[SOLVED] SECURITY WARNING - when switching from HTTPS cart to unsecure page???

[Mid_west]

I have searched but cant seem to find the correct answer to this problem.

Heres the issue. When Im on my HTTPS cart and navigate back to what is normally a non-secure page, I get a security warning in IE. I know what the issue is, the new link to the product page is now HTTPS but when it loads the jquery.js and tools.js it pulls them from the HTTP (or unsecured) link.

How can I solve this issue?

[badger1010]

Get an SSL certificate for your site, then any address will work http or https.

[razaro]

Not sure if it is problem with jquery.js and tools.js.

Can you post link to your site ?

[Mid_west]

Get an SSL certificate for your site, then any address will work http or https.

If it were only that simple! I DO have a cert on my server.

www.CocoMeal.com/cart

[enigma32]

IF you told me exactly what you posted here I already know your answer!

Silly scott

[enigma32]

I ran into the same problem in the past, and already answered him in a private manner

for others who may find this searchign for same answer:

only pages MEANT for ssl will not throw up errors. If you try to view product.php or other pages via ssl you get errors. make sure your menu links are {$base_dir} and NOT {$content_dir} or {$base_dir_ssl}

k thx

[Star]

I have searched but cant seem to find the correct answer to this problem.

Heres the issue. When Im on my HTTPS cart and navigate back to what is normally a non-secure page, I get a security warning in IE. I know what the issue is, the new link to the product page is now HTTPS but when it loads the jquery.js and tools.js it pulls them from the HTTP (or unsecured) link.

How can I solve this issue?

For any pages you DO NOT WANT HTTPS, replace the first line of related php page ex:product.php

<?php

with

<?php
if  ( $_SERVER['HTTPS'] )
       {
               $host = $_SERVER['HTTP_HOST'];
               $request_uri = $_SERVER['REQUEST_URI'];
               $good_url = "http://" . $host . $request_uri;

               header( "HTTP/1.1 301 Moved Permanently" );
               header( "Location: $good_url" );
               exit;
       }

That will do.....

[Mid_west]

That will do.....

Actually Enigma32 had the right answer. I should have marked this one solved the other day. Thank you for jumping in though! Its nice to see the support considering this cart is such a PITA to configure correctly.

[enigma32]

I have searched but cant seem to find the correct answer to this problem.

Heres the issue. When Im on my HTTPS cart and navigate back to what is normally a non-secure page, I get a security warning in IE. I know what the issue is, the new link to the product page is now HTTPS but when it loads the jquery.js and tools.js it pulls them from the HTTP (or unsecured) link.

How can I solve this issue?

For any pages you DO NOT WANT HTTPS, replace the first line of related php page ex:product.php

<?php

with

<?php
if  ( $_SERVER['HTTPS'] )
       {
               $host = $_SERVER['HTTP_HOST'];
               $request_uri = $_SERVER['REQUEST_URI'];
               $good_url = "http://" . $host . $request_uri;

               header( "HTTP/1.1 301 Moved Permanently" );
               header( "Location: $good_url" );
               exit;
       }

That will do.....

Star.. The best practice is not to deliver anything over HTTPS that isn't necessary. IE anything you should be logged in to do should be over SSL. Viewing products should not require SSL.

Presta was designed with that in mind.. His problem was his "menu bar" was using {$content_dir} in the links. For those that don't know, {$content_dir} will display a link with http if not currently in ssl, and https if the current page is in ssl. {$base_dir_ssl} will have the same result. {$base_dir} will always default to http, and is the proper variable to use for your menu links. Links to things that will definately be ssl, or atleast might be, should use content_dir.

[Ensign]

Thanks Star,

You just save my life. I have used all the ways I can think of. I changed all menu links to {$base_dir} and NOT {$content_dir} or {$base_dir_ssl}, but didn't work. Your way rock. Thank you.

[Mid_west]

Thanks Star,

You just save my life. I have used all the ways I can think of. I changed all menu links to {$base_dir} and NOT {$content_dir} or {$base_dir_ssl}, but didn't work. Your way rock. Thank you.

Thats odd, I wonder why it worked for me and not you?

[termenator]

Changed all menu links to {$base_dir} and NOT {$content_dir} or {$base_dir_ssl}

This way doesn't work.

Star, your way works. Thanks.

[enigma32]

Because there must be something else causing them the problem

Presta has all sorts of SSL issues.

[Mid_west]

Changed all menu links to {$base_dir} and NOT {$content_dir} or {$base_dir_ssl}

This way doesn't work.

Star, your way works. Thanks.

Nope, works just fine for me! And we are using it on multiple sites. As Enigma said, there must be something else wrong.

[Yoda]

Changed all menu links to {$base_dir} and NOT {$content_dir} or {$base_dir_ssl}

Yea, it doesn't work.

Star, do you know how to change the https://www.mydomain.com to http://www.mydomain.com?

Thanks for the help.

[Star]

Replace the first line of index.php

<?php

with

<?php
if  ( $_SERVER['HTTPS'] )
       {
               $host = $_SERVER['HTTP_HOST'];
               $request_uri = $_SERVER['REQUEST_URI'];
               $good_url = "http://" . $host . $request_uri;

               header( "HTTP/1.1 301 Moved Permanently" );
               header( "Location: $good_url" );
               exit;
       }

That will do.....

[Mid_west]

Changed all menu links to {$base_dir} and NOT {$content_dir} or {$base_dir_ssl}

Yea, it doesn't work.

Star, do you know how to change the https://www.mydomain.com to http://www.mydomain.com?

Thanks for the help.

Ok, you guys win. However, this problem has officially been resolved for MY site so Im off to another issue (one of the MANY with this cart!).

Thanks for the solution Enigma, as always you rock. And thank you Star for offering to help as well. Regardless of which answer is best, the support is very nice to see especially with such a PITA cart!

[Star]

Changed all menu links to {$base_dir} and NOT {$content_dir} or {$base_dir_ssl}

Yea, it doesn't work.

Star, do you know how to change the https://www.mydomain.com to http://www.mydomain.com?

Thanks for the help.

Ok, you guys win. However, this problem has officially been resolved for MY site so Im off to another issue (one of the MANY with this cart!).

Thanks for the solution Enigma, as always you rock. And thank you Star for offering to help as well. Regardless of which answer is best, the support is very nice to see especially with such a PITA cart!

I am the worst programmer. I have very limited knowledge in codes. I am just trying to show the ways how I solved my problems here, they may not be the best ways.

[Star]

Thanks Star,

You just save my life. I have used all the ways I can think of. I changed all menu links to {$base_dir} and NOT {$content_dir} or {$base_dir_ssl}, but didn't work. Your way rock. Thank you.

Yes, I know. Changed all menu links to {$base_dir} and NOT {$content_dir} or {$base_dir_ssl} didn't work for me. I even asked Rocky to double check my site to see what the problem was and both of us couldn't find anything wrong. And it is such a pain that I have to change links every time there is an upgrade. I just add the codes that I posted few threads ago as a separated page named : seperatedpage.php and used

include(dirname(__FILE__).'/seperatedpage.php');

at the beginning of the pages after <?php that I want the pages to be http, and it works. It save my time.

However, like what I said, I am the worst programmer..... it may not be the best way.

Glad that it works for you.

[metta]

Star,

Your way works better for me. My category menu is used in some pages that are under http and some are under https. When I changed all category menu links to {$base_dir}, I got security errors on the https pages. But if I changed all links to {$base_dir_ssl}, when I want to go to http page from https pages, it will make my http page to https page, therefore it gives me security errors. I just used your way. It works. Thanks.