Magento - 1.6.2 -- infinate loop on SSL after upgrade (offload headers issues) - Magento 1.6.0 Upgrade Issues - eCommerce Software for Growth

Log In

Username or Email

Password:

Forgot Password

or
Register

Skip to site navigation »
Skip to main content »
Skip to footer content »

Magento Forum

1.6.2—infinate loop on SSL after upgrade (offload headers issues)

Mizpah Total Posts: 54 Joined: 2009-12-09 Birmingham Ignore user	Hi Folks, I have a server host, who uses a cluster, and offloads SSL. Under 1.6 we now have the ‘Offload headers’ option, which I have set to HTTPS, as this is the value the host was previously setting directly within Apache for the offload. It now seems that this value is being ignored ? I currently have a 310: Infinate loop, on any page where magento switches from http > https. I can however visit a static https file without issue with a working cert (such as the path to an image). After a lot of digging, and looking at headers with curl (-I), it appears that the value in the field ‘offload headers’ is not being sent ? In short a query of “ curl -I -k https://dev.domain.com/customer/account/ “ (note: -k is simply due to using the dev prefix, the cert is for www) returns: HTTP/1.1 302 Found Date: Wed, 21 Mar 2012 11:39:13 GMT Content-Type: text/html; charset=UTF-8 Connection: keep-alive Vary: Host,User-Agent,Accept-Encoding Location: https://dev.domain.com/customer/account/ Server: ******DDS1.0 The oddities being that the headers have ‘HTTP/1.1 302 Found’—when they should read HTTPS - and that it 302’s to the URL that is already present - thus infinitely redirecting to itself. The Key points are: The incorrect header being sent No changes to the value in offload headers has any impact (blank, null offload_ssl, https, HTTPS etc) This install worked perfectly on same host prior to upgrade. A second site, upgraded in dev shows the same issues (and the lice 1.5 works just fine). A test 1.6 ‘clean install’ with sample data has the same issue. A test 1.5 clean install in a subdir works perfectly. I have been trying to follow the routing as per some Alan Storm articles but it seems fiendishly complex! Any assistance greatly appreciated!!
	Posted: March 21 2012 \| top

Mizpah Total Posts: 54 Joined: 2009-12-09 Birmingham Ignore user	Thought I would close out the loop myself, hopefully this will help someone, and someone may have some better suggestions! After far far far too much tracing (there must be an easier way), the we found a fix that involved public function getScheme() in lib/Zend/Controller/Request/Http.php, as follows: (line 1013) public function getScheme() { // MD - Edit for 1.6.2 SSL Loop, original code below. //return ($this->getServer(’HTTPS’) == ‘on’) ? self::SCHEME_HTTPS : self::SCHEME_HTTP; return ($_SERVER[’HTTPS’] === null) ? self::SCHEME_HTTP : self::SCHEME_HTTPS; } I have changed the logic to pick up the global var if not null, as opposed to ‘on’. However I note that in 1.5 that line had not changed. However the core issue looks more likely to be in Mage/Core/Controller/Varian/Router/Standard.php In 1.6.2.0 this reads /** * Check if request URL should be secure * * Function redirects user to correct URL if needed * * @param Mage_Core_Controller_Request_Http $request * @param string $path * @return null */ protected function _checkShouldBeSecure($request, $path = ‘’) { if (!Mage::isInstalled() \|\| $request->getPost()) { return; } if ($this->_shouldBeSecure($path) && !$request->isSecure()) { $url = $this->_getCurrentSecureUrl($request); Mage::app()->getFrontController()->getResponse() ->setRedirect($url) ->sendResponse(); exit(); } } In 1.5.1.0 this reads: protected function _checkShouldBeSecure($request, $path=’’) { if (!Mage::isInstalled() \|\| $request->getPost()) { return; } if ($this->_shouldBeSecure($path) && !Mage::app()->getStore()->isCurrentlySecure()) { $url = $this->_getCurrentSecureUrl($request); Mage::app()->getFrontController()->getResponse() ->setRedirect($url) ->sendResponse(); exit; } } Testing the logical statement && !$request->isSecure(), traces us back through IsSecure, getScheme and getServer to get to the edit made. Testing of the logic, seems to indicate that the output from isSecure would always lead to an incorrect result. I am not (yet) however aware of the output of !Mage::app()->getStore()->isCurrentlySecure()) and why this was changed between 1.5 and 1.6. In addition I have explored all around the code in the function, isCurrentlySecure()—and this would seem to take into account the offload headers, however this never appears to be called in 1.6. I dont like the fact that I have an edit in lib/zend, so do some testing with trying to call isCurrentlySecure, but I cant help but think they have removed the call for a reason - anyone know why this file has been changed ? Regards, Martin
	Posted: March 21 2012 \| top \| # 1

