[SOLVED] Access CMS pages using https

[Amazzing]

Hello,

I have a shop with active SSL.

After updating to PS 1.5.6.0 I have an issue with CMS pages displayed in Fancybox.

Browsers block CMS content, because it is loaded  via http, so popups are just not appearing.

I tried to set link manually, instead of using {$link_conditions}, but even if https is forced for CMS link, it is redirected to http

Even if you simply try to open it it browser using https, it is redirected to http

 

Is there any way to get CMS pages loaded via https?

Edited October 18, 2013 by Amazzing (see edit history)

[vekia]

 

you can also "force ssl connection for each page" under preferences > general tab in back office (but then whole of your website will be work based on https)

[Amazzing]

Thanks, vekia,

 

This solved the issue. 

 

I just wonder, why this option is not enabled by default? 

Are there any drawbaks using https for all pages? Does it affect site performance or anything else?

[vekia]

no, it doesnt affect performance of website

and i don't know why it isn't enabled by default it's new feature in 1.5.6.0 version, maybe because of this

[Amazzing]

just found a drawback in using https on all pages, particularly CMS pages:

 

By default, when you upload an image via editor and insert it to article, its parth is saved as absolute and starts from http.

Example: http://yoursite/img/cms/imagename.png

 

This causes security warnings, because if site uses SSL, all resources must be loaded via secure connection.

Moreover, if you move to another domain, all these paths won't work anymore.

 

I tried to find a way to save relative image path using editor, but still could find it.

Does anybody know how to do that?

[Rusky]

just found a drawback in using https on all pages, particularly CMS pages:

 

By default, when you upload an image via editor and insert it to article, its parth is saved as absolute and starts from http.

Example: http://yoursite/img/cms/imagename.png

 

This causes security warnings, because if site uses SSL, all resources must be loaded via secure connection.

Moreover, if you move to another domain, all these paths won't work anymore.

 

I tried to find a way to save relative image path using editor, but still could find it.

Does anybody know how to do that?

Hi Amazzing

 

Frankly I'm suffering from the same issue and simply updating the link to add an S to the http link in the TinyMCE editor but frankly this is no answer as it cracks the image view under tinymce.

 

Anyone got a fix please... Thanks

[Amazzing]

... updating the link to add an S to the http link in the TinyMCE editor

 

Well, if you are updating the link, you better make it relative. In this case it will work with both http and https and even if you move to another domain. 

 

My content-manager adds lots of CMS pages with lots of images, so I created a special button to make all image links relative.

 

If you need it, just add this piece of code at the end of /js/tinymce.inc.js (this script is loaded with tinymce editor)

//added code to correct image paths
$(document).ready(function(){
	$('.cc_button').prepend('<li><button id="clearpaths" style="margin-top:15px">correct img paths</button></li>');
	
	$('#clearpaths').click(function(){	 
		var siteurl = window.location.host;	
		var i = 0;		
		$('.mceIframeContainer iframe').contents().find('img').each(function(){
			src = $(this).attr('src');			
			//remove www. if present
			newsrc = src.replace('www.'+siteurl, siteurl);	
			//remove http absolute path if present
			newsrc = newsrc.replace('http://'+siteurl,'');
			//remove https absolute path if present
			newsrc = newsrc.replace('https://'+siteurl,'');  
			$(this).attr('src', newsrc);
			$(this).attr('data-mce-src', newsrc);			
			if (src != newsrc){				
				i++;
			}
		});		
		alert (i+' links were corrected');
	}); 	
});
//end of added code

it adds a button in top menu, before "save". By clicking that button you make all img links relative.

 

This code might not be so elegant. But it does its job and it can be used as a temporary solution. 

 

Of course, saving relative paths by default, without using additional patches would be better

Edited October 23, 2013 by Amazzing (see edit history)

[raroch]

Hi,

 

I'm using version 1.5.4.1 and facing this exact issue. I'm using SSL during order preparations and term-of-use-and-conditions CMS page is getting blocked because it can be accessed only with HTTP.

