How to configure OSCommerce Joli ver 2.4.0 to always use https

WestCoast_BC
WestCoast_BC used Ask the Experts™
on
I am trying to get OS Commerce Joli ver 2.4.0 to work with https.  Can anyone tell me what I need to change to force it to use https?

Right now I am getting errors related to mixed content, for example it is trying to load jquery using http and not https.

Thank you for any help that you can provide.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
leakim971Multitechnician
Top Expert 2014

Commented:
You just need to add some entries in your htaccess :
https://apps.oscommerce.com/VzCNw&auto-redirect-http-to-https-ssl
https://httpd.apache.org/docs/2.2/en/howto/htaccess.html

RewriteEngine On
RewriteCond %{HTTPS} off 
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

Open in new window

Author

Commented:
I already tried changing the .htaccess file like leakim971 suggested but that doesn't fix my problem.

When I try to access my store the URL is https but I am getting errors like:

Mixed Content: The page at '<URL>' was loaded over HTTPS, but requested an insecure stylesheet '<URL>'. This request has been blocked; the content must be served over HTTPS.


Mixed Content: The page at 'https://test.mysite.com/addins/cf_oscommerce/catalog/index.php?userid=4' was loaded over HTTPS, but requested an insecure script 'http://test.mysite.com/addins/cf_oscommerce/catalog/ext/jquery/jquery-2.2.3.min.js'. This request has been blocked; the content must be served over HTTPS.

Open in new window

nociSoftware Engineer
Distinguished Expert 2018

Commented:
That means that on THAT page there is a link that explicitely uses http://...
(meta link? jslink?...) any link not using https is a potential break of the secure data due to injection.

BTW, the index.php script needs to be changed for that...
Become a Microsoft Certified Solutions Expert

This course teaches how to install and configure Windows Server 2012 R2.  It is the first step on your path to becoming a Microsoft Certified Solutions Expert (MCSE).

Author

Commented:
It is not an explicit link in the code. For example, this causes an error:
<script src="../ext/jquery/jquery-2.2.3.min.js"></script>

Open in new window


I wish it was an explicit link and then it would be much easier for me to fix
David FavorLinux/LXD/WordPress/Hosting Savant
Distinguished Expert 2018

Commented:
Mixed content errors can't be easily fixed at Server level, else you can sometime get caught in an infinite redirection loop.

This error means you have hard coded http://... links on an https:// (SSL) wrapped site.

You have to fix this... most likely in your database by rewriting all links from http:// to https://, being careful to handle serialized data correctly, if it exists.

Tip: When you muck about with your database like this. Make a full backup first, then suspend all site changes during your mass database edit +  testing. This way if you have to rollback (revert to your database backup), you won't loose any site changes.

Author

Commented:
Here is what I have figured out so far (I am not very familiar with PHP):

  1. I try to access my site by going to: https://test.mysite.com/addins/cf_oscommerce/catalog/index.php?userid=4
  2. Index.php includes a file by doing: include('/home/adrcom/mysite.com/addins/cf_oscommerce/catalog/includes/OSC/Sites/Shop/Templates/Sail/template_top.php')
  3. template_top.php loads a style sheet using the code: <link href="ext/bootstrap/css/bootstrap.min.css" rel="stylesheet">

At this point it tries to load the style sheet using http even though the calling template is using https and this is where my problems begin
leakim971Multitechnician
Top Expert 2014

Commented:
time to share your website URL, don't be shy
we will be able to remove that link after if needed
it's pretty sure you've FULL LINK somewhere sometimes generated dynamically by a plugin or something else (now I read you last comment and that match)

Author

Commented:
I have created a test website. To access the store page go to: https://test.adreflex.com/addins/cf_oscommerce/catalog/index.php?userid=0
Multitechnician
Top Expert 2014
Commented:
Check this : https://developer.mozilla.org/en-US/docs/Web/HTML/Element/base
This is the one on your page :
<base href="http://test.adreflex.com/addins/cf_oscommerce/catalog/">

Open in new window

leakim971Multitechnician
Top Expert 2014

Commented:
open your <ROOT FOLDER>/index.php and change :
<base href="<?php echo (($request_type == 'SSL') ? HTTPS_SERVER : HTTP_SERVER) . DIR_WS_CATALOG; ?>">

Open in new window

by :
<base href="<?php echo ((($request_type == 'SSL') || true) ? HTTPS_SERVER : HTTP_SERVER) . DIR_WS_CATALOG; ?>">

Open in new window

or :
<base href="<?php echo HTTPS_SERVER . DIR_WS_CATALOG; ?>">

Open in new window

Author

Commented:
Thank you. I now see that the line:
OSCOM::getConfig('http_server', 'Admin');

Open in new window


is returning a path with http and not https. Now I just have to figure out where this is set so I can change the configuration.

Author

Commented:
Thank you! It turned out that a config file in OSCommerce had the http_server variable defined using http. I changed this to https and it works now.

Thank you!

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial