Posting in the Magento forums has been disabled pending the implementation of a new and improved forum solution which should better serve the community.

For new questions please post at magento.stackexchange.com, the community-run support site for the Magento community. We will be providing updates on the new forum solution soon. For questions or concerns please email community@magento.com.

Magento Forum

Require HTTPS (SSL) for entire store. 
 
derbbre
Jr. Member
 
Avatar
Total Posts:  16
Joined:  2007-10-14
 

Hi - We’re running a Magento site within an iframe on a server that is already running another CMS (Typo3). We’re setting it up this way because we’d rather keep the user in the context of the rest of the site than send them over to Magento altogether and lose the standarnd navigation, etc. of the main site.

Therefore, the entire main site’s page and the subsequent iframe holding Magento need to be secure (https) throughout the process in order for the certificate to show correctly.

Is there a way to tell Magento to use https for ALL pages and linked content rather than just the checkout page? I tried setting the “Unsecure” protocol to ‘HTTPS’ and the port to ‘443’ in the System Configuration ‘Web’ section, but this just caused an endless redirect loop.

Thoughts?
Thanks.

 
Magento Community Magento Community
Magento Community
Magento Community
 
Moshe
Magento Team
 
Avatar
Total Posts:  1770
Joined:  2007-08-07
Los Angeles
 

the fast way to do that is find in Mage_Core_Controller_Varien_Router_Standard line near approx 107:

$shouldBeSecure Mage::getStoreConfig('web/secure/protocol')==='https'
                
&& Mage::getConfig()->isUrlSecure('/'.$module.'/'.$controller.'/'.$action);
and replace it with
$shouldBeSecure true;
This will be fixed in future releases.
 
Magento Community Magento Community
Magento Community
Magento Community
 
derbbre
Jr. Member
 
Avatar
Total Posts:  16
Joined:  2007-10-14
 

Great—works fine. Thanks for the speedy response.

bwd

 
Magento Community Magento Community
Magento Community
Magento Community
 
derbbre
Jr. Member
 
Avatar
Total Posts:  16
Joined:  2007-10-14
 

OOPS - I spoke too soon. When I replace the code as instructed, the re-writes for the category and product names lose the leading slash. If I navigate to any category, I get
https://mysite.com/magentocatalog/category/view/id/5
instead of
https://mysite.com/magento/catalog/category/view/id/5
(missing slash in front, my URL base is /magento/)

All other site links work fine. Any ideas there?

Thanks again.

 
Magento Community Magento Community
Magento Community
Magento Community
 
derbbre
Jr. Member
 
Avatar
Total Posts:  16
Joined:  2007-10-14
 

Can of worms alert!

For what it’s worth, I got it working, I kludged app/core/Mage/Core/Model/Url/Rewrite.php, line 143,
from:
$targetUrl = $request->getBaseUrl().$this->getTargetPath();
to
$targetUrl = $request->getBaseUrl().’/’.$this->getTargetPath();

I noticed the comment-replaced line at 135/136, couldn’t work with that, though.

Anyway - after I got that working, I found the product view page submits the “Add to cart” form insecurely, and won’t actually add products to the cart.

Maybe I’ll just wait for the next release?

Thanks anyway.

 
Magento Community Magento Community
Magento Community
Magento Community
 
derbbre
Jr. Member
 
Avatar
Total Posts:  16
Joined:  2007-10-14
 

Follow-up: version 0.6.14100 indeed has fixed this - just set the U nsecure Port to 443 and Protcol to HTTPS in the system config’s Web panel and away you go.

Now if only Paypal and number formatting worked…

 
Magento Community Magento Community
Magento Community
Magento Community
Magento Community
Magento Community
Back to top