spanishcivilwarstamps Posted September 3, 2014 Share Posted September 3, 2014 (edited) Hello! I run a Prestashop 1.5.4.1 installation. When accessing any SSL secured page, I get a notice that says that there are unsecured links. With inspector function in Chrome I found this: "The page at 'https://www.mysite.com/en/authentication?back=my-account' was loaded over HTTPS, but is submitting data to an insecure location at 'http://www.mysite.com/en/search': this content should also be submitted over HTTPS." I found that uninstalling the Quick Search Block module solves the issue, but I don't have any way to let my customers search in my website. Is there any way to sumbit data to /search over https? Thanks Edited October 6, 2014 by spanishcivilwarstamps (see edit history) Link to comment Share on other sites More sharing options...
spanishcivilwarstamps Posted September 3, 2014 Author Share Posted September 3, 2014 I've partially solved it through Positions, setting exceptions for all the pages that run under https: pdforderreturn, parentorder, pdfinvoice, orderreturn, orderopc, orderfollow, identity, address, addresses, orderslip, cart, history, myaccount, auth, discount, order, orderconfirmation, orderdetail, pdforderslip, mywishlist, account But is there a way to secure with SSL /search to avoid placing exception for the search bar in all the pages that require SSL? Link to comment Share on other sites More sharing options...
pel024 Posted September 4, 2014 Share Posted September 4, 2014 I've just started to get this error message in Chrome also. I wonder if this is due to a change in the way Google is assessing a pages' security as the problem has suddenly appeared despite making no changes to block search. The call comes from block search-top.tpl (in PS 1.5.6.2): <!-- Block search module TOP --> <div id="search_block_top"> <form method="get" action="{$link->getPageLink('search')|escape:'html'}" id="searchbox"> <p> <label for="search_query_top"><!-- image on background --></label> <input type="hidden" name="controller" value="search" /> <input type="hidden" name="orderby" value="position" /> <input type="hidden" name="orderway" value="desc" /> <input class="search_query" type="text" id="search_query_top" name="search_query" value="{$search_query|escape:'htmlall':'UTF-8'|stripslashes}" /> <input type="submit" name="submit_search" value="{l s='Search' mod='blocksearch'}" class="button" /> </p> </form> </div> which results in http://www.mysite.com/search, even on ssl pages. Anyone know how to fix this? Link to comment Share on other sites More sharing options...
sikarep Posted September 4, 2014 Share Posted September 4, 2014 Hi all, Same here, running 1.6.0.8 and using the default-bootstrap theme, we have successfully installed an EV SSL certificate, on all browser, except Chrome, we are getting the green URL. On Chrome, we are getting the https lock with the yellow warning triangle and the message stating that some resources in the page are pointing to insecure pages... So, we have run the chrome inspector and it seems the pages submitting data to http and also the search box... see the error messages we got for example for the contact-us page: The page at 'https://xxx.ch/contact-us' was loaded over HTTPS, but is submitting data to an insecure location at 'http://xxx.ch/search': this content should also be submitted over HTTPS. contact-us:165 The page at 'https://xxx.ch/contact-us' was loaded over HTTPS, but is submitting data to an insecure location at 'http://xxx.ch/': this content should also be submitted over HTTPS. contact-us:290 and same on on the quick-order page and so on any form pages The page at 'https://xxx.ch/quick-order' was loaded over HTTPS, but is submitting data to an insecure location at 'http://xxx.ch/search': this content should also be submitted over HTTPS. quick-order:169 The page at 'https://xxx.ch/quick-order' was loaded over HTTPS, but is submitting data to an insecure location at 'http://xxx.ch/': this content should also be submitted over HTTPS. quick-order:243 We have tried to force the entire site to use https, but the problem continues. I have checked if we had any images or css pointing to http, but definitively it seems to in the core of the prestashop template. Would appreciate any guidance! Thanks! Link to comment Share on other sites More sharing options...
