Prestashop Core Application V1.4

SSL redirect loop in admin

Details

  • Type: Bug Bug
  • Status: Closed Closed
  • Priority: Minor Minor
  • Resolution: Fixed
  • Security Level: All-users
  • Labels:
    None
  • Similar issues:
    PSCFI-5013 SSL redirecting loop on admin
    PSCFI-3000 SSL enabled redirect loop for admin login V1.4.3
    PSCFI-4046 SSL rederict loop in admin
    PSCFI-5133 Redirect loop in cashondelivery module
    PSCFI-1008 SSL redirect loop and logo.jpg returned as http
    PSCFI-1249 Reopened - SSL redirect loop and logo.jpg returned as http
    PSCFI-5200 Redirect loop for admin login still occurs in V1.4.7
    PSCFI-4044 Error 310 (net::ERR_TOO_MANY_REDIRECTS) on order.php with SSL on

Description

There are 2 problems that i encountered when i enabled a dedicated ssl certificate with 1and1.com shared hosting.1) 301 redirect loop2) not all content was httpsFor the redirect issue, I noticed the problem for me was in the FrontController.php. The code checks if the variable $_SERVER['HTTPS']) == 'on'.However for me the value is '1' and not 'on'. After changing the code to check for '1', then the redirect issue went away.However when i visited a page under https, i was getting the warning that not all content was being returned securely. The problem was the logo.jpg image.So i went and changed all remaining code to check for '1' and not 'on' and everything is working properly.I'm not sure why in my case the value is '1' and not 'on', but it would appear that the code should handle both scenarios?

Issue Links

Cloners
 

Activity

Ascending order - Click to sort in descending order
Hide
Permalink
Marc Valentin added a comment - 21/Apr/11 11:11 PM

I had the problem described above in 1.4.0.17...
Now, I upgraded to 1.4.1 and the problem is gone from the frontend but it is present in the backend (admin).
Once I logout from the admin (after enabling SSL), I am unable to login again because of the loop error. The only way I found to get in admin again is to edit directly the table "ps_configuration" and change the value of PS_SSL_ENABLED to 0...

Show
Marc Valentin added a comment - 21/Apr/11 11:11 PM I had the problem described above in 1.4.0.17... Now, I upgraded to 1.4.1 and the problem is gone from the frontend but it is present in the backend (admin). Once I logout from the admin (after enabling SSL), I am unable to login again because of the loop error. The only way I found to get in admin again is to edit directly the table "ps_configuration" and change the value of PS_SSL_ENABLED to 0...
Hide
Permalink
Marc Valentin added a comment - 21/Apr/11 11:25 PM

Sorry, I am not a PHP specialist...
I noticed however that disabling the following lines in admin/login.php fix my problem. I mean, by doing that I can use SSL and I can enter my admin.

/*
if ((empty($_SERVER['HTTPS']) OR strtolower($_SERVER['HTTPS']) == 'off')
AND Configuration::get('PS_SSL_ENABLED'))

{ header('HTTP/1.1 301 Moved Permanently'); header('Location: '.Tools::getShopDomainSsl(true).$_SERVER['REQUEST_URI']); exit(); }

*/

Show
Marc Valentin added a comment - 21/Apr/11 11:25 PM Sorry, I am not a PHP specialist... I noticed however that disabling the following lines in admin/login.php fix my problem. I mean, by doing that I can use SSL and I can enter my admin. /* if ((empty($_SERVER['HTTPS']) OR strtolower($_SERVER['HTTPS']) == 'off') AND Configuration::get('PS_SSL_ENABLED')) { header('HTTP/1.1 301 Moved Permanently'); header('Location: '.Tools::getShopDomainSsl(true).$_SERVER['REQUEST_URI']); exit(); } */
Hide
Permalink
Michaël MARINETTI added a comment - 04/May/11 11:50 AM

Hi,

This is a configuration problem, if you have ssl enabled, you are redirected to a secure url (https) before login.

If you have not ssl available, just disable this in Preferences.

We'll work on a way to forbid this configuration if not available.

