[SOLVED] https for all site except category and subcategory

[tinama]

Hello,

 

I have Windows 7 home premium 64 bit SP1, the latest versions of Mozilla Firefox (50.0.2), Internet explorer (11.0.9600.18524) and Chrome (55.0.2883.75 m), and Prestashop 1.6.1.5.

 

I don't understand why on Chrome, all the URLs about categories and relate subcategories haven't the green padlock, while on Firefox and Internet Explorer both have it.

 

On Chrome, clicking on details, "Valid Certificate" and "Secure Connection" are green both, but in "Mixed Content"

is written what "The site includes HTTP resources".

Indeed looking into source code, all the  URLs ( "<a href="http://www."> ) about categories and subcategories include http://www.  and not  https://www.

All the other pages (homepage, cms pages, product pages, checkout pages, creation account pages, etc.) of the e-commerce have the green padlock on Chrome.

 

How can fix this issue?

Thanks

Edited December 9, 2016 by tinama (see edit history)

[rocky]

Google Chrome is more strict now. You'll need to make sure all resources are HTTPS instead of HTTP.

 

Unfortunately, without more information, I can't be more specific.

[tinama]

Hello,

 

I have Windows 7 home premium 64 bit SP1 and the latest versions of Mozilla Firefox (50.0.2), Internet explorer (11.0.9600.18524) and Chrome (55.0.2883.75 m)

 

My e-commerce has been developed with Prestashop 1.6.1.5 version.

 

In Internet Explorer and Firefox both, all the pages of www.prodottibionline.it  have the green padlock (so it's good),

while on Chrome all the categories and subcategories haven't the green padlock (it is not good), because all the URLs linked to the categories and subcategories include http://www.  and not  https://www. (have a look into source code about categories and subcategories pages).

 

Is possible to fix this issue?

Thanks

[rocky]

I see the following warning message in Chrome:

 

Mixed Content: The page at <HTTPS page> was loaded over a secure connection, but contains a form which targets an insecure endpoint <your_domain>/alimentari-biologici-certificati/?categories_rewrite=&noredirect=1'. This endpoint should be made available over a secure connection.

 

After finding this code, I see the problem is the productSort form. It is being sent over HTTP instead of HTTPS. You should have a look at product-sort.tpl in your theme and make sure the form action is HTTPS. Maybe change the line from something like:

<form id="productsSortForm{if isset($paginationId)}_{$paginationId}{/if}" action="{$request|escape:'html':'UTF-8'}" class="productsSortForm">

to:

<form id="productsSortForm{if isset($paginationId)}_{$paginationId}{/if}" action="{$request|escape:'html':'UTF-8'|str_replace:'http://':'https://'}" class="productsSortForm">

[tinama]

I opened my theme's folder and found product-sort.tpl file, then opened it and edited as above.

 

In Smarty, I clean the cache and tried also "Force compilation" and Save; so I clean everything on Chrome also (cookie, cache, etc.).

 

Unfortunately the issue is still there.

Edited December 14, 2016 by tinama (see edit history)

[rocky]

Sorry, the str_replace function didn't work like I thought it would. Try the following instead:

<form id="productsSortForm{if isset($paginationId)}_{$paginationId}{/if}" action="https://{$request|escape:'html':'UTF-8'|substr:7}" class="productsSortForm">

I tested it on my test site and it worked.

[tinama]

Hi rocky,

 

I done that and now it works well, thanks a lot :-)

 

POST RESOLVED

[dric83]

Thank you Rocky, it helped a lot.

 

Better option maybe : 

<form id="productsSortForm{if isset($paginationId)}_{$paginationId}{/if}" action="{$request|escape:'html':'UTF-8'|replace:'http://':'https://'}" class="productsSortForm">

Use "replace" instead of "str_replace"

check smarty doc : http://www.smarty.net/docsv2/en/language.modifier.replace.tpl