sikarep Posted September 4, 2014 Share Posted September 4, 2014 Ok, one more information, we found that the Get made by the search box and the Post made by the Newsletter subscription created the HTTP insecure code in Chrome (by running the inspector. Now, if we force HTTPS to the entire shop, we don't have anymore the error from the Newsletter Post code... and, if we disable the search module (in french: Bloc recherche rapide v1.5.1 - by PrestaShop), no more HTTP error for the Search box of course... and Green lock.... of course, we haven't solved it, but at least we found where it comes from, now maybe someone else can help us how to force those two on https? Big thanks in advance! Link to comment Share on other sites More sharing options...
sikarep Posted September 4, 2014 Share Posted September 4, 2014 we have tried to modify blocksearch-top.tpl adding ,true in getPageLink, recompile, stop caching, empty cache, reloaded the page, but still doesn't work, same error on the Search box Get, so we haven't even tried to modify the newsletter... any other ideas?? <form id="searchbox" method="get" action="{$link->getPageLink('search', true)|escape:'html':'UTF-8'}" > Link to comment Share on other sites More sharing options...
pel024 Posted September 5, 2014 Share Posted September 5, 2014 (edited) Adding "true" to the URL should work so if it doesn't then the chances are that the file is being overridden by your theme. Check your theme for the blocksearch-top.tpl, probably in themes/yourtheme/modules/blocksearch. Changing: <form method="get" action="{$link->getPageLink('search')|escape:'html'}" id="searchbox"> to: <form method="get" action="{$link->getPageLink('search', true)|escape:'html'}" id="searchbox"> will force the link to be called with https on all pages. I changed mine to the following: {if $search_ssl == 1}<form method="get" action="{$link->getPageLink('search', true)|addslashes}" id="searchbox">{else}<form method="get" action="{$link->getPageLink('search')|addslashes}" id="searchbox"{/if} This ensures the link is https only on pages that need it to be, and the green padlock has returned:) Edited September 5, 2014 by pel024 (see edit history) 8 Link to comment Share on other sites More sharing options...
sikarep Posted September 5, 2014 Share Posted September 5, 2014 Adding "true" to the URL should work so if it doesn't then the chances are that the file is being overridden by your theme. Check your theme for the blocksearch-top.tpl, probably in themes/yourtheme/modules/blocksearch. Changing: <form method="get" action="{$link->getPageLink('search')|escape:'html'}" id="searchbox"> to: <form method="get" action="{$link->getPageLink('search', true)|escape:'html'}" id="searchbox"> will force the link to be called with https on all pages. I changed mine to the following: {if $search_ssl == 1}<form method="get" action="{$link->getPageLink('search', true)|addslashes}" id="searchbox">{else}<form method="get" action="{$link->getPageLink('search')|addslashes}" id="searchbox"{/if} This ensures the link is https only on pages that need it to be, and the green padlock has returned:) Thanks!!! at least good to know that it worked for someone else! What we had tried exactly this change, we did the correction on the theme we use... given that it was the first time we made changes to tpl files, maybe we did not recompile correctly? What we did was force recompile, stop caching, empty cache, reloaded the page, no luck... 1 Link to comment Share on other sites More sharing options...
regalosbaratitos Posted September 6, 2014 Share Posted September 6, 2014 Hi, I'm with the same problem on two stores. can you help me solve this problem? Thank you Link to comment Share on other sites More sharing options...
vekia Posted September 6, 2014 Share Posted September 6, 2014 Hi, I'm with the same problem on two stores. can you help me solve this problem? Thank you have you tried to force ssl connection with code mentioned by sikarep Link to comment Share on other sites More sharing options...
regalosbaratitos Posted September 6, 2014 Share Posted September 6, 2014 have you tried to force ssl connection with code mentioned by sikarep hi, if I did but I did not solve the problem. My solution: blocksearch-top.tpl, probably in themes/yourtheme/modules/blocksearch. Changing: <form method="get" action="{$link->getPageLink('search')|escape:'html'}" id="searchbox"> to: <form method="get" action="https://YOUSITE.com/search.php" id="searchbox"> 1 Link to comment Share on other sites More sharing options...