 

How can I access a CMS page using HTTPS?

 

I tried modifying the order-carrier.tpl file (line 270) to get the HTTPS link from:

<label for="cgv">{l s='I agree to the Terms of Service and will adhere to them unconditionally.'}</label><a href="{$link_conditions}" class="iframe">{l s='(Read Terms of Service)'}</a>

to:

<label for="cgv">{l s='I agree to the Terms of Service and will adhere to them unconditionally.'}</label><a href="{$link->getPageLink('terms-of-use-and-conditions', true)}" class="iframe">{l s='(Read Terms of Service)'}</a>

I do get the HTTPS link correctly but I get 404 error when trying to access it.

 

Any way to solve that?

 

Couldn't find a solution in the forums. Would appreciate your help.

 

Thanks!

[vekia]

instead of simple $link_conditions try to use this:

 

{$link_conditions|replace:'http':'https'}

easy and quick

[raroch]

Hi Vekia,

 

I think your post was not submitted properly, is there a code part missing?

[vekia]

somehow code disappeared from my post :|

i updated it once again

[raroch]

Thanks Vekia, this indeed creates the link for HTTPS. The link is:

 

https://mapot.biz/he/content/3-terms-and-conditions-of-use?content_only=1

 

The issue is that the browser redirects the request back to HTTP and I get an error in the Chrome console saying:

 

[blocked] The page at https://mapot.biz/he/order ran insecure content from http://mapot.biz/he/content/3-terms-and-conditions-of-use?content_only=1.

 

Any idea how to avoid this?

[vekia]

ohh dear you've got right, this is the most annoying thing in prestashop - these weirdy redirections drive me crazy! ALl modern browsers block unsecured connections while you browse secured content. It must be fixed, definitely!

 

Now i've got a little workaround,

it will be necessary to modify the core. unfortunately.

 

open this file:

classes/controllers/frontController.php

 

there is a code like:
 

		if (Configuration::get('PS_SSL_ENABLED') && ($_SERVER['REQUEST_METHOD'] != 'POST') && $this->ssl != Tools::usingSecureMode())
		{	
			header('HTTP/1.1 301 Moved Permanently');
			header('Cache-Control: no-cache');
			if ($this->ssl)					
				header('Location: '.Tools::getShopDomainSsl(true).$_SERVER['REQUEST_URI']);
			else						
				header('Location: '.Tools::getShopDomain(true).$_SERVER['REQUEST_URI']);
			exit();
		}

remove it

 

 

 

i created pull request with this fix here: https://github.com/PrestaShop/PrestaShop/pull/956

[raroch]

Hi Vekia,

 

Thanks for pointing out the solution!

 

In 1.5.4.1 the code looks a bit different but close enough for me to figure it out 

I had to modify the code in two places in classes/controller/FrontController.php:

		// If current URL use SSL, set it true (used a lot for module redirect)
		if (Tools::usingSecureMode())
/*			$useSSL = $this->ssl = true;*/
			$useSSL = true;

and to comment out the redirect code:

/*
*		if ($this->ssl && !Tools::usingSecureMode() && Configuration::get('PS_SSL_ENABLED'))
*		{
*			header('HTTP/1.1 301 Moved Permanently');
*			header('Cache-Control: no-cache');
*			header('Location: '.Tools::getShopDomainSsl(true).$_SERVER['REQUEST_URI']);
*			exit();
*		}
*		elseif (Configuration::get('PS_SSL_ENABLED') && Tools::usingSecureMode() && !($this->ssl))
*		{
*			header('HTTP/1.1 301 Moved Permanently');
*			header('Cache-Control: no-cache');
*			header('Location: '.Tools::getShopDomain(true).$_SERVER['REQUEST_URI']);
*			exit();
*		}
*/

Seems to be working fine.

 

Thanks!

