walkman Posted June 6, 2005 Share Posted June 6, 2005 When I try to submit a 'contact us' message, or when I try to 'add to cart' on product_info.php I get the following error: 'although this page is encrypted, the info is being sent over an unencrypted connection' SSL is working fine on my account and the checkout process. *** Are these pages supposed to be secure? Any ideas on what would cause these warning? Thx. Link to comment Share on other sites More sharing options...
Simplyeasier Posted June 6, 2005 Share Posted June 6, 2005 When I try to submit a 'contact us' message, or when I try to 'add to cart' on product_info.php I get the following error: 'although this page is encrypted, the info is being sent over an unencrypted connection' SSL is working fine on my account and the checkout process. *** Are these pages supposed to be secure? Any ideas on what would cause these warning? Thx. <{POST_SNAPBACK}> post a url Charles A kite flies highest AGAINST the wind ! "Life should NOT be a journey to the grave with the intention of arriving safely in an attractive and well preserved body, but rather to skid in sideways, a lover in one hand, martini in the other, body thoroughly used up, totally worn out and screaming ~ WOO HOO!! What a ride!" Link to comment Share on other sites More sharing options...
walkman Posted June 6, 2005 Author Share Posted June 6, 2005 Ah, perfect ... a response from the SSL master!! :-) seatshield.com I get the warning on submit from contact_us and when I 'add to cart'. I get the warning msg on submit in both IE and firefox, and both my desktop & laptop. However, a friend said he didn't get it when he tested. I'm not sure if it might have something to do with cookie settings or what. I also did a file compare to see if I might have added something to contact_us, but nothing stood out. Thx. p.s. Your "SSL basics" post was very good. Link to comment Share on other sites More sharing options...
Guest Posted June 6, 2005 Share Posted June 6, 2005 appears you have your non ssl setup as http://seatshield.com and your ssl as http://www.seatshield.com set them both to http://www to match your certificate and also the cookie domain needs to match, set to www.seatchield.com Link to comment Share on other sites More sharing options...
walkman Posted June 6, 2005 Author Share Posted June 6, 2005 hmm ... I tried it, but I still get the warning message. I thought I could specify different domain names for http & https. That's what simplyeasier recommended in his reference (although I do it the opposite way). I assume you meant one should be http://www. & the other https://www. Here is my configure.php after the change you recommended. =========================================== define('HTTP_SERVER', 'http://www.seatshield.com'); define('HTTPS_SERVER', 'https://www.seatshield.com'); define('ENABLE_SSL', true); define('HTTP_COOKIE_DOMAIN', 'www.seatshield.com'); define('HTTPS_COOKIE_DOMAIN', 'www.seatshield.com'); define('HTTP_COOKIE_PATH', '/'); define('HTTPS_COOKIE_PATH', '/'); define('DIR_WS_HTTP_CATALOG', '/'); define('DIR_WS_HTTPS_CATALOG', '/'); define('DIR_WS_IMAGES', 'images/'); define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/'); define('DIR_WS_INCLUDES', 'includes/'); define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/'); define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/'); define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/'); define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/'); define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/'); Link to comment Share on other sites More sharing options...
walkman Posted June 6, 2005 Author Share Posted June 6, 2005 It turns out that I am only getting the warning messge when I use FireFox. IE doesn't report a problem. I did a google and found the message listed below. Has anyone else experienced this problem with firefox and OSC? I imagine it might scare off some customers. ====================================== > When I want to login at my online bank account, I get the warning that: > > 'Although this page is encrypted, the information you have entered is to > be sent over an unencrypted connection and could easily be read by a > third party.' > The "action" for this form is not https but rather is javascript. The browser doesn't know (prior to interpreting the javascript) what the javascript is going to do with the form data, so it assumes the worst, and you get this warning. Perhaps the warning should say "The data from this form is being sent through a script rather than directly and immediately through secure https, and so I cannot be sure that the data will be sent securely to the server." In this case, the javascript appears to me to post the form data securely to the server. Communicator 4.x handled this case by waiting to see whether the subsequent outgoing network connection done by the script was http or https, and warning only if it was not https. But mozilla warns before the script is run, as I understand it. Sigh. -- Link to comment Share on other sites More sharing options...
♥Vger Posted June 6, 2005 Share Posted June 6, 2005 It still doesn't explain why the page is expected to be https anyway. Even when logged in and coming to the page from having been in a secure part of the site the contact_us.php page should still be http. Perhaps specifying NONSSL in the root level php page would solve the problem. Vger Link to comment Share on other sites More sharing options...
walkman Posted June 6, 2005 Author Share Posted June 6, 2005 I think you're on the right track. My "Base Href =" is not being set properly. If I go with the standard osc code the base ref always shows up as "http://" and nothing is SSL. I found a fix that said to use: $request_type = (eregi ($HTTP_HOST, HTTPS_SERVER)) ? 'SSL' : 'NONSSL'; When I do that base ref always shows up as "https://" & everythign works except for the contact us & add to cart. I guess it only affects firefox for the reason above. Link to comment Share on other sites More sharing options...
walkman Posted June 6, 2005 Author Share Posted June 6, 2005 Ok - final reply: I was able to fix the problem with the following code change in application_top.php. replace: $request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL'; With: $request_type = (getenv('HTTPS') == 'on' or getenv('SERVER_PORT') == 443) ? 'SSL' : 'NONSSL'; After: define('PROJECT_VERSION', 'osCommerce 2.2-MS2'); // set the type of request (secure or not) Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.