MrPhil Posted August 24, 2018 Share Posted August 24, 2018 If you want SSL sitewide, you have to change http://... to https://... in all places in both config.php files. That's as a minimum. As John said, if the warning still pops up, you have a hard coded http://... or two somewhere you'll need to find. Link to comment Share on other sites More sharing options...
♥John W Posted August 24, 2018 Share Posted August 24, 2018 @tightwad Look in your admin template_top.php for where that css is called and change it to this. <link rel="stylesheet" href="../ext/jquery/ui/redmond/jquery-ui-1.10.4.min.css"> I'm not really a dog. Link to comment Share on other sites More sharing options...
tightwad Posted August 24, 2018 Share Posted August 24, 2018 5 hours ago, John W said: @tightwad Look in your admin template_top.php for where that css is called and change it to this. <link rel="stylesheet" href="../ext/jquery/ui/redmond/jquery-ui-1.10.4.min.css"> That error was one of many related to the CSS/jquery. I have this in my admin/template_top.php. I'm not sure how to make the change you suggest: <base href="<?php echo ($request_type == 'SSL') ? HTTPS_SERVER . DIR_WS_HTTPS_ADMIN : HTTP_SERVER . DIR_WS_ADMIN; ?>" /> <!--[if IE]><script type="text/javascript" src="<?php echo tep_catalog_href_link('ext/flot/excanvas.min.js', '', 'SSL'); ?>"></script><![endif]--> <link rel="stylesheet" type="text/css" href="<?php echo tep_catalog_href_link('ext/jquery/ui/redmond/jquery-ui-1.10.4.min.css', '', 'SSL'); ?>"> <script type="text/javascript" src="<?php echo tep_catalog_href_link('ext/jquery/jquery-2.2.3.min.js', '', 'SSL'); ?>"></script> <script type="text/javascript" src="<?php echo tep_catalog_href_link('ext/jquery/ui/jquery-ui-1.10.4.min.js', '', 'SSL'); ?>"></script> 6 hours ago, MrPhil said: If you want SSL sitewide, you have to change http://... to https://... in all places in both config.php files. That's as a minimum. As John said, if the warning still pops up, you have a hard coded http://... or two somewhere you'll need to find. 11 hours ago, BrockleyJohn said: @tightwad the oscommerce code was designed only to make the checkout process secure (the enable SSL toggle just affects that bit). For the whole site secure, set the HTTP_SERVER values to https: as well as the HTTPS_SERVER values If you still get mixed content warnings then http:// is hard-coded and you'll have to track down exactly where I tried changing the config.php files to: define('HTTP_SERVER', 'https://www.mysiteURL.com'); define('HTTPS_SERVER', 'https://www.mysiteURL.com'); I still get errors on: Mixed Content: The page at 'https://www.mysiteURL.com/admin/index.php' was loaded over HTTPS, but requested an insecure stylesheet 'http://www.mysiteURL.com/ext/jquery/ui/redmond/jquery-ui-1.10.4.min.css'. This content should also be served over HTTPS. index.php:1 Mixed Content: The page at 'https://www.mysiteURL.com/admin/index.php' was loaded over HTTPS, but requested an insecure script 'http://www.mysiteURL.com/ext/jquery/jquery-2.2.3.min.js'. This content should also be served over HTTPS. index.php:1 Mixed Content: The page at 'https://www.mysiteURL.com/admin/index.php' was loaded over HTTPS, but requested an insecure script 'http://www.mysiteURL.com/ext/jquery/ui/jquery-ui-1.10.4.min.js'. This content should also be served over HTTPS. index.php:1 Mixed Content: The page at 'https://www.mysiteURL.com/admin/index.php' was loaded over HTTPS, but requested an insecure script 'http://wwwmysiteURL/ext/flot/jquery.flot.min.js'. This content should also be served over HTTPS. index.php:1 Mixed Content: The page at 'https://www.mysiteURL.com/admin/index.php' was loaded over HTTPS, but requested an insecure script 'http://www.mysiteURL/ext/flot/jquery.flot.time.min.js'. This content should also be served over HTTPS. 6Mixed Content: The page at '<URL>' was loaded over HTTPS, but requested an insecure image '<URL>'. This content should also be served over HTTPS. index.php:221 Mixed Content: The page at 'https://www.mysiteURL.com/admin/index.php' was loaded over HTTPS, but requested an insecure image 'http://www.mysiteURL/images/stars_5.gif'. This content should also be served over HTTPS. index.php:221 Mixed Content: The page at 'https://www.mysiteURL.com/admin/index.php' was loaded over HTTPS, but requested an insecure image 'http://www.mysiteURL/images/stars_5.gif'. This content should also be served over HTTPS. index.php:221 Mixed Content: The page at 'https://www.mysiteURL.com/admin/index.php' was loaded over HTTPS, but requested an insecure image 'http://www.mysiteURL/images/stars_5.gif'. This content should also be served over HTTPS. index.php:221 Mixed Content: The page at 'https://www.mysiteURL.com/admin/index.php' was loaded over HTTPS, but requested an insecure image 'http://www.mysiteURL/images/stars_5.gif'. This content should also be served over HTTPS. index.php:221 Mixed Content: The page at 'https://www.mysiteURL.com/admin/index.php' was loaded over HTTPS, but requested an insecure image 'http://www.mysiteURL/images/stars_5.gif'. This content should also be served over HTTPS. index.php:221 Mixed Content: The page at 'https://www.mysiteURL.com/admin/index.php' was loaded over HTTPS, but requested an insecure image 'http://www.mysiteURL/images/stars_5.gif'. This content should also be served over HTTPS. I appreciate the help and responses...I feel it's so close to working right, I'm looking forward to moving forward with template/UI changes! Link to comment Share on other sites More sharing options...