[vekia]

you're welcome

 

btw. in prestashop 1.5.5 in back office, there is an option to "force ssl" on all pages

solution is ready

[Divyesh Prajapati]

ohh dear you've got right, this is the most annoying thing in prestashop - these weirdy redirections drive me crazy! ALl modern browsers block unsecured connections while you browse secured content. It must be fixed, definitely!

 

Now i've got a little workaround,

it will be necessary to modify the core. unfortunately.

 

open this file:

classes/controllers/frontController.php

 

there is a code like:

 

		if (Configuration::get('PS_SSL_ENABLED') && ($_SERVER['REQUEST_METHOD'] != 'POST') && $this->ssl != Tools::usingSecureMode())
		{	
			header('HTTP/1.1 301 Moved Permanently');
			header('Cache-Control: no-cache');
			if ($this->ssl)					
				header('Location: '.Tools::getShopDomainSsl(true).$_SERVER['REQUEST_URI']);
			else						
				header('Location: '.Tools::getShopDomain(true).$_SERVER['REQUEST_URI']);
			exit();
		}

remove it

 

 

 

i created pull request with this fix here: https://github.com/PrestaShop/PrestaShop/pull/956

It worked for me

Thanks a lot Vekia!!!

[jstepp28]

Try this if you're still having issues:

 

https://github.com/PrestaShop/PrestaShop/commit/640100f10f789129dc50a0d68e3e82cedf85aad3

 

Worked like a charm for me on 1.5.6.2!

 

Thanks

James

[vekia]

modification that i pasted above is not a good way at the moment, things changed a lot since then

[vincent89]

prestashop 1.6.0.8

 

I Found the solution without erase anything.

 

enable ssl and force the ssl on all pages but uncheck html purifier library (very important). you could enable it after insert the image.

 

then go on CMS (exemple: about us) the image who's already there when you install prestashop work well even in ssl so you have to copy how they wrote the code. 

 

<img title="cms-img" src="../img/cms/cms-img.jpg" alt="cms-img" width="370" height="192" />

 

replace by your name image 

 

<img title="your name image" src="../img/cms/your name image.jpg" alt="your name image" width="370" height="192" />

 

write this way on the little popup window [insert/edit image] right after uploaded and chose the image from your file manager.

 

 source             ../img/cms/your name image.jpg

 image description   ....

 dimensions             ...

 

Save it and go to enable the html filter purifier if you done to put new images.

Now it should work. your image is here and your page is still SSL.

 

ps: you'll have to disable html purifier library every time you need to add a new picture from your file manager otherwise it will appear this famous question mark instead of the image and your page won't be SSL

 

It tooks 2weeks to found that, I hope you'll appreciate this post. That's the most annoying bug on prestashop, I don't even know why the Presta team didn't fix that so far!!!!????

 

 

I still have a problem with the homeslider who's disappear when running on Safari, need to refresh the page every time I come back on the home page!!! if somebody have the Solution I'll appreciate to know it thanks

Edited July 10, 2014 by vincent89 (see edit history)

[vekia]

hello

in fact purifier will change contents even if you will turn it on after whole addition process

this is why it's worth to turn it off, at all

[mir-aus]

HI there

I have problem in my PS1.6 in cms page all img use different language folder. how can i fix this

If I add my img in cms page like this ../../img.img it working but if I add it like ../img.img in different languages url use like this

https://mywebsite/en/img.img

 

any suggestion?  

[LauraPresta]

im face same problem but in 1.6.0.6

 

exemple of page : https://www.jeveuxmescheveux.fr/fr/content/10-ondulations-curls

cms image not loaded thru https

 

Vekia solution (delete part of code in frontcontroller didnt worked in 1.6.0.6)

 

i dont have option "html purifier library"

 

Anyone got a new solution actually ?

 

i have hundreds page/product with image on it, and it would be so long to change all url to relative... :/

[Palie]

Did you find solution?