Mizpah Total Posts: 54 Joined: 2009-12-09 Birmingham Ignore user	Thought I would close out the loop myself, hopefully this will help someone, and someone may have some better suggestions! After far far far too much tracing (there must be an easier way), the we found a fix that involved public function getScheme() in lib/Zend/Controller/Request/Http.php, as follows: (line 1013) public function getScheme() { // MD - Edit for 1.6.2 SSL Loop, original code below. //return ($this->getServer(’HTTPS’) == ‘on’) ? self::SCHEME_HTTPS : self::SCHEME_HTTP; return ($_SERVER[’HTTPS’] === null) ? self::SCHEME_HTTP : self::SCHEME_HTTPS; } I have changed the logic to pick up the global var if not null, as opposed to ‘on’. However I note that in 1.5 that line had not changed. However the core issue looks more likely to be in Mage/Core/Controller/Varian/Router/Standard.php In 1.6.2.0 this reads /** * Check if request URL should be secure * * Function redirects user to correct URL if needed * * @param Mage_Core_Controller_Request_Http $request * @param string $path * @return null */ protected function _checkShouldBeSecure($request, $path = ‘’) { if (!Mage::isInstalled() \|\| $request->getPost()) { return; } if ($this->_shouldBeSecure($path) && !$request->isSecure()) { $url = $this->_getCurrentSecureUrl($request); Mage::app()->getFrontController()->getResponse() ->setRedirect($url) ->sendResponse(); exit(); } } In 1.5.1.0 this reads: protected function _checkShouldBeSecure($request, $path=’’) { if (!Mage::isInstalled() \|\| $request->getPost()) { return; } if ($this->_shouldBeSecure($path) && !Mage::app()->getStore()->isCurrentlySecure()) { $url = $this->_getCurrentSecureUrl($request); Mage::app()->getFrontController()->getResponse() ->setRedirect($url) ->sendResponse(); exit; } } Testing the logical statement && !$request->isSecure(), traces us back through IsSecure, getScheme and getServer to get to the edit made. Testing of the logic, seems to indicate that the output from isSecure would always lead to an incorrect result. I am not (yet) however aware of the output of !Mage::app()->getStore()->isCurrentlySecure()) and why this was changed between 1.5 and 1.6. In addition I have explored all around the code in the function, isCurrentlySecure()—and this would seem to take into account the offload headers, however this never appears to be called in 1.6. I dont like the fact that I have an edit in lib/zend, so do some testing with trying to call isCurrentlySecure, but I cant help but think they have removed the call for a reason - anyone know why this file has been changed ? Regards, Martin
	Posted: March 21 2012 \| top \| # 2

Mizpah Total Posts: 54 Joined: 2009-12-09 Birmingham Ignore user	Thought I would close out the loop myself, hopefully this will help someone, and someone may have some better suggestions! After far far far too much tracing (there must be an easier way), the we found a fix that involved public function getScheme() in lib/Zend/Controller/Request/Http.php, as follows: (line 1013) public function getScheme() { // MD - Edit for 1.6.2 SSL Loop, original code below. //return ($this->getServer(’HTTPS’) == ‘on’) ? self::SCHEME_HTTPS : self::SCHEME_HTTP; return ($_SERVER[’HTTPS’] === null) ? self::SCHEME_HTTP : self::SCHEME_HTTPS; } I have changed the logic to pick up the global var if not null, as opposed to ‘on’. However I note that in 1.5 that line had not changed. However the core issue looks more likely to be in Mage/Core/Controller/Varian/Router/Standard.php In 1.6.2.0 this reads /** * Check if request URL should be secure * * Function redirects user to correct URL if needed * * @param Mage_Core_Controller_Request_Http $request * @param string $path * @return null */ protected function _checkShouldBeSecure($request, $path = ‘’) { if (!Mage::isInstalled() \|\| $request->getPost()) { return; } if ($this->_shouldBeSecure($path) && !$request->isSecure()) { $url = $this->_getCurrentSecureUrl($request); Mage::app()->getFrontController()->getResponse() ->setRedirect($url) ->sendResponse(); exit(); } } In 1.5.1.0 this reads: protected function _checkShouldBeSecure($request, $path=’’) { if (!Mage::isInstalled() \|\| $request->getPost()) { return; } if ($this->_shouldBeSecure($path) && !Mage::app()->getStore()->isCurrentlySecure()) { $url = $this->_getCurrentSecureUrl($request); Mage::app()->getFrontController()->getResponse() ->setRedirect($url) ->sendResponse(); exit; } } Testing the logical statement && !$request->isSecure(), traces us back through IsSecure, getScheme and getServer to get to the edit made. Testing of the logic, seems to indicate that the output from isSecure would always lead to an incorrect result. I am not (yet) however aware of the output of !Mage::app()->getStore()->isCurrentlySecure()) and why this was changed between 1.5 and 1.6. In addition I have explored all around the code in the function, isCurrentlySecure()—and this would seem to take into account the offload headers, however this never appears to be called in 1.6. I dont like the fact that I have an edit in lib/zend, so do some testing with trying to call isCurrentlySecure, but I cant help but think they have removed the call for a reason - anyone know why this file has been changed ? Regards, Martin
	Posted: March 21 2012 \| top \| # 3

