SSL HTTPS

[ricky11]

After adding ssl, and turning on the ssl in the PS BO.  I find their are so many link in the default theme like "sharethis" and javascript libraries and Google fonts that are being search from http requests vs https.

 

how do i default all urls on SECURE PAGES only to https?

 

what are other prestashop users doing when they get ssl? 

Thanks

Ricky

 

[vekia]

hello

 

if you use google fonts it probably means that you use some non default solutions (theme/modules).

you have to change these urls manually. there is no other way.

 

instead of http://address.to.source.com/ use //address.to.source.com

[ricky11]

hi Vekia.

Thanks.. lets look at it like this, their is probabaly not 1 shop lets just say out there that is using the default theme without any customization.  Atlest to be economically viable to be a owener of a ecommerce store the current default theme does not have the aesthetics to satisfy the demands of most online users.  So it would be fair to say that 99% of prestashop users are using custom themes or have develop their own theme with hevay front end customization.

 

in this respect a lot of the urls to third party tools like cdn networks, google api, javascript libraries,  etc need to be added, and usually they are http rather than https so to speed up the connection.  My question is how do most of these users automatically convert the http > https for these secure pages like the signup/order pages to force only https? 

 

I am not sure how they do it, and any advice would be welcome. Do i have to go through each of the order pages (i dont even know wihch tpl files they are) and which pages i need to change.  Most of them uses relative paths, in this case how do i force https request on these pages only?

 

Thank you.

 

Best,

RICKY

[ricky11]

hmm, i just read your last line to change to all relative paths, but do you know which tpl files i would need to change or is their any other files i would need to change? OR instead of changing line by line, can i use a script to force the browser to use all https ON secure pages only?

[vekia]

it's not possible to do it, you have to modify all files where http://url.com to external libraries appear. there is no other way, unfortunately.

 

i also don't know what files you have to change, as i said, it looks like you use some nondefault solutions, i don't know it. 

[ricky11]

Which files belong to /order in the url? I am not sure which tpl or php file i would have the edit.

i looked in the seo/url, but could not find which file.

 

Thanks.

[ricky11]

Hi, I found the files ,but find that there is not http link in the path, prestashop uses  example ; background-image: url('fancybox_sprite.png');

 

so it uses url, but how does it convert the url to http or https?

 

thanks.

[ricky11]

Solved myself. thanks.

[cip_invest]

Great you solve it.

Can you explain how ? As i have same problem

 

Best Regards

[ricky11]

Well you have to go thru all the pages and change the paths to relative paths...

 

it strange that this is not built in to all themes...

 

goto whynopadlock.com run a test on your site in https mode then you will see which links need to be taken care of.

[cip_invest]

Thats great thanks. Anyway im using ssl only on my account and order page, i have to force ssl on all pages to test with whynopadlock.com. And i found those errors

 

Total number of items: 118
Number of insecure items: 2

Insecure URL: http://fonts.googleapis.com/css?family=Open+Sans:600
Found in: https://www.site-name.ro/

Insecure URL: http://themes.googleusercontent.com/static/fonts/opensans/v7/MTP_ySUJH_bn48VBG8sNSonF5uFdDttMLvmWuJdhhgs.ttf
Found in: http://fonts.googleapis.com/css?family=Open+Sans:600

 

Please advice its better to have ssl on all pages or only on my account + order.

If you have https on all pages will affect google indexation ?

 

Thank you in advance for your help

Best Regards

[ricky11]

Are you using a custom theme.

 

It would be better to have ssl ONLY on pages where you are collecting user information. In  normal case it would just be order and checkout pages.

 

can you change the file to //fonts.google instead of http://fonts:

 

or you can put some if statement, its been a while, it think thats what we did.

 

Ricky

[cip_invest]

It seems it was zopim but when ive checked again with whynopadlock.com it shows 0 errors but firefox still tell me there are unsecured items

[vekia]

you have to change non-secured connection to secured for these files

there is no other way to solve this kind of problem.

[cip_invest]

the problem its after ive disable zoipm ( the module that ive downloaded from your modules post vekia )

whynopadlock.com its shows 0 errors but firefox and ie also tell me that are unsecured items on my website. i cant identify which ones. thats its my problem

by the way thank you so much guys for your fast reponses

ill send you by im the website name ( i dont want to be crawled yet by google as is not finished ), thats the reason i dont post here the link

[vekia]

can you enable zopim chat? i will inspect code, now i can't because it's ... disabled

[cip_invest]

i have disabled all modules but it seems firefox and ie get me the same error ( this website contains unsecured items ). when you disable a module the code remain in website ? i think no so zopim or facebook/twiter module isnt a problem. this its my opinion. If you want i can enable zopim. drop me a line. thanks again. much appreciated

 

later edit

 

i have inspected with firefox inspect element and ive found

 

15:48:31.287 Blocked loading mixed active content "http://fonts.googleapis.com/css?family=Open+Sans:600"[Learn More] login
15:48:31.538 Use of getPreventDefault() is deprecated.  Use defaultPrevented instead.

 

but im really newbie where i can found this

Edited January 20, 2014 by cip_invest (see edit history)

[HairMaker.Gr]

Hello 

How can you have ssl on all pages or only on my account + order.

How can you do it from BO ??

[cip_invest]

yes you can do it from BO

Preferences -> General

 

regarding my problem i have activated all modules and using firefoxx console i figured out what its the blocked content

 

Blocked loading mixed active content "http://fonts.googleapis.com/css?family=Open+Sans:600"

 

but i dont find where this link its i have downloaded all my public_html folder and ive used windows search using different keywords bot no luck

[HairMaker.Gr]

yes you can do it from BO

Preferences -> General

 

regarding my problem i have activated all modules and using firefoxx console i figured out what its the blocked content

 

Blocked loading mixed active content "http://fonts.googleapis.com/css?family=Open+Sans:600"

 

but i dont find where this link its i have downloaded all my public_html folder and ive used windows search using different keywords bot no luck

 

 

Thanks for your fast reply .!!!

[cip_invest]

Solved fount the font link in header.tpl and changed from http to https

Edited January 20, 2014 by cip_invest (see edit history)