[jared]

Hi guys,
Experiencing issue with SSL enabling.
I had installed certificate on the server and enabled SSL inside CS-Cart settings, but when I'm trying reach secured version (https://...) it's always redirects me to non-secure (http://...)

I also tried to set redirects inside .htaccess but this created infinite loop of calls http -> https -> http.

After hours of researching I have found that somewhere script calls for local redirect fn and when I disabled everything inside this function - secure version works. This is not coolest way to solve the issue so I decided to create topic here.

Issue appears only on front-end part. Admin subset works good.

CS-Cart version: 3.0.6 (can't update because of custom integrations and theming)

config.local.php

...
// Host and directory where software is installed on no-secure server
$config['http_host'] = 'www.example.co.uk';
$config['http_path'] = '';

// Host and directory where software is installed on secure server
$config['https_host'] = 'www.example.co.uk';
$config['https_path'] = '';...

config.php:

...

$config['http_location'] = 'https://' . $config['http_host'] . $config['http_path'];
$config['https_location'] = 'https://' . $config['https_host'] . $config['https_path'];
$config['current_location'] = (defined('HTTPS')) ? $config['https_location'] : $config['http_location'];
...

[imac]

After hours of researching I have found that somewhere script calls for local redirect fn and when I disabled everything inside this function - secure version works. This is not coolest way to solve the issue so I decided to create topic here.

jared,

post the code that you disabled. This could help to understand the issue.

[Flapcat]

I'm glad I'm not the only one with this issue. I've tried setting up SSL on my site today too and followed the instructions for version 3.0.6 as per the knowledge base article.

If I include the

RewriteCond %{SERVER_PORT} 80

in .htaccess, then the admin side has SSL enabled, however as soon as I enter

RewriteRule ^(.*)$ https://www.your_domain.com/$1 [R,L,NE]

into the .htaccess file the front end of the website goes down into the infinite loop just as Jared has described.

If there is anything that needs disabling in code or the Rewrite rules need to be configured differently then it would be nice to know.

[johnbol1]

I'm glad I'm not the only one with this issue. I've tried setting up SSL on my site today too and followed the instructions for version 3.0.6 as per the knowledge base article.

If I include the

RewriteCond %{SERVER_PORT} 80

in .htaccess, then the admin side has SSL enabled, however as soon as I enter

RewriteRule ^(.*)$ https://www.your_domain.com/$1 [R,L,NE]

into the .htaccess file the front end of the website goes down into the infinite loop just as Jared has described.

If there is anything that needs disabling in code or the Rewrite rules need to be configured differently then it would be nice to know.

First of all make sure you add 301 or you will lose all your link juice after changes
as per this post http://forum.cs-cart...-site-be-aware/

@IMAC the KB has been changed for 4.2X but but not for lower versions

and second question...you did put YOUR OWN web address in didnt you (stupid question I know but it has been done before)

RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.yourwebaddresshere/$1 [R=301,L,NE]

[imac]

@IMAC the KB has been changed for 4.2X but but not for lower versions

johnbol1,
Can you please provide more details on this?

[jared]

@imac
I had disabled fn_redirect function in fn.common.php

function fn_redirect($location, $no_delay = false, $allow_external_redirect = false)
{
/*
...
*/
}

I need to realise where exactly it calls and fix condition.

But it's breaking entire redirect functional everywhere where needed, such like merchant, login redirects, etc.

The problem is not in the ssl installation or redirect implementation server side but something wrong with recognising https and providing correct condition for that.

What might be:
Site can't recognise correct URI and then just forwarding to http_host

@johnbol - as you can see from my first post, the problem is not in implementing redirects inside .htaccess. Example of configuration posted previously.

Thanks,
Jared.

[johnbol1]

johnbol1,
Can you please provide more details on this?

Sure see this post below. I informed your guy and he changed the KB for V4.2.x version tab but not for other version tabs
http://forum.cs-cart...-site-be-aware/

see tab 4.2.x states to use 301 in the code but other version tabs do not show to use 301.

Thanks
John

[jared]

Hi guys,

Any update on this topic that may solve SSL infinite loop issue?

