"accept terms and conditions" affects https

  • Posts: 36
  • Thank you received: 0
11 years 7 months ago #99715

When a user clicks the "Please accept the terms and conditions before proceeding" link during checkout the https padlock changes to a warning on both chrome and firefox:




There are no other links on that page (e.g. in modules) to cause this: if the user does not view the T&Cs the padlock remains unaffected. It looks as though the popup is using http.

I came across this whilst trying to change the popup to jcepopup to retain style formatting and thought it was something I had done. I removed the override completely, cleared the browser chache and noticed the original modal box did this too.

Hikashop starter 2.1.2 as at 17 April.

Exactly the same thing happens when the user clicks "New" (address).

Regards,
Ric

Additional note: In chrome, inspecting the element reveals the link as:
<a href="/index.php/component/content/article?id=107&amp;tmpl=component" class="modal" rel="{handler: 'iframe', size: {x: 450, y: 480}}" target="_blank">Please accept the terms and conditions before proceeding</a>

On inspection this resolves to:
https://somedomain.com/index.php/component/content/article?id=107&tmpl=component

... which is definitely https. Most curious.

Attachments:
Last edit: 11 years 7 months ago by ricm.

Please Log in or Create an account to join the conversation.

  • Posts: 82868
  • Thank you received: 13378
  • MODERATOR
11 years 7 months ago #99752

If you have the "no ssl outside checkout" plugin published, unpublish it and try again.

It could be why you don't get the HTTPS when displaying the T&C popup since it is not a HikaShop checkout page but a joomla article and thus not considered as a checkout page by that pugin.

Please Log in or Create an account to join the conversation.

  • Posts: 36
  • Thank you received: 0
11 years 7 months ago #99788

Yes I had that plugin enabled. I did what you suggested and the whole page now appears encrypted.

The downside is that the rest of the site assumess SSL. Is there a way of refrehing the checkout page or some other way to allow either popup to display without disabling the extremely useful "HikaShop no SSL outside checkout" plugin? Or allowing that plugin to ignore those two specific "articles"?

Thanks
Ric

Please Log in or Create an account to join the conversation.

  • Posts: 82868
  • Thank you received: 13378
  • MODERATOR
11 years 7 months ago #99790

Change the line:
if ($app->isAdmin()) return true;

to:

if ($app->isAdmin() || $_REQUEST['tmpl']=='component') return true;

in the file plugins/system/nossloutsidecheckout/nossloutsidecheckout.php and that should do what you want.

Last edit: 11 years 7 months ago by nicolas.

Please Log in or Create an account to join the conversation.

  • Posts: 36
  • Thank you received: 0
11 years 7 months ago #99797

I did that and the result is the same: defaulting to non-SSL on both "new" address and "accept T&Cs".

Caution to anyone else trying this: if the code is cut and pasted, the "greater-than" symbol in "$app->isAdmin" might become "$app->isAdmin". Just watch out for that.

Ric

Please Log in or Create an account to join the conversation.

  • Posts: 82868
  • Thank you received: 13378
  • MODERATOR
11 years 7 months ago #99799

The forum stripped the code. Try again.

Please Log in or Create an account to join the conversation.

  • Posts: 36
  • Thank you received: 0
11 years 7 months ago #99801

Hello Nicolas,

You were spot-on! The code was indeed stripped; I'd spotted the one change but not the other.

The fix works: neither popup causes the page to fall out of SSL.

This might be a good inclusion in the standard release? It would certainly retain consistency of SSL throughout the checkout sequence.

I really appreciate your focused insight.

Best,
Ric

Please Log in or Create an account to join the conversation.

  • Posts: 82868
  • Thank you received: 13378
  • MODERATOR
11 years 7 months ago #99812

It will of course be in next version.

Please Log in or Create an account to join the conversation.

Time to create page: 0.054 seconds
Powered by Kunena Forum