Enable SSL for product pages (all pages)
-
- Lieutenant, Jr. Grade (LT JG)
- Posts: 36
- Joined: Fri Feb 05, 2010 3:02 pm
Enable SSL for product pages (all pages)
Chrome will start marking all sites "not secure" over HTTP (more detail https://security.googleblog.com/2018/02 ... -stay.html)
How can AbleCommerce GOLD be configured to server all pages over HTTPS?
I would like one folder exclude for internal API integrations, but all pages that a user can visit I would like https.
Thanks,
Owain
How can AbleCommerce GOLD be configured to server all pages over HTTPS?
I would like one folder exclude for internal API integrations, but all pages that a user can visit I would like https.
Thanks,
Owain
-
- Commodore (COMO)
- Posts: 436
- Joined: Tue May 07, 2013 1:59 pm
Re: Enable SSL for product pages (all pages)
GOLD R11 and higher has a "Secure All Pages" check box at Admin/Store/Security/Default.
Jay
-
- Lieutenant, Jr. Grade (LT JG)
- Posts: 36
- Joined: Fri Feb 05, 2010 3:02 pm
Re: Enable SSL for product pages (all pages)
Hi Jay,
I should have mentioned, that we are running GOLD R8. If we are not upgrading within that time is there a workaround? Do you know what that setting does (maybe it can be done manually)?
Thanks,
Owain
I should have mentioned, that we are running GOLD R8. If we are not upgrading within that time is there a workaround? Do you know what that setting does (maybe it can be done manually)?
Thanks,
Owain
-
- Commodore (COMO)
- Posts: 436
- Joined: Tue May 07, 2013 1:59 pm
Re: Enable SSL for product pages (all pages)
Not sure what would be involved, here's a thread with the same question regarding R10:
viewtopic.php?f=65&t=19077
viewtopic.php?f=65&t=19077
Jay
-
- Lieutenant Commander (LCDR)
- Posts: 102
- Joined: Wed Apr 02, 2008 11:00 am
- Location: Stockholm, Sweden
- Contact:
Re: Enable SSL for product pages (all pages)
Put this in your web.config and it will force your whole site to go under SSL.
Code: Select all
<rewrite>
<rules>
<rule name="HTTP to HTTPS Redirect" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="off" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{R:1}" redirectType="Permanent" />
</rule>
</rules>
</rewrite>
-
- Lieutenant, Jr. Grade (LT JG)
- Posts: 36
- Joined: Fri Feb 05, 2010 3:02 pm
Re: Enable SSL for product pages (all pages)
Hi Thomas,
Thanks for the snippet. I have used rewrite to force other sites to https, but because Able does its own checks and lookups on page load I think this would cause a redirect loop. For example the home page defaults to http (e.g. http://products.cmc.ca), if I put in https manually (https://products.cmc.ca/) it automatically redirects back to http.
Do you know if we can use the Able managed way by editing App_Data\ssl.config so it applies to all pages? If not all pages at least product pages?
Thanks,
Owain
Thanks for the snippet. I have used rewrite to force other sites to https, but because Able does its own checks and lookups on page load I think this would cause a redirect loop. For example the home page defaults to http (e.g. http://products.cmc.ca), if I put in https manually (https://products.cmc.ca/) it automatically redirects back to http.
Do you know if we can use the Able managed way by editing App_Data\ssl.config so it applies to all pages? If not all pages at least product pages?
Thanks,
Owain
-
- Lieutenant Commander (LCDR)
- Posts: 102
- Joined: Wed Apr 02, 2008 11:00 am
- Location: Stockholm, Sweden
- Contact:
Re: Enable SSL for product pages (all pages)
With the snippet I gave you there will not be any looping.owain.jones@cmc.ca wrote:Hi Thomas,
Thanks for the snippet. I have used rewrite to force other sites to https, but because Able does its own checks and lookups on page load I think this would cause a redirect loop. For example the home page defaults to http (e.g. http://products.cmc.ca), if I put in https manually (https://products.cmc.ca/) it automatically redirects back to http.
Do you know if we can use the Able managed way by editing App_Data\ssl.config so it applies to all pages? If not all pages at least product pages?
Thanks,
Owain
It's running on my site: traileronline.se with no problems.
-
- Lieutenant, Jr. Grade (LT JG)
- Posts: 36
- Joined: Fri Feb 05, 2010 3:02 pm
Re: Enable SSL for product pages (all pages)
Hi Thomas,
I appreciate your help, but there must have been some change between R8 (what we are running) and R11 (what you are running from your signature).
I tried this and it looped as I suspected it would. Below is the Firefox console output if I request http or https, infinite loop:
http://products.cmc.ca/
[HTTP/1.1 301 Moved Permanently 0ms]
[Show/hide message details.] GET
http://products.cmc.ca/
[HTTP/1.1 301 Moved Permanently 0ms]
[Show/hide message details.] GET
https://products.cmc.ca/
[HTTP/1.1 200 OK 11ms]
The character encoding of the HTML document was not declared. The document will render with garbled text in some browser configurations if the document contains characters from outside the US-ASCII range. The character encoding of the page must be declared in the document or in the transfer protocol. products.cmc.ca
Navigated to http://products.cmc.ca/
[Show/hide message details.] GET
http://products.cmc.ca/
[HTTP/1.1 301 Moved Permanently 0ms]
[Show/hide message details.] GET
https://products.cmc.ca/
[HTTP/1.1 200 OK 3ms]
The character encoding of the HTML document was not declared. The document will render with garbled text in some browser configurations if the document contains characters from outside the US-ASCII range. The character encoding of the page must be declared in the document or in the transfer protocol. products.cmc.ca
Navigated to http://products.cmc.ca/
[Show/hide message details.] GET
http://products.cmc.ca/
[HTTP/1.1 301 Moved Permanently 0ms]
.............
Do you know if you made any other configuration change to stop the Able http/https processing?
Thanks,
Owain
I appreciate your help, but there must have been some change between R8 (what we are running) and R11 (what you are running from your signature).
I tried this and it looped as I suspected it would. Below is the Firefox console output if I request http or https, infinite loop:
http://products.cmc.ca/
[HTTP/1.1 301 Moved Permanently 0ms]
[Show/hide message details.] GET
http://products.cmc.ca/
[HTTP/1.1 301 Moved Permanently 0ms]
[Show/hide message details.] GET
https://products.cmc.ca/
[HTTP/1.1 200 OK 11ms]
The character encoding of the HTML document was not declared. The document will render with garbled text in some browser configurations if the document contains characters from outside the US-ASCII range. The character encoding of the page must be declared in the document or in the transfer protocol. products.cmc.ca
Navigated to http://products.cmc.ca/
[Show/hide message details.] GET
http://products.cmc.ca/
[HTTP/1.1 301 Moved Permanently 0ms]
[Show/hide message details.] GET
https://products.cmc.ca/
[HTTP/1.1 200 OK 3ms]
The character encoding of the HTML document was not declared. The document will render with garbled text in some browser configurations if the document contains characters from outside the US-ASCII range. The character encoding of the page must be declared in the document or in the transfer protocol. products.cmc.ca
Navigated to http://products.cmc.ca/
[Show/hide message details.] GET
http://products.cmc.ca/
[HTTP/1.1 301 Moved Permanently 0ms]
.............
Do you know if you made any other configuration change to stop the Able http/https processing?
Thanks,
Owain