Page 1 of 1
Enable SSL for product pages (all pages)
Posted: Wed May 16, 2018 2:20 am
by owain.jones@cmc.ca
Chrome will start marking all sites "not secure" over HTTP (more detail
https://security.googleblog.com/2018/02 ... -stay.html)
How can AbleCommerce GOLD be configured to server all pages over HTTPS?
I would like one folder exclude for internal API integrations, but all pages that a user can visit I would like https.
Thanks,
Owain
Re: Enable SSL for product pages (all pages)
Posted: Wed May 16, 2018 5:28 am
by jguengerich
GOLD R11 and higher has a "Secure All Pages" check box at Admin/Store/Security/Default.
Re: Enable SSL for product pages (all pages)
Posted: Wed May 16, 2018 5:50 am
by owain.jones@cmc.ca
Hi Jay,
I should have mentioned, that we are running GOLD R8. If we are not upgrading within that time is there a workaround? Do you know what that setting does (maybe it can be done manually)?
Thanks,
Owain
Re: Enable SSL for product pages (all pages)
Posted: Wed May 16, 2018 6:15 am
by jguengerich
Not sure what would be involved, here's a thread with the same question regarding R10:
viewtopic.php?f=65&t=19077
Re: Enable SSL for product pages (all pages)
Posted: Wed Jun 06, 2018 10:23 am
by Odettes
Put this in your web.config and it will force your whole site to go under SSL.
Code: Select all
<rewrite>
<rules>
<rule name="HTTP to HTTPS Redirect" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="off" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{R:1}" redirectType="Permanent" />
</rule>
</rules>
</rewrite>
Re: Enable SSL for product pages (all pages)
Posted: Thu Jun 07, 2018 12:01 am
by owain.jones@cmc.ca
Hi Thomas,
Thanks for the snippet. I have used rewrite to force other sites to https, but because Able does its own checks and lookups on page load I think this would cause a redirect loop. For example the home page defaults to http (e.g.
http://products.cmc.ca), if I put in https manually (
https://products.cmc.ca/) it automatically redirects back to http.
Do you know if we can use the Able managed way by editing App_Data\ssl.config so it applies to all pages? If not all pages at least product pages?
Thanks,
Owain
Re: Enable SSL for product pages (all pages)
Posted: Thu Jun 28, 2018 6:39 am
by Odettes
owain.jones@cmc.ca wrote:Hi Thomas,
Thanks for the snippet. I have used rewrite to force other sites to https, but because Able does its own checks and lookups on page load I think this would cause a redirect loop. For example the home page defaults to http (e.g.
http://products.cmc.ca), if I put in https manually (
https://products.cmc.ca/) it automatically redirects back to http.
Do you know if we can use the Able managed way by editing App_Data\ssl.config so it applies to all pages? If not all pages at least product pages?
Thanks,
Owain
With the snippet I gave you there will not be any looping.
It's running on my site: traileronline.se with no problems.
Re: Enable SSL for product pages (all pages)
Posted: Fri Jun 29, 2018 6:16 am
by owain.jones@cmc.ca
Hi Thomas,
I appreciate your help, but there must have been some change between R8 (what we are running) and R11 (what you are running from your signature).
I tried this and it looped as I suspected it would. Below is the Firefox console output if I request http or https, infinite loop:
http://products.cmc.ca/
[HTTP/1.1 301 Moved Permanently 0ms]
[Show/hide message details.] GET
http://products.cmc.ca/
[HTTP/1.1 301 Moved Permanently 0ms]
[Show/hide message details.] GET
https://products.cmc.ca/
[HTTP/1.1 200 OK 11ms]
The character encoding of the HTML document was not declared. The document will render with garbled text in some browser configurations if the document contains characters from outside the US-ASCII range. The character encoding of the page must be declared in the document or in the transfer protocol. products.cmc.ca
Navigated to
http://products.cmc.ca/
[Show/hide message details.] GET
http://products.cmc.ca/
[HTTP/1.1 301 Moved Permanently 0ms]
[Show/hide message details.] GET
https://products.cmc.ca/
[HTTP/1.1 200 OK 3ms]
The character encoding of the HTML document was not declared. The document will render with garbled text in some browser configurations if the document contains characters from outside the US-ASCII range. The character encoding of the page must be declared in the document or in the transfer protocol. products.cmc.ca
Navigated to
http://products.cmc.ca/
[Show/hide message details.] GET
http://products.cmc.ca/
[HTTP/1.1 301 Moved Permanently 0ms]
.............
Do you know if you made any other configuration change to stop the Able http/https processing?
Thanks,
Owain