vekia Posted September 6, 2014 Share Posted September 6, 2014 so i think that your case needs deeper inspection please share url to your shop Link to comment Share on other sites More sharing options...
sikarep Posted September 8, 2014 Share Posted September 8, 2014 Thanks!!! at least good to know that it worked for someone else! What we had tried exactly this change, we did the correction on the theme we use... given that it was the first time we made changes to tpl files, maybe we did not recompile correctly? What we did was force recompile, stop caching, empty cache, reloaded the page, no luck... Thanks Pel024!!!! In fact, you were right, I thought I did the change in my theme's module, but I did not, so I have made again the same changes this morning and the site is now running perfectly! We have made one change at once, so we haven't implemented your conditional code to use https only when required. we had had to also chance the newsletter block <form action="{$link->getPageLink('index',true)|escape:'html':'UTF-8'}" method="post">? So if the condition in that case will be something like this {if $index_ssl == 1}... ? BTW, I'd like to thanks Wdxperience http://www.prestashop.com/forums/user/23356-wdxperience/ who gave us the initial hint to add true to the code!!!! Once we will have corrected the 2 modules with the conditional code, we will post the final resolution here and also turn the discussion to SOLVED Link to comment Share on other sites More sharing options...
Mister Denial Posted September 9, 2014 Share Posted September 9, 2014 we had had to also chance the newsletter block <form action="{$link->getPageLink('index',true)|escape:'html':'UTF-8'}" method="post">? So if the condition in that case will be something like this {if $index_ssl == 1}... ? Hi, could you please post the exact code with the change, how you modified the newsletter form to also include SSL? I am having the same issue as you, and am not sure how to implement your fix. Thanks in advance! Link to comment Share on other sites More sharing options...
Bill Dalton Posted September 9, 2014 Share Posted September 9, 2014 To Post number #6 In addition to the "true", you need to add "/" in front of search. It will look like this. <form method="get" action="{$link->getPageLink('/search',true)}" id="searchbox"> 2 Link to comment Share on other sites More sharing options...
snowlis Posted September 23, 2014 Share Posted September 23, 2014 Anyone have solved this ? I have the same problem on my website: Link to comment Share on other sites More sharing options...
Mister Denial Posted September 24, 2014 Share Posted September 24, 2014 @ snowlis: have you managed to identify which part of your website is loading unsecure? In my case it was both the search bar and the newsletter subscription bar, both problems could be fixed with the solutions posted by Bill and pel024 1 Link to comment Share on other sites More sharing options...
snowlis Posted September 24, 2014 Share Posted September 24, 2014 @Mister Denial: I'm using prestashop 1.5.6.2 and I have changed the file blocksearch-top.tpl in the following routes: /modules/BlockSearch /themes/Default/Modules/BlockSearch changing the file in the following way: <div class="input_search" data-role="fieldcontain"> {if $search_ssl == 1} <form method="get" action="{$link->getPageLink('/search', true)|addslashes}" id="searchbox"> {else} <form method="get" action="{$link->getPageLink('/search')|addslashes}" id="searchbox"> {/if} <input type="hidden" name="controller" value="search" /> <input type="hidden" name="orderby" value="position" /> <input type="hidden" name="orderway" value="desc" /> <input class="search_query" type="search" id="search_query_top" name="search_query" placeholder="{l s='Search' mod='blocksearch'}" value="{$search_query|escape:'htmlall':'UTF-8'|stripslashes}" /> </form> </div> and the error continues I can't load the SSL certificate correctly in some sections like the shopping-cart Does anyone know what can be happening? This is my store --> toes.es Please help me Link to comment Share on other sites More sharing options...