Thanks,
Jared.

[jared]

Also tested couple options and I'm pretty sure that issue inside CS-Cart core, not server configuration or htaccess:

OK:
- https://www.example.com/admin.php and everything inside - works perfect

Uploaded test file and tried direct injection:

OK:
- https://www.example.com/i.php
Everything works, ssl shown, nothing redirects.

Not OK:
- https://www.example.com/ - started redirecting to not-secure http connection.
- https://www.example....ething-on-front - same, redirecting to non-secure....

Thanks,
Jared.

[eComLabs]

Please provide us with the temporary FTP access so that we can find the reason of the redirect loop

[hellomyfriends]

Anyone has fixed this? I have the same issue. 

 

Please help me.

[ibizo]

There is mistake in the kb docs as allways!!

 

 

If you want to activate secure connection for all urls, you need to only enable "Keep HTTPS connection once a secure page is visited"

 

not to enable Enable secure connection at checkout, Enable secure connection in the administration panel, Enable secure connection for authentication, profile and orders pages

 

because if you enable all those options, there is loop

 

just for your info 

[eComLabs]

Anyone has fixed this? I have the same issue. 

 

Please help me.

 

app/Tygh/Bootstrap.php

 

Please check the detectHTTPS function here. Sometimes even if the SSL is installed, the system cannot meet the conditions of the function

[hellomyfriends]

 

There is mistake in the kb docs as allways!!

 

 

If you want to activate secure connection for all urls, you need to only enable "Keep HTTPS connection once a secure page is visited"

 

not to enable Enable secure connection at checkout, Enable secure connection in the administration panel, Enable secure connection for authentication, profile and orders pages

 

because if you enable all those options, there is loop

 

just for your info 

 

I can't login to Admin CP when SSL enabled on my VPS.

https://sieuthilangs...n/quantrils.php

https://sieuthilangson.vn/vendor.phpvendor loop too.

 

app/Tygh/Bootstrap.php

 

Please check the detectHTTPS function here. Sometimes even if the SSL is installed, the system cannot meet the conditions of the function

 

I tried comment out // return false; but it doesn't work.

public static function detectHTTPS($server)
    {
        if (
            (isset($server['HTTPS']) && (strcasecmp($server['HTTPS'], 'on') === 0 || $server['HTTPS'] == '1')) ||
            (isset($server['HTTP_X_FORWARDED_SERVER']) && (strcasecmp($server['HTTP_X_FORWARDED_SERVER'], 'secure') === 0 || $server['HTTP_X_FORWARDED_SERVER'] == 'ssl')) ||
            (isset($server['SCRIPT_URI']) && (strpos($server['SCRIPT_URI'], 'https') === 0)) ||
            (isset($server['HTTP_HOST']) && (strpos($server['HTTP_HOST'], ':443') !== false)) ||
            (isset($server['HTTP_X_FORWARDED_HTTPS']) && (strcasecmp($server['HTTP_X_FORWARDED_PROTO'], 'on') || $server['HTTP_X_FORWARDED_PROTO'] == '1')) ||
            (isset($server['HTTP_X_FORWARDED_PROTO']) && $server['HTTP_X_FORWARDED_PROTO'] == 'https') ||
            (isset($server['HTTP_X_HTTPS']) && (strcasecmp($server['HTTP_X_HTTPS'], 'on') === 0 || $server['HTTP_X_HTTPS'] == '1')) ||
            (isset($server['SERVER_PORT']) && $server['SERVER_PORT'] == 443)
        ) {
            return true;
        }

        // return false;
    }

[hellomyfriends]

My issue fixed.

 

In case you cannot access your admin CP (yourdomain/admin.php) when SSL enabled.

1. Login phpmyadmin, find settings_objects table and change secure_admin's value from "N" to "Y"

2. Delete all categories in var/cache via FTP.

3. Try to access your admin CP by hard fresh or delete Browser's cache/history or try a new browser.

 

Hope will help.

[hellomyfriends]

2. (Edited) I mean delete all folders in var/cache via FTP.

 

This fix for Multi-vendor edition