP_HOST} ^mysite.com$
RewriteRule ^([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ %{ENV:REWRITEBASE}img/p/$1/$2/$3/$4/$5/$6/$7/$8/$1$2$3$4$5$6$7$8$9$10.jpg [L]
RewriteCond %{HTTP_HOST} ^mysite.com$
RewriteRule ^c/([0-9]+)(\-[\.*_a-zA-Z0-9-]*)(-[0-9]+)?/.+\.jpg$ %{ENV:REWRITEBASE}img/c/$1$2$3.jpg [L]
RewriteCond %{HTTP_HOST} ^mysite.com$
RewriteRule ^c/([a-zA-Z_-]+)(-[0-9]+)?/.+\.jpg$ %{ENV:REWRITEBASE}img/c/$1$2.jpg [L]
# AlphaImageLoader for IE and fancybox
RewriteCond %{HTTP_HOST} ^mysite.com$
RewriteRule ^images_ie/?([^/]+)\.(jpe?g|png|gif)$ js/jquery/plugins/fancybox/images/$1.$2 [L]

# Dispatcher
RewriteCond %{REQUEST_FILENAME} -s [OR]
RewriteCond %{REQUEST_FILENAME} -l [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteCond %{HTTP_HOST} ^mysite.com$
RewriteRule ^.*$ - [NC,L]
RewriteCond %{HTTP_HOST} ^mysite.com$
RewriteRule ^.*$ %{ENV:REWRITEBASE}index.php [NC,L]
</IfModule>

<IfModule mod_expires.c>
	ExpiresActive On
	ExpiresByType image/gif "access plus 1 month"
	ExpiresByType image/jpeg "access plus 1 month"
	ExpiresByType image/png "access plus 1 month"
	ExpiresByType text/css "access plus 1 week"
	ExpiresByType text/javascript "access plus 1 week"
	ExpiresByType application/javascript "access plus 1 week"
	ExpiresByType application/x-javascript "access plus 1 week"
	ExpiresByType image/x-icon "access plus 1 year"
</IfModule>

FileETag INode MTime Size
<IfModule mod_deflate.c>
	<IfModule mod_filter.c>
		AddOutputFilterByType DEFLATE text/html text/css text/javascript application/javascript application/x-javascript
	</IfModule>
</IfModule>

#If rewrite mod isn't enabled
ErrorDocument 404 /index.php?controller=404

# ~~end~~ Do not remove this comment, Prestashop will keep automatically the code outside this comment when .htaccess will be generated again


# block visitors referred from semalt.com
RewriteEngine on
RewriteCond %{HTTP_REFERER} semalt.com [NC]
RewriteRule .* - [F]

AuthName "My Domain"
AuthUserFile "/home1/site/.htpasswds/public_html/mysite/passwd"
# Start CloudFlare:mydomain.com rewrite. Do not Edit 
RewriteEngine On 
RewriteCond %{HTTP_HOST} ^mysite.com 
RewriteRule ^(.*)$ http://www.%{HTTP_HOST}/$1 [R=301,L] 
# End CloudFlare rewrite.

<FilesMatch "\.(ttf|otf|eot|woff)$">
  <IfModule mod_headers.c>
    Header set Access-Control-Allow-Origin "*"
  </IfModule>
</FilesMatch>

RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?askapache\.com/.*$ [NC]
RewriteRule \.(gif|jpg|swf|flv|png)$ /feed/ [R=302,L]

# ----------------------------------------------------------------------
# CORS-enabled images (@crossorigin)
# ----------------------------------------------------------------------
# Send CORS headers if browsers request them; enabled by default for images.
# developer.mozilla.org/en/CORS_Enabled_Image
# blog.chromium.org/2011/07/using-cross-domain-images-in-webgl-and.html
# hacks.mozilla.org/2011/11/using-cors-to-load-webgl-textures-from-cross-domain-images/
# wiki.mozilla.org/Security/Reviews/crossoriginAttribute
<IfModule mod_setenvif.c>
  <IfModule mod_headers.c>
	# mod_headers, y u no match by Content-Type?!
	<FilesMatch ".(gif|png|jpe?g|svg|svgz|ico|webp)$">
	  SetEnvIf Origin ":" IS_CORS
	  Header set Access-Control-Allow-Origin "*" env=IS_CORS
	</FilesMatch>
  </IfModule>
</IfModule>
# ----------------------------------------------------------------------
# force the "www." at the beginning of URLs or vise versa as long as your using one or the other only and not both!
# ----------------------------------------------------------------------
RewriteCond %{HTTP_HOST} ^mysite.com
RewriteRule ^(.*)$ http://www.mysite.com/$1 [R=301,L]