Bill Dalton Posted September 24, 2014 Share Posted September 24, 2014 The If statement is not necessary because the test for SSL is already built into the "get". Try completely removing this, {if $search_ssl == 1} <form method="get" action="{$link->getPageLink('/search', true)|addslashes}" id="searchbox">{else} <form method="get" action="{$link->getPageLink('/search')|addslashes}" id="searchbox"> And replace it with this, <form method="get" action="{$link->getPageLink('/search', true)|addslashes}" id="searchbox"> If that dosen't work try, {if $search_ssl == 1} <form method="get" action="{$link->getPageLink('/search', true)|addslashes}" id="searchbox">{else} <form method="get" action="{$link->getPageLink('/search', true)|addslashes}" id="searchbox"> You only need to change /themes/Default/Modules/BlockSearch Link to comment Share on other sites More sharing options...
snowlis Posted September 24, 2014 Share Posted September 24, 2014 Hi Bill Dalton, I have tried to make the changes like the two ways you have indicated me and the error persists. What else I can try? I don't know what to do :( Link to comment Share on other sites More sharing options...
Bill Dalton Posted September 24, 2014 Share Posted September 24, 2014 Are you sure this search box is BlockSearch ? Please confirm. An easy way is to rename the folders, for example rename the directory BlockSeach to xxBlockSeach. You will need to do this at both locations. If renaming your BlockSearch Directories breaks your search we will know we have the right module. If it doesn't break, we need to fix the correct module. Link to comment Share on other sites More sharing options...
Mister Denial Posted September 25, 2014 Share Posted September 25, 2014 Also (and sorry if I am asking the obvious), you have remembered to force recompile after making the changes, as well as clearing the browser cache? Link to comment Share on other sites More sharing options...
snowlis Posted September 25, 2014 Share Posted September 25, 2014 If I rename the blocksearch folder to xxxblocksearch in modules and themes/default/modules the search box at the top of the page dissapear and if I enter to the shopping-cart it's showing me the following errors: To Mister Denial: When I make the changes to blocksearch-top.tpl file on the default theme I always turn on the force recompile option. In this way it's showing me the following error: I don't know what more things I can try nothin works Link to comment Share on other sites More sharing options...
Bill Dalton Posted September 25, 2014 Share Posted September 25, 2014 (edited) OK ... in your blocksearch-top.tpl you should see the search code for mobile devi {if isset($hook_mobile)} <div class="input_search" data-role="fieldcontain"> <form method="get" action="{$link->getPageLink('search')}" id="searchbox"> <input type="hidden" name="controller" value="search" /> <input type="hidden" name="orderby" value="position" /> <input type="hidden" name="orderway" value="desc" /> <input class="search_query" type="search" id="search_query_top" name="search_query" placeholder="{l s='Search' mod='blocksearch'}" value="{if isset($smarty.get.search_query)}{$smarty.get.search_query|htmlentities:$ENT_QUOTES:'utf-8'|stripslashes}{/if}" /> </form> </div> and then a 2nd block of code for top search, <!-- Block search module TOP --> <section id="search_block_top" class="header-box"> <form method="get" action="{$link->getPageLink('/search',true)}" id="searchbox"> <p> <label for="search_query_top">{l s='Search' mod='blocksearch'}</label> <input type="hidden" name="controller" value="search" /> <input type="hidden" name="orderby" value="position" /> <input type="hidden" name="orderway" value="desc" /> <input class="search_query" type="text" id="search_query_top" name="search_query" value="{if isset($smarty.get.search_query)}{$smarty.get.search_query|htmlentities:$ENT_QUOTES:'utf-8'|stripslashes}{/if}" /> <a href="javascript:document.getElementById('searchbox').submit();"><i class="icon-search"></i></a> </p> </form> </section> Are you doing both? Edited September 25, 2014 by Bill Dalton (see edit history) Link to comment Share on other sites More sharing options...