Regards,
Michaël

Show
Michaël MARINETTI added a comment - 04/May/11 11:50 AM Hi, This is a configuration problem, if you have ssl enabled, you are redirected to a secure url (https) before login. If you have not ssl available, just disable this in Preferences. We'll work on a way to forbid this configuration if not available. Regards, Michaël
Hide
Permalink
Marc Valentin added a comment - 05/May/11 1:36 PM

Sorry Michaël but I think you are wrong !
I enabled SSL because I have SSL.
In the front-end the https pages are fine, but the admin login page is not showing because of too many redirections...
So it shows that there are basically a problem with the login page of the admin.
I send to you the links in a private message in the forum.

Show
Marc Valentin added a comment - 05/May/11 1:36 PM Sorry Michaël but I think you are wrong ! I enabled SSL because I have SSL. In the front-end the https pages are fine, but the admin login page is not showing because of too many redirections... So it shows that there are basically a problem with the login page of the admin. I send to you the links in a private message in the forum.
Hide
Permalink
Michaël MARINETTI added a comment - 05/May/11 6:35 PM

Thanks for your ftp access, I created a phpfile containing print_r($_SERVER) and the key HTTPS didn't appeared, as mentionned in the php official documentation ( http://fr.php.net/manual/en/reserved.variables.server.php ), so we can't fix it because not related to PrestaShop.

Please contact your host, or you can leave your modifications if this is ok for you.

Regards,

Show
Michaël MARINETTI added a comment - 05/May/11 6:35 PM Thanks for your ftp access, I created a phpfile containing print_r($_SERVER) and the key HTTPS didn't appeared, as mentionned in the php official documentation ( http://fr.php.net/manual/en/reserved.variables.server.php ), so we can't fix it because not related to PrestaShop. Please contact your host, or you can leave your modifications if this is ok for you. Regards,
Hide
Permalink
Marc Valentin added a comment - 16/May/11 11:26 AM

I contacted Servage.net (my current host) asking why the 'HTTPS' is empty and they responded that it is due to the cluster structure of their system. They cannot do anything about it. So this was actually ‘my’ problem not Prestashop’s ! I moved my website to another host (HostGator) and it works perfectly there.
Thank you for help.

Show
Marc Valentin added a comment - 16/May/11 11:26 AM I contacted Servage.net (my current host) asking why the 'HTTPS' is empty and they responded that it is due to the cluster structure of their system. They cannot do anything about it. So this was actually ‘my’ problem not Prestashop’s ! I moved my website to another host (HostGator) and it works perfectly there. Thank you for help.
Hide
Permalink
Sheldon Jones added a comment - 30/Jun/11 1:44 AM

I'm also behind a host that uses a reverse proxy for load balancing. The proxy sets header X-Forwarded-Proto to https when it redirects a page that is using SSL mode.

Prestashop doesn't detecting this header and because the servers behind the load balancer are not doing SSL the $_SERVER[‘HTTPS’] php variable is not set correctly.

As a quick and dirty fix you can set the $_SERVER[‘HTTPS’] variable whenever X-Forwarded-Proto is set to https.

Adding these lines to my config/config.inc.php file fixed the problem.

if (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) AND $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https')

{ $_SERVER['HTTPS'] = 'on'; }

More info on this problem can be found here. http://drupal.org/node/313145

Show
Sheldon Jones added a comment - 30/Jun/11 1:44 AM I'm also behind a host that uses a reverse proxy for load balancing. The proxy sets header X-Forwarded-Proto to https when it redirects a page that is using SSL mode. Prestashop doesn't detecting this header and because the servers behind the load balancer are not doing SSL the $_SERVER[‘HTTPS’] php variable is not set correctly. As a quick and dirty fix you can set the $_SERVER[‘HTTPS’] variable whenever X-Forwarded-Proto is set to https. Adding these lines to my config/config.inc.php file fixed the problem. if (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) AND $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https') { $_SERVER['HTTPS'] = 'on'; } More info on this problem can be found here. http://drupal.org/node/313145

People

Vote (0)
Watch (2)

Dates

  • Created:
    21/Apr/11 11:05 PM
    Updated:
    27/Nov/11 8:23 AM
    Resolved:
    04/May/11 11:50 AM
Atlassian JIRA (v4.2.4-b591#591) | Report a problem
Powered by a free Atlassian JIRA open source license for Prestashop SA. Try JIRA - bug tracking software for your team.