Enable SSL only for a module

catalin.pop · January 19, 2017

I've built a module that has a controller. Some clients have disabled SSL on all pages and enabled SSL only on payment page.

On payment page which is secure (https) an ajax called is made to the controller link

https

that will redirect to http

http

which will throw this error: This request has been blocked; the content must be served over HTTPS .

Obviously.

So my question is how to force that controller to not redirect to http without enabling SSL on all pages?

Thanks

catalin.pop · January 19, 2017

After doing some digging I found a solution: add

public $ssl = true;

to controller class

class MyCoolModuleFrontController extends ModuleFrontController {

    public $ssl = true;

.....

is this the right way to do? so I can update my module?

Edited January 19, 2017 by catalin.pop (see edit history)

bellini13 · January 20, 2017

You should force SSL by changing it to

$this->context->link->getModuleLink('modulename', 'modulecontroller', array(), true);

just wanted to clarify that this only forces SSL to be used for that URL, if SSL is enabled in the back office.

If the merchant did not enable SSL, then the URL will still be HTTP only

catalin.pop · January 24, 2017

Thanks for your answers.

One more question. If I change $ssl from postProcess() method is it ok?

class MyCoolModuleFrontController extends ModuleFrontController {

    public function postProcess() {
       $this->ssl=true;
    }

.....

Edited January 24, 2017 by catalin.pop (see edit history)

Recommended Posts