# ----------------------------------------------------------------------
# Cross-domain AJAX requests
# ----------------------------------------------------------------------
# Serve cross-domain Ajax requests, disabled by default.
# enable-cors.org
# code.google.com/p/html5security/wiki/CrossOriginRequestSecurity
#  <IfModule mod_headers.c>
#	Header set Access-Control-Allow-Origin "*"
#  </IfModule> 
Edited by generalexperts (see edit history)
Link to comment
Share on other sites

The issue is your search form.  Chrome is reporting this issue

The page at was loaded over HTTPS, but is submitting data to an insecure location at this content should also be submitted over HTTPS.

The page is submitting data to an insecure location, means that when a customer attempts to perform a search, that data will go to the server using http (not secure).

<form method="get" action="http://www.domain.com/en/search" id="searchbox">

You need to edit the blocksearch template and change it to use ssl

Edited by bellini13 (see edit history)
  • Like 1
Link to comment
Share on other sites

I changed the 'blocksearch-top.tpl file. I had two lines of below:

<form method="get" action="{$link->getPageLink('search', true)}" id="searchbox">

I changed it to 

<form method="get" action="{$link->getPageLink('/search',true)}" id="searchbox">

This worked right away! I found the correct solution to editing this in the general discussion forum

'Quick Search Block module provokes unsecure SSL'

 

Thanks!

Edited by generalexperts (see edit history)
Link to comment
Share on other sites

  • 2 months later...

I fixed the error on computer by adding the "true" in blocksearch-top.tpl .

But don't know how to fix the mobile side.

Although, I did same thing in blocksearch-top.tpl under mobile theme.

Using: prestashop 1.4.11

           mobile theme module by prestashop

Please help

 

Thanks

Link to comment
Share on other sites

  • 1 year later...

I changed the 'blocksearch-top.tpl file. I had two lines of below:

<form method="get" action="{$link->getPageLink('search', true)}" id="searchbox">

I changed it to 

<form method="get" action="{$link->getPageLink('/search',true)}" id="searchbox">

This worked right away! I found the correct solution to editing this in the general discussion forum

'Quick Search Block module provokes unsecure SSL'

 

Thanks!

 

Does it mean you did add only forward slash symbol? I did it, but nothing did change. I'm using 1.4.6.2.

My original line was:

<form method="get" action="{$link->getPageLink('search.php')}" id="searchbox">

I updated it to:

<form method="get" action="{$link->getPageLink('/search.php', true)}" id="searchbox">

Nothing did change.

 

Anything else should require my attention here:

{*
* 2007-2011 PrestaShop 
*
* NOTICE OF LICENSE
*
* This source file is subject to the Academic Free License (AFL 3.0)
* that is bundled with this package in the file LICENSE.txt.
* It is also available through the world-wide-web at this URL:
* http://opensource.org/licenses/afl-3.0.php
* If you did not receive a copy of the license and are unable to
* obtain it through the world-wide-web, please send an email
* to [email protected] so we can send you a copy immediately.
*
* DISCLAIMER
*
* Do not edit or add to this file if you wish to upgrade PrestaShop to newer
* versions in the future. If you wish to customize PrestaShop for your
* needs please refer to http://www.prestashop.com for more information.
*
*  @author PrestaShop SA <[email protected]>
*  @copyright  2007-2011 PrestaShop SA
*  @version  Release: $Revision: 6989 $
*  @license    http://opensource.org/licenses/afl-3.0.php  Academic Free License (AFL 3.0)
*  International Registered Trademark & Property of PrestaShop SA
*}