snowlis Posted September 27, 2014 Share Posted September 27, 2014 I have the blocksearch-top.tpl like this: <!-- block seach mobile --> {if isset($hook_mobile)} <div class="input_search" data-role="fieldcontain"> <form method="get" action="{$link->getPageLink('/search', true)|addslashes}" id="searchbox"> <input type="hidden" name="controller" value="search" /> <input type="hidden" name="orderby" value="position" /> <input type="hidden" name="orderway" value="desc" /> <input class="search_query" type="search" id="search_query_top" name="search_query" placeholder="{l s='Search' mod='blocksearch'}" value="{$search_query|escape:'htmlall':'UTF-8'|stripslashes}" /> </form> </div> {else} <!-- Block search module TOP --> <div id="search_block_top"> <form method="get" action="{$link->getPageLink('/search',true)|escape:'html'}" id="searchbox"> <p> <label for="search_query_top"><!-- image on background --></label> <input type="hidden" name="controller" value="search" /> <input type="hidden" name="orderby" value="position" /> <input type="hidden" name="orderway" value="desc" /> <input class="search_query" type="text" id="search_query_top" name="search_query" value="{$search_query|escape:'htmlall':'UTF-8'|stripslashes}" /> <input type="submit" name="submit_search" value="{l s='Search' mod='blocksearch'}" class="button" /> </p> </form> </div> Bill Dalton as you can see I had already realized that I had to change the code in both places. The error continues nothing that I've tried works Link to comment Share on other sites More sharing options...
Bill Dalton Posted September 27, 2014 Share Posted September 27, 2014 The only difference seems to be )|escape:'html' Have you tried replacing, <form method="get" action="{$link->getPageLink('/search',true)|escape:'html'}" id="searchbox"> With <form method="get" action="{$link->getPageLink('/search',true)}" id="searchbox"> Link to comment Share on other sites More sharing options...
snowlis Posted September 27, 2014 Share Posted September 27, 2014 The only difference seems to be )|escape:'html' Have you tried replacing, <form method="get" action="{$link->getPageLink('/search',true)|escape:'html'}" id="searchbox"> With <form method="get" action="{$link->getPageLink('/search',true)}" id="searchbox"> Bill Dalton I also tried what you mention and the error persists. Link to comment Share on other sites More sharing options...
snowlis Posted September 27, 2014 Share Posted September 27, 2014 Also the changes we indicated also had to edit the following file: /themes/default/modules/blocknewsletter/blocknewsletter.tpl <!-- Block Newsletter module--> <div id="newsletter_block_left" class="block"> <p class="title_block">{l s='Newsletter' mod='blocknewsletter'}</p> <div class="block_content"> {if isset($msg) && $msg} <p class="{if $nw_error}warning_inline{else}success_inline{/if}">{$msg}</p> {/if} <form action="{$link->getPageLink('index')|escape:'html'}" method="post"> <p> <input class="inputNew" id="newsletter-input" type="text" name="email" size="18" value="{if isset($value) && $value}{$value}{else}{l s='your e-mail' mod='blocknewsletter'}{/if}" /> <input type="submit" value="ok" class="button_mini" name="submitNewsletter" /> <input type="hidden" name="action" value="0" /> </p> </form> </div> </div> <!-- /Block Newsletter module--> Changing the following line like this: <form action="{$link->getPageLink('index',true)|escape:'html'}" method="post"> Now my SSL certificate loads correctly. Thanks to all the people we helped me and specially Bill Dalton. 2 Link to comment Share on other sites More sharing options...
Bill Dalton Posted September 27, 2014 Share Posted September 27, 2014 (edited) Edit: just seen your last post. Fantastic! Edited September 27, 2014 by Bill Dalton (see edit history) Link to comment Share on other sites More sharing options...
JustPaul Posted September 30, 2014 Share Posted September 30, 2014 Thanks, this has fixed my Chrome and Dolphin SSL warnings. For the record, Firefox didn't produce any warnings. 1 Link to comment Share on other sites More sharing options...
spanishcivilwarstamps Posted October 6, 2014 Author Share Posted October 6, 2014 This is how I've solved it: I've updated to Prestashop 1.5.6.2 Then: Preferences > General: Force SSL on all pages YES Then I've edited classes/Link.php with this GitHub: https://github.com/PrestaShop/PrestaShop/commit/640100f10f789129dc50a0d68e3e82cedf85aad3 I've enabled Quick Search Box positions for all pages, with no restrictions, and all the content of the site is served in SSL. Forcing SSL on all pages may also improve SEO, as Google now gives priority in search results to sites fully served in SSL. So I mark this topic as solved. 1 Link to comment Share on other sites More sharing options...
malcek Posted November 2, 2014 Share Posted November 2, 2014 This solution is for prestashop 1.6.0.9 and anybody who use custom theme and in blocksearch-top.tpl is following code: <div class="input_search" data-role="fieldcontain"> <form method="get" action="{$link->getPageLink('search')}" class="searchbox"> <input type="hidden" name="controller" value="search" /> <input type="hidden" name="orderby" value="position" /> <input type="hidden" name="orderway" value="desc" /> <input class="search_query" type="search" id="search_query_top" name="search_query" placeholder="{l s='Search' mod='blocksearch'}" value="{if isset($smarty.get.search_query)}{$smarty.get.search_query|htmlentities:$ENT_QUOTES:'utf-8'|stripslashes}{/if}" /> </form> </div> {else} in my case we have to change only <form method="get" action="{$link->getPageLink('search')}" class="searchbox"> to <form method="get" action="{$link->getPageLink('search')}" id="searchbox"> and all warnings are gone and on SSL! best regards martin 1 Link to comment Share on other sites More sharing options...
ps3z Posted December 20, 2014 Share Posted December 20, 2014 To Post number #6 In addition to the "true", you need to add "/" in front of search. It will look like this. <form method="get" action="{$link->getPageLink('/search',true)}" id="searchbox"> im using prestashop 1.6.0.9 and i solved blocksearch and newsletter warnings by your solution.thanks. i wish to see that updates from senior developers Link to comment Share on other sites More sharing options...
magpole Posted December 24, 2014 Share Posted December 24, 2014 I am using 1.4.11, I fixed the ssl problem on computer with the solution, add "true" in blocksearch-top.tpl. But how to do the mobile side? I am using the mobile theme module by prestashop. I also add the "true" to the blocksearch-top.tpl under the mobile folder. But the error persist. Please help me. Thanks Link to comment Share on other sites More sharing options...
cycleelcyc Posted March 14, 2016 Share Posted March 14, 2016 Also the changes we indicated also had to edit the following file: /themes/default/modules/blocknewsletter/blocknewsletter.tpl <!-- Block Newsletter module--> <div id="newsletter_block_left" class="block"> <p class="title_block">{l s='Newsletter' mod='blocknewsletter'}</p> <div class="block_content"> {if isset($msg) && $msg} <p class="{if $nw_error}warning_inline{else}success_inline{/if}">{$msg}</p> {/if} <form action="{$link->getPageLink('index')|escape:'html'}" method="post"> <p> <input class="inputNew" id="newsletter-input" type="text" name="email" size="18" value="{if isset($value) && $value}{$value}{else}{l s='your e-mail' mod='blocknewsletter'}{/if}" /> <input type="submit" value="ok" class="button_mini" name="submitNewsletter" /> <input type="hidden" name="action" value="0" /> </p> </form> </div> </div> <!-- /Block Newsletter module--> Changing the following line like this: <form action="{$link->getPageLink('index',true)|escape:'html'}" method="post"> Now my SSL certificate loads correctly. Thanks to all the people we helped me and specially Bill Dalton. this works great for me. thanks. Link to comment Share on other sites More sharing options...
Recommended Posts