♥JcMagpie Posted August 24, 2018 Share Posted August 24, 2018 Simple fix find http://www.mysiteURL.com/ext/jquery/ui/redmond/jquery-ui-1.10.4.min.css' and change to https://www.mysiteURL.com/ext/jquery/ui/redmond/jquery-ui-1.10.4.min.css' find http://www.mysiteURL/images/stars_5.gif' and change to https://www.mysiteURL/images/stars_5.gif' any url used in a SSL site must come from a SSL site. Link to comment Share on other sites More sharing options...
tightwad Posted August 24, 2018 Share Posted August 24, 2018 @jcMagpie the URLs don't exist in that manner, the calls being made are building the URLs out from the Config files etc Link to comment Share on other sites More sharing options...
♥John W Posted August 24, 2018 Share Posted August 24, 2018 Post your template_top.php from your admin and we'll help you fix this. I'm not really a dog. Link to comment Share on other sites More sharing options...
♥JcMagpie Posted August 24, 2018 Share Posted August 24, 2018 Ok so make sure your config is all pointing to https:// and make sure all your .htaccess redirects are all to https. 😂 and what JW just said as he beat me to it Link to comment Share on other sites More sharing options...
tightwad Posted August 24, 2018 Share Posted August 24, 2018 1 hour ago, John W said: Post your template_top.php from your admin and we'll help you fix this. <?php /* $Id$ osCommerce, Open Source E-Commerce Solutions http://www.oscommerce.com Copyright (c) 2014 osCommerce Released under the GNU General Public License */ ?> <!DOCTYPE html> <html <?php echo HTML_PARAMS; ?>> <head> <meta http-equiv="Content-Type" content="text/html; charset=<?php echo CHARSET; ?>"> <meta name="robots" content="noindex,nofollow"> <title><?php echo TITLE; ?></title> <base href="<?php echo ($request_type == 'SSL') ? HTTPS_SERVER . DIR_WS_HTTPS_ADMIN : HTTP_SERVER . DIR_WS_ADMIN; ?>" /> <!--[if IE]><script type="text/javascript" src="<?php echo tep_catalog_href_link('ext/flot/excanvas.min.js', '', 'SSL'); ?>"></script><![endif]--> <link rel="stylesheet" type="text/css" href="<?php echo tep_catalog_href_link('ext/jquery/ui/redmond/jquery-ui-1.10.4.min.css', '', 'SSL'); ?>"> <script type="text/javascript" src="<?php echo tep_catalog_href_link('ext/jquery/jquery-2.2.3.min.js', '', 'SSL'); ?>"></script> <script type="text/javascript" src="<?php echo tep_catalog_href_link('ext/jquery/ui/jquery-ui-1.10.4.min.js', '', 'SSL'); ?>"></script> <?php if (tep_not_null(JQUERY_DATEPICKER_I18N_CODE)) { ?> <script type="text/javascript" src="<?php echo tep_catalog_href_link('ext/jquery/ui/i18n/jquery.ui.datepicker-' . JQUERY_DATEPICKER_I18N_CODE . '.js', '', 'SSL'); ?>"></script> <script type="text/javascript"> $.datepicker.setDefaults($.datepicker.regional['<?php echo JQUERY_DATEPICKER_I18N_CODE; ?>']); </script> <?php } ?> <script type="text/javascript" src="<?php echo tep_catalog_href_link('ext/flot/jquery.flot.min.js', '', 'SSL'); ?>"></script> <script type="text/javascript" src="<?php echo tep_catalog_href_link('ext/flot/jquery.flot.time.min.js', '', 'SSL'); ?>"></script> <link rel="stylesheet" type="text/css" href="includes/stylesheet.css"> <script type="text/javascript" src="includes/general.js"></script> </head> <body> <?php require('includes/header.php'); ?> <?php if (tep_session_is_registered('admin')) { include('includes/column_left.php'); } else { ?> <style> #contentText { margin-left: 0; } </style> <?php } ?> <div id="contentText"> There is an .htaccess at the root(catalog) level as well as the Admin level, both contain at the top: RewriteEngine On RewriteCond %{HTTPS} off RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L] RewriteCond %{HTTPS} on RewriteCond %{HTTP_HOST} !^www\.(.*)$ [NC] RewriteRule ^(.*)$ https://www.%{HTTP_HOST}/$1 [R=301,L] Link to comment Share on other sites More sharing options...
