Jump to content

Chrome SSL error


Recommended Posts

Im having a problem with chrome saying data is being passed over a http connection.

This only happens in chrome. Cant replicate from safari or firefox. 

The console from safari and firefox shows no errors but in chrome it says

 

The page at 'https://affordable-electronics.co.uk/login?back=my-account' was loaded over HTTPS, but is submitting data to an insecure location at 'http://affordable-electronics.co.uk/search': this content should also be submitted over HTTPS.

 login:1
The page at 'https://affordable-electronics.co.uk/login?back=my-account' was loaded over HTTPS, but is submitting data to an insecure location at 'http://affordable-electronics.co.uk/': this content should also be submitted over HTTPS.
 
 
I cant understand why or how this would happen? Its not showing as a module causing the problem.
Ive tried clearing caches and disabling non prestashop modules.
 
Does anyone have any ides or is it limited to just my computer?
Link to comment
Share on other sites

firefox works in the same way at the moment

it also filters unsecured content (when you're on secured page)

 

in your case problem is related to module blocksearch

you use instant search

it means that in module .tpl flle you have to use 

{$link->getPageLink('search',true)|escape:'html':'UTF-8'}

instead of

{$link->getPageLink('search')|escape:'html':'UTF-8'}

themes/default-bootstrap/modules/blocksearch/blocksearch-top.tpl

  • Like 1
Link to comment
Share on other sites

  • 1 month later...

 

Im having a problem with chrome saying data is being passed over a http connection.

This only happens in chrome. Cant replicate from safari or firefox. 

The console from safari and firefox shows no errors but in chrome it says

 

The page at 'https://affordable-electronics.co.uk/login?back=my-account' was loaded over HTTPS, but is submitting data to an insecure location at 'http://affordable-electronics.co.uk/search': this content should also be submitted over HTTPS.

 

I have exactly the same error, in Chrome only, on the quick checkout page. I am using the default bootstrap template, and can't locate where the error comes from.

 

EDIT: in my case, I believe the searchbox and the newsletter input fields to cause the error - any ideas on how to fix this?

Edited by Mister Denial (see edit history)
Link to comment
Share on other sites

do you know what contents are loaded without ssl connection? this is the most important question, without these files it will be a little hard to help

each problem like that is different and depends on stuff like modules and on theme that you use

  • Like 1
Link to comment
Share on other sites

do you know what contents are loaded without ssl connection? this is the most important question, without these files it will be a little hard to help

 

each problem like that is different and depends on stuff like modules and on theme that you use

 

Hi Vekia,

 

thanks again for your help!

 

If I am to believe the info in Chrome console, it is the search box (quicksearch) and the newsletter email form at the bottom of the default tempalte. I was able to find how to force https on the quicksearch box by searching the forum,

<form id="searchbox" method="get" action="{$link->getPageLink('/search',true)|escape:'html':'UTF-8'}" >

but not how to make the newsletter form to post securely.

 

So if you have an idea how to make the newsletter email input form secure, that would be awesome!

Edited by Mister Denial (see edit history)
Link to comment
Share on other sites

MD, interesting, I've had the problem with the search but not the newsletter, here is my code for the newsletter, how does it compare with yours?

<!-- Block Newsletter module-->
<section id="newsletter_block_left"  class="block products_block column_box">
<h4><span>{l s='Newsletter' mod='blocknewsletter'}</span><i class="column_icon_toggle"></i></h4>
<div class="block_content toggle_content">
{if isset($msg) && $msg}
	<p class="{if $nw_error}warning_inline{else}success_inline{/if}">{$msg}</p>
{/if}
<form action="{$request_uri}" method="post"> 
	<p>
	{* @todo use jquery (focusin, focusout) instead of onblur and onfocus *}
	<input type="email" name="email" size="18" 
	value="{if isset($value) && $value}{$value}{else}{l s='Your email address' mod='blocknewsletter'}{/if}" 
	onfocus="javascript:if(this.value=='{l s='Your email address' mod='blocknewsletter' js=1}')this.value='';" 
	onblur="javascript:if(this.value=='')this.value='{l s='Your email address' mod='blocknewsletter' js=1}';" 
	class="inputNew" />
	<select name="action">
	<option value="0"{if isset($action) && $action == 0} selected="selected"{/if}>{l s='Subscribe' mod='blocknewsletter'}</option>
	<option value="1"{if isset($action) && $action == 1} selected="selected"{/if}>{l s='Unsubscribe' mod='blocknewsletter'}</option>
	</select>
	<input type="submit" value="ok" class="button_form button" name="submitNewsletter" />
	</p>
</form>
</div>
</section>
Edited by Bill Dalton (see edit history)
Link to comment
Share on other sites

@ Bill: thanks for your help on this. Are we talking about the blocknewsletter.tpl found in themes/mytheme/modules? If yes, my code looks like this:

<!-- Block Newsletter module-->
<div id="newsletter_block_left" class="block">
	<h4>{l s='Newsletter' mod='blocknewsletter'}</h4>
	<div class="block_content">
		<form action="{$link->getPageLink('index')|escape:'html':'UTF-8'}" method="post">
			<div class="form-group{if isset($msg) && $msg } {if $nw_error}form-error{else}form-ok{/if}{/if}" >
				<input class="inputNew form-control grey newsletter-input" id="newsletter-input" type="text" name="email" size="18" value="{if isset($msg) && $msg}{$msg}{elseif isset($value) && $value}{$value}{else}{l s='Enter your e-mail' mod='blocknewsletter'}{/if}" />
                <button type="submit" name="submitNewsletter" class="btn btn-default button button-small">
                    <span>{l s='Ok' mod='blocknewsletter'}</span>
                </button>
				<input type="hidden" name="action" value="0" />
			</div>
		</form>
	</div>
</div>
<!-- /Block Newsletter module-->
{strip}
{if isset($msg) && $msg}
{addJsDef msg_newsl=$msg|@addcslashes:'\''}
{/if}
{if isset($nw_error)}
{addJsDef nw_error=$nw_error}
{/if}
{addJsDefL name=placeholder_blocknewsletter}{l s='Enter your e-mail' mod='blocknewsletter' js=1}{/addJsDefL}
{if isset($msg) && $msg}
	{addJsDefL name=alert_blocknewsletter}{l s='Newsletter : %1$s' sprintf=$msg js=1 mod="blocknewsletter"}{/addJsDefL}
{/if}
{/strip}