<!-- Block search module TOP -->
<div id="search_block_top">

	<form method="get" action="{$link->getPageLink('search.php')}" id="searchbox">
		<p>
			<label for="search_query_top"><!-- image on background --></label>
			<input type="hidden" name="orderby" value="position" />
			<input type="hidden" name="orderway" value="desc" />
			<input class="search_query" type="text" id="search_query_top" name="search_query" value="{if isset($smarty.get.search_query)}{$smarty.get.search_query|htmlentities:$ENT_QUOTES:'utf-8'|stripslashes}{/if}" />
			<input type="submit" name="submit_search" value="{l s='Search' mod='blocksearch'}" class="button" />
	</p>
	</form>
</div>
{if $instantsearch}
	<script type="text/javascript">
	// <![CDATA[
		{literal}
		function tryToCloseInstantSearch() {
			if ($('#old_center_column').length > 0)
			{
				$('#center_column').remove();
				$('#old_center_column').attr('id', 'center_column');
				$('#center_column').show();
				return false;
			}
		}
		
		instantSearchQueries = new Array();
		function stopInstantSearchQueries(){
			for(i=0;i<instantSearchQueries.length;i++) {
				instantSearchQueries[i].abort();
			}
			instantSearchQueries = new Array();
		}
		
		$("#search_query_top").keyup(function(){
			if($(this).val().length > 0){
				stopInstantSearchQueries();
				instantSearchQuery = $.ajax({
				url: '{/literal}{if $search_ssl == 1}{$link->getPageLink('search.php', true)}{else}{$link->getPageLink('search.php')}{/if}{literal}',
				data: 'instantSearch=1&id_lang={/literal}{$cookie->id_lang}{literal}&q='+$(this).val(),
				dataType: 'html',
				success: function(data){
					if($("#search_query_top").val().length > 0)
					{
						tryToCloseInstantSearch();
						$('#center_column').attr('id', 'old_center_column');
						$('#old_center_column').after('<div id="center_column">'+data+'</div>');
						$('#old_center_column').hide();
						$("#instant_search_results a.close").click(function() {
							$("#search_query_top").val('');
							return tryToCloseInstantSearch();
						});
						return false;
					}
					else
						tryToCloseInstantSearch();
					}
				});
				instantSearchQueries.push(instantSearchQuery);
			}
			else
				tryToCloseInstantSearch();
		});
	// ]]>
	{/literal}
	</script>
{/if}

{if $ajaxsearch}
	<script type="text/javascript">
	// <![CDATA[
	{literal}
		$('document').ready( function() {
			$("#search_query_top")
				.autocomplete(
					'{/literal}{if $search_ssl == 1}{$link->getPageLink('search.php', true)}{else}{$link->getPageLink('search.php')}{/if}{literal}', {
						minChars: 3,
						max: 10,
						width: 500,
						selectFirst: false,
						scroll: false,
						dataType: "json",
						formatItem: function(data, i, max, value, term) {
							return "<img src=\"" + baseDir + "img/tmp/" + "product_mini_" + data.id_product + ".jpg\"  alt=\"" + value + "\" />" + value;
						},
						parse: function(data) {
							var mytab = new Array();
							for (var i = 0; i < data.length; i++)
								mytab[mytab.length] = { data: data[i], value: data[i].cname + ' > ' + data[i].pname };
							return mytab;
						},
						extraParams: {
							ajaxSearch: 1,
							id_lang: {/literal}{$cookie->id_lang}{literal}
						}
					}
				)
				.result(function(event, data, formatted) {
					$('#search_query_top').val(data.pname);
					document.location.href = data.product_link;
				})
		});
	{/literal}
	// ]]>
	</script>
{/if}
<!-- /Block search module TOP -->
Edited by HETPE3B (see edit history)
Link to comment
Share on other sites

  • 7 months later...
  • 2 years later...
On 8/26/2016 at 6:29 PM, zconsulting said:

Hello, 

Can you tell me how you resolved your issue of insecure links from nopadlock results

  1. Log into your PrestaShop admin panel.

  2. Navigate to Preferences -> SEO and URLs.

  3. Set Friendly URL option to No and click Save button:

    prestashop_1_6_how_to_regenerate_htaccess2

  4. Enable Friendly URL back and save the changes.

  5. .htaccess should be successfully regenerated in your store.

Edited by Athinodoros (see edit history)
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...