♥John W Posted August 24, 2018 Share Posted August 24, 2018 Okay, change this line <link rel="stylesheet" type="text/css" href="<?php echo tep_catalog_href_link('ext/jquery/ui/redmond/jquery-ui-1.10.4.min.css', '', 'SSL'); ?>"> to this <link rel="stylesheet" href="../ext/jquery/ui/redmond/jquery-ui-1.10.4.min.css"> Let us know if you still have a problem. I'm not really a dog. Link to comment Share on other sites More sharing options...
tightwad Posted August 24, 2018 Share Posted August 24, 2018 Thanks! That appears to have resolved the issue with that call. I have these as well, but the format is different so I wasn't able to apply the exact same treatment: orders.php:1 Mixed Content: The page at 'https://www.mysiteURL.com/admin/orders.php?page=1&oID=4736&action=edit' was loaded over HTTPS, but requested an insecure script 'http://www.mysiteURL.com/ext/jquery/jquery-2.2.3.min.js'. This content should also be served over HTTPS. orders.php:1 Mixed Content: The page at 'https://www.mysiteURL.com/admin/orders.php?page=1&oID=4736&action=edit' was loaded over HTTPS, but requested an insecure script 'http://www.mysiteURL.com/ext/jquery/ui/jquery-ui-1.10.4.min.js'. This content should also be served over HTTPS. orders.php:1 Mixed Content: The page at 'https://www.mysiteURL.com/admin/orders.php?page=1&oID=4736&action=edit' was loaded over HTTPS, but requested an insecure script 'http://www.mysiteURL.com/ext/flot/jquery.flot.min.js'. This content should also be served over HTTPS. orders.php:1 Mixed Content: The page at 'https://www.mysiteURL.com/admin/orders.php?page=1&oID=4736&action=edit' was loaded over HTTPS, but requested an insecure script 'http://www.mysiteURL.com/ext/flot/jquery.flot.time.min.js'. This content should also be served over HTTPS. Link to comment Share on other sites More sharing options...
♥John W Posted August 24, 2018 Share Posted August 24, 2018 For the first two change to <script type="text/javascript" src="../ext/jquery/jquery-2.2.3..min.js"></script> <script type="text/javascript" src="../ext/jquery/ui/jquery-ui-1.10.4.min.js"></script> Your other two should work as long as your config is correct. I'm not really a dog. Link to comment Share on other sites More sharing options...
tightwad Posted August 25, 2018 Share Posted August 25, 2018 @John W This gives an error: jQuery is not defined at jquery-ui-1.10.4.min.js:6 (and also for the other file) Link to comment Share on other sites More sharing options...
♥John W Posted August 25, 2018 Share Posted August 25, 2018 You might need to play around with that some. It works for me. I'm not really a dog. Link to comment Share on other sites More sharing options...
Omar_one Posted August 25, 2018 Share Posted August 25, 2018 19 hours ago, John W said: <script type="text/javascript" src="../ext/jquery/jquery-2.2.3..min.js"></script> this it should be <script type="text/javascript" src="../ext/jquery/jquery-2.2.3.min.js"></script> there is an extra (.) after (jquery-2.2.3.) Get the latest Responsive osCommerce CE (community edition) here . Link to comment Share on other sites More sharing options...
♥John W Posted August 25, 2018 Share Posted August 25, 2018 Good catch! I have a different version, so I changed it for his. Didn't see the extra ".". I'm not really a dog. Link to comment Share on other sites More sharing options...
tightwad Posted August 27, 2018 Share Posted August 27, 2018 Thanks! That fixed it, and I was able to take the same fix to the other 2 jquery rows as well. WhyNoPadlock now tells me I have no mixed content (but they see an SSL cert problem I don't understand). Most of the console warnings are gone. Thanks so much for the help! Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.