Magento mini search form from secure pages - magento

I've run into a catch-22 with the search form that hopefully someone can help me with. From any of the secure pages in our Magento store (My Account, Checkout, etc) if you use the mini search form in the header, it takes you to a secure search results page https://oursite.com/catalogsearch/result. This results in a browser warning because there is unsecure content on that page. I thought I could fix this by modifying the CatalogSearch Helper class so that the getResultUrl functions always returns an http: link. However, this results in the browser warning you that you are about to send form data over a non-secure connection. So I can't seem to find a solution that doesn't look dangerous to the user.
Any ideas?

I know this is not the proper EAV/MVC/1000 lines of XML Magento module way of doing it, however, since this is a straightforward http/https problem you can put a couple of lines in .htaccess to get your search box behaving correctly:
RewriteCond %{SERVER_PORT} !^80$
RewriteRule ^catalogsearch http://www.example.com/catalogsearch/ [R=301,L]

The right way to fix this is not to use mixed content on that page. Magento can usually handle any page over HTTPS if it is requested to do so, so find the assets that are hardcoded over http:// and fix them to respect the current protocol properly.

For me the incorrect url got stuck in cache (we had heavy cache on the live server) and that caused the security warning for me. Hope this helps someone.

The question should be - why is this happening?
Doing a search on a non-secure page will yield results on a non-secure page.
After having visted a secure page, searching on a non-secure page will yield results on a secure page - how does this make any sense? What is the purpose of this?

Related

Can I create a 301 redirect from www.xcompany.com to shop.xcompany.com?

I work for xcompany. I am wondering if it is possible to set up a 301 redirect from our site http://shop.xcompany.com/ to our site http://www.xcompany.com/ and if possible, what would the rewrite rules be?
The old page that existed on the former URL has been removed from the site and a similar page has been created on the latter URL and we need to make sure any traffic is directed to the new page.
Thanks!!
RewriteRule ^old/URL/path$ http://example.com/new/path [R=301,L]
To redirect from oldsite.com to newsite.com you can use the following redirect in /oldsite/.htaccess
Redirect 301 / http://newsite.com/
Redirecting one domain to another domain is very much easier than before only if you are well familiar with CMSs like WordPress. There are plenty of redirect plug-ins available in WordPress that make our efforts easier and quicker.
301 redirection must be done if you have made any changes to the older URL and it will give link juices without losing its ranking, backlinks, and all others.
You need not worry about anything. Redirect your older one to new one. Then Google webmaster tool will give a report if your new site causes crawling errors. Hope it'd be helpful.

codeigniter custom 500 error

At this very moment I do not have any 500 error being thrown, but in case I ever do in the future I'm trying to customize a page so users never see that awful white screen.
I am having trouble adding said page. I have the page made and a controller that loads the page, but when I try and route the page in the route file or route it using .htaccess I'm still getting that white screen.
This is what I have tried in my route file
$route['500_override'] = 'notFoundErrorPage/serverError';
and then this is what I have tried in my .htaccess
ErrorDocument 500 http://writeyourfiction.com/NotFoundErrorPage/serverError
any help would be wonderful!
CodeIgniter does not have any custom error handlers aside from 404_override, so using one for any other HTTP code will be fruitless.
Apache has custom error pages as you've already attempted, but there are a couple of things to note that may be affecting your results:
1: A local URL begins with a /
A local URL to redirect to (if the action begins with a "/").
2: Specifying in an .htaccess may require additional configuration:
It may be used in .htaccess files if AllowOverride is set to FileInfo.
If you seek additional help, either here or elsewhere, please provide more information about your server environment: operating system, web server (e.g. Apache) and version, any relevant add-ons or modifications you may have made, etc.
It depends on the server software you are using. If you are using Apache, see here: http://httpd.apache.org/docs/2.2/custom-error.html
If you aren't using apache, google "[webserver software] custom 500 page".
If you're still having trouble, try asking on serverfault.com.