When I check the error in Chrome Console, here's the code I get:

<div id="newsletter_block_left" class="block">
	<h4>Newsletter</h4>
	<div class="block_content">
		<form action="http://www.the-black-angel.com/" method="post">
			<div class="form-group" >
				<input class="inputNew form-control grey newsletter-input" id="newsletter-input" type="text" name="email" size="18" value="Enter your e-mail" />
                <button type="submit" name="submitNewsletter" class="btn btn-default button button-small">
                    <span>Ok</span>
                </button>
				<input type="hidden" name="action" value="0" />
			</div>
		</form>
	</div>
</div>

What I find strange is that this issue only happens in Chrome, in Firefox and Internet Explorer, the SSL bar is green.

 

I guess I could fix the issue by "hard coding" my domain to be https: but I was hoping there was a better solution, like the fix for the search block.

Link to comment
Share on other sites

Yeah, I dropped the java script at the bottom of yours, could not figure out what it did. Mine is also set to allow unsubscribe. You can see it here, top right in red, Join 911 Discount Offer - https://scrubscanada.ca/testsept/en/med-couture-gold/32-med-couture-gold-milan-top.html

Edited by Bill Dalton (see edit history)
Link to comment
Share on other sites

Hi Bill,

 

I see, nice! I am currently using the bootstrap template (modified), so I would actually just need to change the posting part and keep the input form layout intact. So I think I would need to replace only parts with your code, to also use <form action="{$request_uri}" method="post"> instead of <form action="{$link->getPageLink('index')|escape:'html':'UTF-8'}" method="post">

 

Any idea how to best do that?

Link to comment
Share on other sites

Hi Bill,

 

works perfectly fine, thanks a lot!

 

And I always make backups of files before tinkering with them! ;-)

 

I am just wondering about this, if this would maybe be something to post to forge as improvement, because this Chrome issue happened after my hosting company had their expert team optimize my Apache settings. So it's not directly a bug, but rewriting the code like you did makes it "more compatible".

 

What do you think?

Link to comment
Share on other sites

I agree, I'm pretty sure there are a few already. I think it is going to become an issue pretty quick now that Google is giving extra page rank love to web sites that use full site SSL.

 

And as you pointed out, this problem seemed to be related to only Chrome, and add to that many sites don't even have SSL, they use an offsite Gateway and the issue has been around only biting guys like us. But once SSL become mainstream, I have a feeling a lot of people are going to like this thread.

  • Like 1
Link to comment
Share on other sites

I agree completely with what you said. Besides, with full site SSL, you can use SPDY, which potentially can give websites with lots of content and elements a speed boost. My host recommended to not implement it yet, as it's still experimental, but I believe during the next months, there will be lots of changes and more websites using SSL / full site SSL.

 

Still, what baffles me most is that this SSL error also seems to be Apache configuration related. I did not have this newsletter / search block issue before getting my Apache settings optimized. Obviously it is possible to make the code for both modules more secure, so I hope the next updates will include those changes we're currently discussing.

 

And thanks again for your help Bill, it's much appreciated!

Link to comment
Share on other sites

  • 3 weeks later...

firefox works in the same way at the moment

it also filters unsecured content (when you're on secured page)

 

in your case problem is related to module blocksearch

you use instant search

it means that in module .tpl flle you have to use 

{$link->getPageLink('search',true)|escape:'html':'UTF-8'}

instead of

{$link->getPageLink('search')|escape:'html':'UTF-8'}

themes/default-bootstrap/modules/blocksearch/blocksearch-top.tpl

 

Thanks for this vekia. This fixed the issue I was having with SSL.

  • Like 1
Link to comment
Share on other sites

  • 3 months later...

I added condition: if page loaded unsecure, form will be sent unsecure too. If page loaded secure, form use secure post too

{if ($smarty.server.HTTPS == '') || ($smarty.server.HTTPS == 'off')}
{assign var="secure_conn" value=false}
{else}
{assign var="secure_conn" value=true}
{/if}
....
{$link->getPageLink('search', $secure_conn)}
Link to comment
Share on other sites

  • 3 months later...

Hi,

I was having same issue and resolved with changes as mentioned below. Hope it works for you guys.  :)

To resolve this do following steps.

1. open blocksearch-top.tpl 

find this code

<form id="searchbox" method="get" action="{$link->getPageLink('search')|escape:'html':'UTF-8'}" >

and replace with 

<form id="searchbox" method="get" action="{$link->getPageLink('search', true)|escape:'html':'UTF-8'}" >

2. open blocknewsletter.tpl

find code

<form action="{$link->getPageLink('index')|escape:'html':'UTF-8'}" method="post">

and replace with

<form action="{$link->getPageLink('index', true)|escape:'html':'UTF-8'}" method="post">
Edited by Divyesh Prajapati (see edit history)
Link to comment
Share on other sites

×
×
  • Create New...