How to configure OSCommerce Joli ver 2.4.0 to always use https

I am trying to get OS Commerce Joli ver 2.4.0 to work with https.  Can anyone tell me what I need to change to force it to use https?

Right now I am getting errors related to mixed content, for example it is trying to load jquery using http and not https.

Thank you for any help that you can provide.
WestCoast_BCAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

leakim971PluritechnicianCommented:
You just need to add some entries in your htaccess :
https://apps.oscommerce.com/VzCNw&auto-redirect-http-to-https-ssl
https://httpd.apache.org/docs/2.2/en/howto/htaccess.html

RewriteEngine On
RewriteCond %{HTTPS} off 
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

Open in new window

WestCoast_BCAuthor Commented:
I already tried changing the .htaccess file like leakim971 suggested but that doesn't fix my problem.

When I try to access my store the URL is https but I am getting errors like:

Mixed Content: The page at '<URL>' was loaded over HTTPS, but requested an insecure stylesheet '<URL>'. This request has been blocked; the content must be served over HTTPS.


Mixed Content: The page at 'https://test.mysite.com/addins/cf_oscommerce/catalog/index.php?userid=4' was loaded over HTTPS, but requested an insecure script 'http://test.mysite.com/addins/cf_oscommerce/catalog/ext/jquery/jquery-2.2.3.min.js'. This request has been blocked; the content must be served over HTTPS.

Open in new window

nociSoftware EngineerCommented:
That means that on THAT page there is a link that explicitely uses http://...
(meta link? jslink?...) any link not using https is a potential break of the secure data due to injection.

BTW, the index.php script needs to be changed for that...
HTML5 and CSS3 Fundamentals

Build a website from the ground up by first learning the fundamentals of HTML5 and CSS3, the two popular programming languages used to present content online. HTML deals with fonts, colors, graphics, and hyperlinks, while CSS describes how HTML elements are to be displayed.

WestCoast_BCAuthor Commented:
It is not an explicit link in the code. For example, this causes an error:
<script src="../ext/jquery/jquery-2.2.3.min.js"></script>

Open in new window


I wish it was an explicit link and then it would be much easier for me to fix
David FavorLinux/LXD/WordPress/Hosting SavantCommented:
Mixed content errors can't be easily fixed at Server level, else you can sometime get caught in an infinite redirection loop.

This error means you have hard coded http://... links on an https:// (SSL) wrapped site.

You have to fix this... most likely in your database by rewriting all links from http:// to https://, being careful to handle serialized data correctly, if it exists.

Tip: When you muck about with your database like this. Make a full backup first, then suspend all site changes during your mass database edit +  testing. This way if you have to rollback (revert to your database backup), you won't loose any site changes.
WestCoast_BCAuthor Commented:
Here is what I have figured out so far (I am not very familiar with PHP):

  1. I try to access my site by going to: https://test.mysite.com/addins/cf_oscommerce/catalog/index.php?userid=4
  2. Index.php includes a file by doing: include('/home/adrcom/mysite.com/addins/cf_oscommerce/catalog/includes/OSC/Sites/Shop/Templates/Sail/template_top.php')
  3. template_top.php loads a style sheet using the code: <link href="ext/bootstrap/css/bootstrap.min.css" rel="stylesheet">

At this point it tries to load the style sheet using http even though the calling template is using https and this is where my problems begin
leakim971PluritechnicianCommented:
time to share your website URL, don't be shy
we will be able to remove that link after if needed
it's pretty sure you've FULL LINK somewhere sometimes generated dynamically by a plugin or something else (now I read you last comment and that match)
WestCoast_BCAuthor Commented:
I have created a test website. To access the store page go to: https://test.adreflex.com/addins/cf_oscommerce/catalog/index.php?userid=0
leakim971PluritechnicianCommented:
Check this : https://developer.mozilla.org/en-US/docs/Web/HTML/Element/base
This is the one on your page :
<base href="http://test.adreflex.com/addins/cf_oscommerce/catalog/">

Open in new window

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
leakim971PluritechnicianCommented:
open your <ROOT FOLDER>/index.php and change :
<base href="<?php echo (($request_type == 'SSL') ? HTTPS_SERVER : HTTP_SERVER) . DIR_WS_CATALOG; ?>">

Open in new window

by :
<base href="<?php echo ((($request_type == 'SSL') || true) ? HTTPS_SERVER : HTTP_SERVER) . DIR_WS_CATALOG; ?>">

Open in new window

or :
<base href="<?php echo HTTPS_SERVER . DIR_WS_CATALOG; ?>">

Open in new window

WestCoast_BCAuthor Commented:
Thank you. I now see that the line:
OSCOM::getConfig('http_server', 'Admin');

Open in new window


is returning a path with http and not https. Now I just have to figure out where this is set so I can change the configuration.
WestCoast_BCAuthor Commented:
Thank you! It turned out that a config file in OSCommerce had the http_server variable defined using http. I changed this to https and it works now.

Thank you!
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Operating Systems

From novice to tech pro — start learning today.