Magento and urlencoded urls

I have some links in google like this:
/%3Fcat%3D9%26dir%3Dasc%26limit%3D10%26mode%3Dlist%26order%3Dprice
which equals this link (urldecoded):
/?cat=5&dir=desc&order=price&p=2
If we go by url http://my-shop.com/%3Fcat%3D9%26dir%3Dasc%26limit%3D10%26mode%3Dlist%26order%3Dprice, then Magento shows us 404 error
How can i get Magento redirect those bad urls to their respective urldecoded correct urls?
Magento version 1.7.0.2
Thanks for your time
The problem is the url, not the redirect. I hope this is clear? You have to remove this urls from your shop and from google.
After that, I don't think, there is a good way to do this, because you try to fix an uncommon error.
The magento way might be adding rules to the htaccess or adding the rule to the Magento internal rewrite table, but both solutions don't handle generic rules or regex, which solves this (with the htaccess I'm not sure).
So, I would fix the "bad url creation" problem and hack the index.php at the beginning, check wether such an url is requested, decode it and redirect to the page, die();

Magento SSL links not given out from Magento functions

Im having an issue with SSL links in Magento.
I have SSL setup and working...all usual settings.
When i view the source of a page, i can still see HTTP links...and this is invalidating the SSL.
The urls in question (relating to currnecy, store switcher, navigation) are all given out by Magento functions. Such as:
getCategoryUrl();
getSwitchCurrencyUrl();
Does anyone know what may be wrong...is their something i may have missed?
Need any more info, pls let me know...
thanks
Shaun
This is a good thing in the fact that it 'help' prevent search engine from seeing links to your catalog and product page as also been https (causing duplicate content). Also to my knowledge, only if you have resources (images, css, js) it will affect (invalidate) your ssl (because of browser cookies). If you view source on a page with ssl magento will automatically convert those resources to https

Magento: ?___SID=U appearing in some urls

Can someone please explain why ?___SID=U is appearing in some Magento URLs on my site and not others?
I think it has something to do with sessions but I am not entirely clear. Also, what makes it more confusing is the fact that it's only appearing in some URLs and not others.
I don't need to know how to remove it as I am aware of the setting in the admin area. I would really like an explanation of what it is, what its purpose is and why it would show on some pages and not others. id rather understand what's going on fully than blindly follow some advice as to how to remove it.
I addition to Brendan's answer, the ___SID=U is used in the cache as a placeholder for the session ID. It is replaced by Mage_Core_Model_Url::sessionUrlVar() which in turn calls Mage_Core_Model_Url::sessionVarCallback(). These methods are called from Mage_Core_Block_Abstract::_afterCacheUrl(), which means that any URL found in block output will contain the correct session ID (if needed).
So to get rid of the parameter in your own code the "right way" use this:
$url = Mage::getUrl('some/magento/route'); // might append ___SID parameter
$url = Mage::getModel('core/url')->sessionUrlVar($url); // process ___SID
If the string still displays in the rendered page that is a bug. Are you using some custom caching module, or generating URL's using a non-standard way?
The SID is a "session ID". Magento uses this to track a user's activity within the same Magento installation. Normally, Magento powers one website and one store from one installation (database).
Magento could power multiple websites with multiple stores from one installation though. The SID allows users to stay logged in while navigating across these websites/stores.
I think if you have the function enabled, the SID is sent when accessing catalog URLs so Magento can update the session with the user's location/state for the current website/store.
If you're not running a multi-website or multi-store environment, it's safe to disable the SID on the frontend.
Just something i come across today and though i make a comment, maybe it will help someone.
I found that Magento will format/create an incorrect product url (inc. Session Id) if there were some errors during processing the page. This is not consistent though.
It worth having a look at your server logs for PHP errors.
This is a general Magento 2 bug which is already reported to magento.
Temporary fix is
Go to Document Root,
Find .htaccess and add
RewriteCond %{HTTP_HOST} ^abc.com
RewriteRule ^(.*) www.abc.com/$1 [L,R=301]
below.
This should solve the issue. For me this work in M2.1
All the best.
Reference : https://github.com/magento/magento2/issues/5517
I hunted for hours to find this and the precise answer was a combination of the other answers listed here. First, I cranked up my PHP error reporting and error logging (thanks Gergely Varga). I saw this:
PHP Fatal error: Call to undefined function mb_strrpos() in /var/www/html/app/code/local/ManaPro/FilterAjax/Model/Observer.php on line 59
So, one of our installed extensions requires the php-mbstring package, which my server didn't have installed. As soon as I installed that, the SID=U URLs all disappeared. (In future I'll be running Magento's pre-install checks before copying an existing install over to a new server!)
Thanks to Vinai too for the background of what this tag is for.
Go to Store > Configuration > General > Web > Session Validation Settings > Use SID on Storefrontand and set the value to No.
Clear the Magento cache

Resources