relative links causing ssl error

[babyewok]

This is really bugging me: on some pages, such as history.php (Prestashop v. 1.3.7.0) it adds extra js files as such:

 

/* JS files call */
$js_files = array(__PS_BASE_URI__.'js/jquery/jquery.scrollto.js', _THEME_JS_DIR_.'history.js');

 

Now this results in a relative link, rather than the absolute link that the following line in headre.tpl creates:

 

src="{$content_dir}js/jquery/jquery-1.2.6.pack.js"

 

The result is that some browsers like IE freak out and say there is unsecure content. Now why is __PS_BASE_URI__ resulting in a relative link? How do I get it to return an absolute link?

[phrasespot]

Relative URLs should not cause this as the protocol is auto completed by the browser so all relative URLs from a HTTPS page will be completed to HTTPS://relative. Could you please give an address where the problem is viewable (mixed content warning) and the version of IE you are having this problem with.

[babyewok]

Hi,

 

It turned out to be what I thought was a solution to my other problem: Google had been caching every pages ahttps becasue th canonical url was wrong. I had tried ot set up an htaccess file with a permanent rediirect from https to http except for the pages that needed it. This worked fine, except that in IE it throws up the unsecure error. In desperation, I have removed the redirect from htacces file...unless you have a suggestion as to why the redirect would throw up the error in IE?

[phrasespot]

A redirect from SSL to non-SSL will cause the warning unless browser setting "warn when leaving secure" (or similar) has been dismissed with "don't warn again". That said, a more definitive diagnosis is possible if you give me the redirect you use and the error producing URL if you can.

[babyewok]

This was my redirect, although I have removed it from the site now due to the error so can't give you a url

Options +FollowSymLinks
RewriteEngine on
RewriteCond %{HTTPS} =on
RewriteCond %{REQUEST_URI} !^/(order(.*)\.php|authentication\.php|authentication\.php?back=my-account\.php|my-account\.php|modules/referralprogram/referralprogram-program\.php|init\.php|address\.php|addresses\.php|identity\.php|modules/blockwishlist/managewishlist\.php|modules/blockwishlist/mywishlist\.php|modules/blockwishlist/view\.php|modules/loyalty/loyalty-program\.php|(.*)payment\.php|history\.php|discount\.php|modules/mailalerts/myalerts\.php|modules/paypal/redirect\.php|contact-form\.php)$
RewriteRule ^(.*)$ http://www.mydomain.co.uk/$1 [R=301,L]

[phrasespot]

OK and at what stage, moving from which state (URL) to which state you used to get the error? Talk me through the steps from arrival to the site to the error display please.

[babyewok]

Well, it only occurs on entering those pages that I have set up as exceptions. If I went to https://www.mydomain.co.uk, then it would redirect correctly to http://www.mydomain.co.uk without any errors. The error occured when I entered the shopping basket, log in, my account area and any pages within my account....as I said, any that were set up as exceptions.

 

It was really weird because one minute I would think I had solved it and there were no errors and the next, there they were again, so after trying everything I could think of and having no idea what causes the error, I gave up.

 

On the history page for example if I select 'Yes' to the pop up that asks if I want to show ONLY secure elements, the order details do not open up when clicked on and the page error points to the javacript files...hence my opening post to this thread. However, I found that even if I (temporarily) manually changed the url for those extra scripts incuded in history.php, I STILL got the unsecure items pop up in IE... not got much hair left!

[babyewok]

I should say that although I had given up, I would really like to get it working since I don't want to lose out on my google rankings after changing the canonical url to http.

[babyewok]

And that leaving the https to an http cause no errors - only when going from http to https

[phrasespot]

The reason you get the mixed warning content is the supporting material of the excluded addresses. Say, I ask https://home_page and get redirected to http://home_page (all fine). Then I login and ask for https://authentication, your redirect rule does not touch this as it is specifically excluded. But this request also involves JS, CSS, img files and all of these are redirected to http as per redirect rule. At that point browser gives mixed content warning.

 

You could try to cover missing requests but you will find that it would be a very long and complicated rewrite to manage all possible requests. Having pages indexed/cached as https will not reduce your rank as long as there is proper response to those requests. I have a couple of clients that run the entire thing on SSL connection and command top spots on search results on their respective fields. Alternatively ask Google to remove cached content, it is more or less automated from Webmasters' console.

[babyewok]

Hmm, that's a pain - oh well, thanks for your help