i am using magento EE. in this when user submit couponcode then system redirect to non-secure.
full story:
i am using amazon payments so we need SSL on cart page.
i am posting couponPost on SSL but some how system redirect to non-SSL
when i submit any couponcode:
system post coupon code to SSL
automatically system redirect to NON-SSL
again system redirect to SSL
so on the way global notifications lost. any one has any idea what's going on.
same issue: http://www.tagwith.com/question_342501_magento-cart-ssl-issue-submitting-data-to-an-insecure-location
I submitted an issue on this a while back when I was working with a merchant having a similar issue. The GitHub issue can be found here along with a temporary fix.
Check this controller file : CartController.php
Location: app/code/core/Mage/Checkout/controllers/
Replace this line under _goBack() function :
$this->_redirect('checkout/cart');
to
$this->_redirect('checkout/cart',array('_secure'=>true));
Hope this helps. I suggest you to don't modify the core file. Simply override it check this method.
Related
I am working in a codeigniter project in wamp server.
My current login page is http://localhost/flowers/login and its working correctly (no issue). The rest of the urls are like this
http://localhost/handycheck/admin/dashboard etc
My issue is i need to change the login url like this
http://localhost/flowers/admin/login
&
http://localhost/flowers/providers/login
Its because I have to maintain login form for multiple users.
How can i make this.
Please help me and thanks in advance who helps me alot..
You can do this by adding custom roue in codeigniter routing configuration as follows go to config/routes and add the following entry in this file
$route['flowers/providers/login'] = 'flowers/login';
$route['flowers/admin/login'] = 'flowers/login';
this will redirect the request to the login in flowers controller and if you need to do custom handling for admins and provider you can get the url segments and do custom handling according to user type
I hope my answer would be useful
I am using magento 1.8.1.0 and i have enabled SSL. SSL is purcahsed from Godady and is installed and configured at the server.
I have also set the Base URL in secure section to https://..... . Now when i enable it for front end, and then when i try to go to customer login page (which is served by https), i am always redirected to home page.
I have applied a few fixes, but no one worked.
The fix described on the below link starts a redirect loop and the site never loads.
Magento HTTPS on all website: urls redirect to homepage
Also i have read the following:
http://www.aschroder.com/2012/07/magento-ssl-offloading-with-amazon-elb/
https://magento.stackexchange.com/questions/38250/ssl-issues-with-magento-behind-load-balancer-302-loop
http://blog.ideaday.de/max/2012/12/magento-https-redirect-loop-ssl-offloading-proxies-pound-nginx/
https://www.sonassi.com/knowledge-base/magento-kb/magento-https-redirect-loop/
http://magentocoder.jigneshpatel.co.in/magento-redirection-loop-problem-after-installing-ssl/
And no fix is working for me.
Now i am offering a 50 points bounty for the correct answer.
Can someone give me some idea how to fix this issue?
Thank you
I saw this problem while on a login form submitted via ajax, the login form was loaded as part of a http page as opposed to https, which is not good, and then the login form data submitted by ajax to a https controller url. on success some javascript would try to load a https landing page into the main window.
The problem was magento would redirect the landing page which is what you're experiencing.
To solve hte issues, we loaded the login form by https and dynamically put it into the dom. We used the form action to a https link, and a form submit rather than an ajax post. Then the magento controller would use a redirect in the response to the landing page or an error page.
Go to Your system->confi->web->Session Validation Settings
Validate HTTP_X_FORWARDED_FOR and Validate HTTP_USER_AGENT
this two fields are enable so only disable it ! :)
I have a multi language site and am having Magento (1.7.0.2) "Add Store Code to Urls" (config/system/web).
I have overridden the app/code/core/Mage/Paypal with my own app/code/local/Mage/Paypal as I have added extra backend functionality.
I can hit the IPN scripts manually (as expected) through the URL by going to:
mysite.com/uk/paypal/ipn/ in the browser (which shows as a GET request in my apache access log, with a 200 status). However when paypal posts to the same URL (which shows as a POST request in the log) it results in a 404.
I don't understand why there is a difference in GET and POST to this URL but maybe it is something to do with Magento's routing?
Anyway, what can I do so that the IPN script can be hit by paypal, and I can still use store codes in the URLs?
After logging each class method I found that Magneto was trying to load a website with $scopeCode = 'us' in run() method in /var/www/simplesteps/site/src/app/code/core/Mage/Core/Model/App.php.
This is a throw-back to the time when we have a USA website, but this website had been removed, yet a reference to it was being used.
I am not sure where this reference was being set, after looking through CMS settings I could not find it. If anyone could tell me I'd appreciate that.
I fixed the issue by reinstating the USA website, which, it turns out should not have been removed.
The reason the IPN script was being correctly hit through the browser URL (GET 200) but not paypal (POST 404) is probably to do with it being called within the scope of the active website via the URL, and not a default or legacy reference to US site.
Hope this helps someone who may find a similar frustrating situation.
I'm working on a store deployed using Magento. It has one module which I wrote, which has event observers for checkout_type_onepage_save_order_after, checkout_type_multishipping_create_orders_saved_after, and admin_created_order_after.
When a customer places his/her order, Magento does not redirect to a success page when my module is enabled. When I disable my module, it redirects just fine. With or without my module, the order still goes through but it's not very user-friendly if there's no thank you message of some kind.
Anyone have any ideas what the problem is? There's no entry in any error log (Apache, PHP, Magento, or database).
Using magento 1.6.2.0 on PHP 5.
In case anyone else is having the same or similar problem, I just solved a very similar issue thanks to TonyTheJet's comment here. I am using onepagecheckout in Magento CE 1.7.02
If you have a stray echo command in your code, which will send raw text to the browser, this will cause a problem on the browser side in onepagecheckout.js . It does not correctly un-encode a subsequent JSON string sent by the server to say that the order was processed successfully. Because of that, the browser fails to send a GET to trigger the onepagecheckout controller successAction().
If you are using a protocol analyser or a tool like Firefox Firebug, the crucial JSON string should look like this. The order_creates=true is what should trigger a browser request for the success page:
{"success":true,"error":false,"order_created":true}
When i'm going to edit content in Article, i got below error.
Forbidden
You don't have permission to access /administrator/index.php on this server.
Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.
i can't edit my content. how could i avoid this ?
Sometimes when editing articles, the content of the article is flagged by the server as dangerous (e.g. code in the article looks like an attempt at SQL injection), which results in the HTTP 403 you received. You can try editing your content to make it less suspicious, or you will need to look at the security layer in play on your server.
If your server uses Mod Security, you will probably need to contact your hosting company to add a rule exception. If you use some sort of Joomla security add-on, then it's possible that that is the piece responsible for throwing the 403.
If you aren't sure, your best bet might be to ask your hosting company or sysadmin.
I ran into the same issue. I couldn't solve it, but a quick workaround would be to edit the article directly in the database, under jos_content (replace jos_ by your table prefix if different). When you are editing the article in Joomla's backend, look in the URL for the ID of this article. Then, in the table, search for that ID (ex : SELECT * FROM jos_content WHERE id = YOUR_ID). Edit the content field, and there you go
If you are using Mac, change the permission of the Joomla folder to "read&write".