Mizpah Total Posts: 54 Joined: 2009-12-09 Birmingham Ignore user	Thought I would close out the loop myself, hopefully this will help someone, and someone may have some better suggestions! After far far far too much tracing (there must be an easier way), the we found a fix that involved public function getScheme() in lib/Zend/Controller/Request/Http.php, as follows: (line 1013) public function getScheme() { // MD - Edit for 1.6.2 SSL Loop, original code below. //return ($this->getServer(’HTTPS’) == ‘on’) ? self::SCHEME_HTTPS : self::SCHEME_HTTP; return ($_SERVER[’HTTPS’] === null) ? self::SCHEME_HTTP : self::SCHEME_HTTPS; } I have changed the logic to pick up the global var if not null, as opposed to ‘on’. However I note that in 1.5 that line had not changed. However the core issue looks more likely to be in Mage/Core/Controller/Varian/Router/Standard.php In 1.6.2.0 this reads /** * Check if request URL should be secure * * Function redirects user to correct URL if needed * * @param Mage_Core_Controller_Request_Http $request * @param string $path * @return null */ protected function _checkShouldBeSecure($request, $path = ‘’) { if (!Mage::isInstalled() \|\| $request->getPost()) { return; } if ($this->_shouldBeSecure($path) && !$request->isSecure()) { $url = $this->_getCurrentSecureUrl($request); Mage::app()->getFrontController()->getResponse() ->setRedirect($url) ->sendResponse(); exit(); } } In 1.5.1.0 this reads: protected function _checkShouldBeSecure($request, $path=’’) { if (!Mage::isInstalled() \|\| $request->getPost()) { return; } if ($this->_shouldBeSecure($path) && !Mage::app()->getStore()->isCurrentlySecure()) { $url = $this->_getCurrentSecureUrl($request); Mage::app()->getFrontController()->getResponse() ->setRedirect($url) ->sendResponse(); exit; } } Testing the logical statement && !$request->isSecure(), traces us back through IsSecure, getScheme and getServer to get to the edit made. Testing of the logic, seems to indicate that the output from isSecure would always lead to an incorrect result. I am not (yet) however aware of the output of !Mage::app()->getStore()->isCurrentlySecure()) and why this was changed between 1.5 and 1.6. In addition I have explored all around the code in the function, isCurrentlySecure()—and this would seem to take into account the offload headers, however this never appears to be called in 1.6. I dont like the fact that I have an edit in lib/zend, so do some testing with trying to call isCurrentlySecure, but I cant help but think they have removed the call for a reason - anyone know why this file has been changed ? Regards, Martin
	Posted: March 21 2012 \| top \| # 4

njwrigley Total Posts: 2 Joined: 2010-05-19 Ignore user	Hi there Martin, I’m on 1.6.2.0 and have been having the same issue. In my case I have two domains using the same code base using vhost.conf and vhost_ssl.conf to do the redirects. I have been searching for DAYS and your post is the only thing that comes remotely close, in that I get the SSL pages displaying, but the formatting is all missing! I share your concerns about the alteration of core files and was wondering if you had had a chance to work on this some more, and found a permanent solution that you were happy with. Thanks, Nathan. Signature http://www.pictureandword.co.uk
	Posted: October 9 2012 \| top \| # 5

pi3g Total Posts: 2 Joined: 2012-11-18 Ignore user	For me, no code modifications were necessary. The problem was in “http” not “https” being set as secure base URL - this would not work, obviously. Read my post on my blog here for more infos: Magento HTTPS Redirect loop when offloading SSL encryption. Solution.
	Posted: December 20 2012 \| top \| # 6

Magento Community

Magento Community

Back to top

SQL Errors on URL Rewrite & Categories

1.4.2 > 1.6.2 Reindexing process very low.