Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Minor Minor
    • Resolution: Fixed
    • Affects Version/s: 1.4.5.1
    • Fix Version/s: 1.4.5.1
    • Security Level: All-users
    • Labels:
      None

      Description

      There are 2 problems that i encountered when i enabled a dedicated ssl certificate with 1and1.com shared hosting.1) 301 redirect loop2) not all content was httpsFor the redirect issue, I noticed the problem for me was in the FrontController.php. The code checks if the variable $_SERVER['HTTPS']) == 'on'.However for me the value is '1' and not 'on'. After changing the code to check for '1', then the redirect issue went away.However when i visited a page under https, i was getting the warning that not all content was being returned securely. The problem was the logo.jpg image.So i went and changed all remaining code to check for '1' and not 'on' and everything is working properly.I'm not sure why in my case the value is '1' and not 'on', but it would appear that the code should handle both scenarios?

        Issue Links

          Activity

          Hide
          Marc Valentin added a comment -

          I had the problem described above in 1.4.0.17...
          Now, I upgraded to 1.4.1 and the problem is gone from the frontend but it is present in the backend (admin).
          Once I logout from the admin (after enabling SSL), I am unable to login again because of the loop error. The only way I found to get in admin again is to edit directly the table "ps_configuration" and change the value of PS_SSL_ENABLED to 0...

          Show
          Marc Valentin added a comment - I had the problem described above in 1.4.0.17... Now, I upgraded to 1.4.1 and the problem is gone from the frontend but it is present in the backend (admin). Once I logout from the admin (after enabling SSL), I am unable to login again because of the loop error. The only way I found to get in admin again is to edit directly the table "ps_configuration" and change the value of PS_SSL_ENABLED to 0...
          Hide
          Marc Valentin added a comment -

          Sorry, I am not a PHP specialist...
          I noticed however that disabling the following lines in admin/login.php fix my problem. I mean, by doing that I can use SSL and I can enter my admin.

          /*
          if ((empty($_SERVER['HTTPS']) OR strtolower($_SERVER['HTTPS']) == 'off')
          AND Configuration::get('PS_SSL_ENABLED'))

          { header('HTTP/1.1 301 Moved Permanently'); header('Location: '.Tools::getShopDomainSsl(true).$_SERVER['REQUEST_URI']); exit(); }

          */

          Show
          Marc Valentin added a comment - Sorry, I am not a PHP specialist... I noticed however that disabling the following lines in admin/login.php fix my problem. I mean, by doing that I can use SSL and I can enter my admin. /* if ((empty($_SERVER ['HTTPS'] ) OR strtolower($_SERVER ['HTTPS'] ) == 'off') AND Configuration::get('PS_SSL_ENABLED')) { header('HTTP/1.1 301 Moved Permanently'); header('Location: '.Tools::getShopDomainSsl(true).$_SERVER['REQUEST_URI']); exit(); } */
          Hide
          Michaël MARINETTI added a comment -

          Hi,

          This is a configuration problem, if you have ssl enabled, you are redirected to a secure url (https) before login.

          If you have not ssl available, just disable this in Preferences.

          We'll work on a way to forbid this configuration if not available.

          Regards,
          Michaël

          Show
          Michaël MARINETTI added a comment - Hi, This is a configuration problem, if you have ssl enabled, you are redirected to a secure url (https) before login. If you have not ssl available, just disable this in Preferences. We'll work on a way to forbid this configuration if not available. Regards, Michaël
          Hide
          Marc Valentin added a comment -

          Sorry Michaël but I think you are wrong !
          I enabled SSL because I have SSL.
          In the front-end the https pages are fine, but the admin login page is not showing because of too many redirections...
          So it shows that there are basically a problem with the login page of the admin.
          I send to you the links in a private message in the forum.

          Show
          Marc Valentin added a comment - Sorry Michaël but I think you are wrong ! I enabled SSL because I have SSL. In the front-end the https pages are fine, but the admin login page is not showing because of too many redirections... So it shows that there are basically a problem with the login page of the admin. I send to you the links in a private message in the forum.
          Hide
          Michaël MARINETTI added a comment -

          Thanks for your ftp access, I created a phpfile containing print_r($_SERVER) and the key HTTPS didn't appeared, as mentionned in the php official documentation ( http://fr.php.net/manual/en/reserved.variables.server.php ), so we can't fix it because not related to PrestaShop.

          Please contact your host, or you can leave your modifications if this is ok for you.

          Regards,

          Show
          Michaël MARINETTI added a comment - Thanks for your ftp access, I created a phpfile containing print_r($_SERVER) and the key HTTPS didn't appeared, as mentionned in the php official documentation ( http://fr.php.net/manual/en/reserved.variables.server.php ), so we can't fix it because not related to PrestaShop. Please contact your host, or you can leave your modifications if this is ok for you. Regards,
          Hide
          Marc Valentin added a comment -

          I contacted Servage.net (my current host) asking why the 'HTTPS' is empty and they responded that it is due to the cluster structure of their system. They cannot do anything about it. So this was actually ‘my’ problem not Prestashop’s ! I moved my website to another host (HostGator) and it works perfectly there.
          Thank you for help.

          Show
          Marc Valentin added a comment - I contacted Servage.net (my current host) asking why the 'HTTPS' is empty and they responded that it is due to the cluster structure of their system. They cannot do anything about it. So this was actually ‘my’ problem not Prestashop’s ! I moved my website to another host (HostGator) and it works perfectly there. Thank you for help.
          Hide
          Sheldon Jones added a comment -

          I'm also behind a host that uses a reverse proxy for load balancing. The proxy sets header X-Forwarded-Proto to https when it redirects a page that is using SSL mode.

          Prestashop doesn't detecting this header and because the servers behind the load balancer are not doing SSL the $_SERVER[‘HTTPS’] php variable is not set correctly.

          As a quick and dirty fix you can set the $_SERVER[‘HTTPS’] variable whenever X-Forwarded-Proto is set to https.

          Adding these lines to my config/config.inc.php file fixed the problem.

          if (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) AND $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https')

          { $_SERVER['HTTPS'] = 'on'; }

          More info on this problem can be found here. http://drupal.org/node/313145

          Show
          Sheldon Jones added a comment - I'm also behind a host that uses a reverse proxy for load balancing. The proxy sets header X-Forwarded-Proto to https when it redirects a page that is using SSL mode. Prestashop doesn't detecting this header and because the servers behind the load balancer are not doing SSL the $_SERVER [‘HTTPS’] php variable is not set correctly. As a quick and dirty fix you can set the $_SERVER [‘HTTPS’] variable whenever X-Forwarded-Proto is set to https. Adding these lines to my config/config.inc.php file fixed the problem. if (isset($_SERVER ['HTTP_X_FORWARDED_PROTO'] ) AND $_SERVER ['HTTP_X_FORWARDED_PROTO'] == 'https') { $_SERVER['HTTPS'] = 'on'; } More info on this problem can be found here. http://drupal.org/node/313145

            People

            • Assignee:
              Michaël MARINETTI
              Reporter:
              Marc Valentin
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: